diff --git a/i18n/ar/about.md b/i18n/ar/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/ar/about.md
+++ b/i18n/ar/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/ar/about/contributors.md b/i18n/ar/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/ar/about/contributors.md
+++ b/i18n/ar/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/ar/about/criteria.md b/i18n/ar/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/ar/about/criteria.md
+++ b/i18n/ar/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/ar/about/executive-policy.md b/i18n/ar/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/ar/about/executive-policy.md
+++ b/i18n/ar/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/ar/about/notices.md b/i18n/ar/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/ar/about/notices.md
+++ b/i18n/ar/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/ar/about/privacytools.md b/i18n/ar/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/ar/about/privacytools.md
+++ b/i18n/ar/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/ar/about/statistics.md b/i18n/ar/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/ar/about/statistics.md
+++ b/i18n/ar/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/ar/advanced/communication-network-types.md b/i18n/ar/advanced/communication-network-types.md
index b4dd5552..fc77fe4d 100644
--- a/i18n/ar/advanced/communication-network-types.md
+++ b/i18n/ar/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/ar/advanced/dns-overview.md b/i18n/ar/advanced/dns-overview.md
index d84d4eda..7d984b58 100644
--- a/i18n/ar/advanced/dns-overview.md
+++ b/i18n/ar/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/ar/advanced/tor-overview.md b/i18n/ar/advanced/tor-overview.md
index 058c9fd5..00aec17c 100644
--- a/i18n/ar/advanced/tor-overview.md
+++ b/i18n/ar/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/ar/ai-chat.md b/i18n/ar/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/ar/ai-chat.md
+++ b/i18n/ar/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/ar/alternative-networks.md b/i18n/ar/alternative-networks.md
index 261ec416..37c68131 100644
--- a/i18n/ar/alternative-networks.md
+++ b/i18n/ar/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/ar/android/general-apps.md b/i18n/ar/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/ar/android/general-apps.md
+++ b/i18n/ar/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/ar/basics/account-creation.md b/i18n/ar/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/ar/basics/account-creation.md
+++ b/i18n/ar/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/ar/basics/account-deletion.md b/i18n/ar/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/ar/basics/account-deletion.md
+++ b/i18n/ar/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/ar/basics/common-misconceptions.md b/i18n/ar/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/ar/basics/common-misconceptions.md
+++ b/i18n/ar/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ar/basics/common-threats.md b/i18n/ar/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/ar/basics/common-threats.md
+++ b/i18n/ar/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/ar/basics/email-security.md b/i18n/ar/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/ar/basics/email-security.md
+++ b/i18n/ar/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/ar/basics/hardware.md b/i18n/ar/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/ar/basics/hardware.md
+++ b/i18n/ar/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/ar/basics/multi-factor-authentication.md b/i18n/ar/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/ar/basics/multi-factor-authentication.md
+++ b/i18n/ar/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/ar/basics/passwords-overview.md b/i18n/ar/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/ar/basics/passwords-overview.md
+++ b/i18n/ar/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/ar/basics/threat-modeling.md b/i18n/ar/basics/threat-modeling.md
index 0e42bb5f..ebfd1713 100644
--- a/i18n/ar/basics/threat-modeling.md
+++ b/i18n/ar/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/ar/browser-extensions.md b/i18n/ar/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/ar/browser-extensions.md
+++ b/i18n/ar/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/ar/calendar.md b/i18n/ar/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/ar/calendar.md
+++ b/i18n/ar/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/ar/cloud.md b/i18n/ar/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/ar/cloud.md
+++ b/i18n/ar/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/ar/cryptocurrency.md b/i18n/ar/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/ar/cryptocurrency.md
+++ b/i18n/ar/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/ar/data-broker-removals.md b/i18n/ar/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/ar/data-broker-removals.md
+++ b/i18n/ar/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/ar/desktop-browsers.md b/i18n/ar/desktop-browsers.md
index b6664d6f..07f79a14 100644
--- a/i18n/ar/desktop-browsers.md
+++ b/i18n/ar/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/ar/desktop.md b/i18n/ar/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/ar/desktop.md
+++ b/i18n/ar/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/ar/device-integrity.md b/i18n/ar/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/ar/device-integrity.md
+++ b/i18n/ar/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/ar/dns.md b/i18n/ar/dns.md
index 9aecd014..9cfeebee 100644
--- a/i18n/ar/dns.md
+++ b/i18n/ar/dns.md
@@ -75,7 +75,7 @@ These are our favorite public DNS resolvers based on their privacy and security
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### كنترول دي
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/ar/document-collaboration.md b/i18n/ar/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/ar/document-collaboration.md
+++ b/i18n/ar/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/ar/email-aliasing.md b/i18n/ar/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/ar/email-aliasing.md
+++ b/i18n/ar/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/ar/email.md b/i18n/ar/email.md
index c02a76ac..a5714781 100644
--- a/i18n/ar/email.md
+++ b/i18n/ar/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=left }
-**بريد بروتون** هو خدمة بُرُد إلكترونية تركِّز في الخصوصية والتعمية والأمن واليسر. They have been in operation since 2013. ومقرُّ بروتون أيجي في جنيف في سويسرا. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**بريد بروتون** هو خدمة بُرُد إلكترونية تركِّز في الخصوصية والتعمية والأمن واليسر. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail has internal crash reports that are **not** shared with third partie
#### :material-check:{ .pg-green } أمن الحساب
-يدعم بريد بروتون [الاستيثاق بخطوتين عبر](https://proton.me/support/two-factor-authentication-2fa) «كلمة المرور لمرة واحدة حسب الوقت (TOTP)» [ومفاتيح أمن العتاد](https://proton.me/support/2fa-security-key) وفق معيارَي FIDO2 و U2F. ويتطلَّب استخدام مفاتيح أمن العتاد إعداد الاستيثاق بخطوتين عبر كلمة المرور لمرة واحدة حسب الوقت.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } أمن البيانات
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } وظائف إضافية
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
ليس عند بريد بروتون ميزة الإرث الرقميِّ.
@@ -127,7 +127,7 @@ Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimite
{ align=left }
-**Mailbox.org** هو خدمة بريد إلكترونيٍّ تركِّز على الأمن والخلوِّ من الإعلانات، وهي تستلم طاقتها من مصادر خاصَّة ١٠٠٪ صديقة للبيئة. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** هو خدمة بريد إلكترونيٍّ تركِّز على الأمن والخلوِّ من الإعلانات، وهي تستلم طاقتها من مصادر خاصَّة ١٠٠٪ صديقة للبيئة. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } سُبُل الدفع الخاصَّة
-لا تقبل Mailbox.org الدفع باستخدام العملات المعمَّاة، وسبب ذلك أن معالج دفعهم، بِتبَي، علَّق عملياته في ألمانيا. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+لا تقبل Mailbox.org الدفع باستخدام العملات المعمَّاة، وسبب ذلك أن معالج دفعهم، بِتبَي، علَّق عملياته في ألمانيا. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } أمن الحساب
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). بعض معايير الوِب مثل [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ليست مدعومةً بعد.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). بعض معايير الوِب مثل [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ليست مدعومةً بعد.
#### :material-information-outline:{ .pg-blue } أمن البيانات
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } وظائف إضافية
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). ولكن لا يمكن الوصول لواجهة موقعهم باستخدام خدمة .onion، وقد تواجه أخطاء شهادة TLS.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. تدعم Mailbox.org [إكستشينج-أكتفسنك](https://en.wikipedia.org/wiki/Exchange_ActiveSync)، وكذلك تدعم معايير الوصول القياسية مثل IMAP و POP3.
@@ -195,7 +195,7 @@ All accounts come with limited cloud storage that [can be encrypted](https://kb.
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } سُبُل الدفع الخاصَّة
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } أمن الحساب
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } أمن البيانات
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/ar/encryption.md b/i18n/ar/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/ar/encryption.md
+++ b/i18n/ar/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/ar/file-sharing.md b/i18n/ar/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/ar/file-sharing.md
+++ b/i18n/ar/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/ar/frontends.md b/i18n/ar/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/ar/frontends.md
+++ b/i18n/ar/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/ar/index.md b/i18n/ar/index.md
index 91cf67d4..1af2d94e 100644
--- a/i18n/ar/index.md
+++ b/i18n/ar/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. ومقرُّ بروتون أيجي في جنيف في سويسرا. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/ar/meta/brand.md b/i18n/ar/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/ar/meta/brand.md
+++ b/i18n/ar/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/ar/meta/translations.md b/i18n/ar/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/ar/meta/translations.md
+++ b/i18n/ar/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/ar/meta/uploading-images.md b/i18n/ar/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/ar/meta/uploading-images.md
+++ b/i18n/ar/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/ar/meta/writing-style.md b/i18n/ar/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/ar/meta/writing-style.md
+++ b/i18n/ar/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/ar/mobile-browsers.md b/i18n/ar/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/ar/mobile-browsers.md
+++ b/i18n/ar/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/ar/multi-factor-authentication.md b/i18n/ar/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/ar/multi-factor-authentication.md
+++ b/i18n/ar/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/ar/notebooks.md b/i18n/ar/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/ar/notebooks.md
+++ b/i18n/ar/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/ar/os/android-overview.md b/i18n/ar/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/ar/os/android-overview.md
+++ b/i18n/ar/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/ar/os/ios-overview.md b/i18n/ar/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/ar/os/ios-overview.md
+++ b/i18n/ar/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/ar/os/linux-overview.md b/i18n/ar/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/ar/os/linux-overview.md
+++ b/i18n/ar/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/ar/os/macos-overview.md b/i18n/ar/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/ar/os/macos-overview.md
+++ b/i18n/ar/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/ar/os/windows/group-policies.md b/i18n/ar/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/ar/os/windows/group-policies.md
+++ b/i18n/ar/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/ar/os/windows/index.md b/i18n/ar/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/ar/os/windows/index.md
+++ b/i18n/ar/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/ar/passwords.md b/i18n/ar/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/ar/passwords.md
+++ b/i18n/ar/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/ar/photo-management.md b/i18n/ar/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/ar/photo-management.md
+++ b/i18n/ar/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/ar/real-time-communication.md b/i18n/ar/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/ar/real-time-communication.md
+++ b/i18n/ar/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/ar/router.md b/i18n/ar/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/ar/router.md
+++ b/i18n/ar/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/ar/security-keys.md b/i18n/ar/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/ar/security-keys.md
+++ b/i18n/ar/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/ar/tools.md b/i18n/ar/tools.md
index cb137da2..0a68b7b3 100644
--- a/i18n/ar/tools.md
+++ b/i18n/ar/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. ومقرُّ بروتون أيجي في جنيف في سويسرا. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. وهم يعملون منذ ٢٠١٤. ومقرُّهم في برلين في ألمانيا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/ar/tor.md b/i18n/ar/tor.md
index 9e932d6f..c9f82f5e 100644
--- a/i18n/ar/tor.md
+++ b/i18n/ar/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## متصفِّح تور
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-بإمكان أربوت التوسُّط لتطبيقات معيَّنة حال دعمها توسُّط SOCKS أو HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+بإمكان أربوت التوسُّط لتطبيقات معيَّنة حال دعمها توسُّط SOCKS أو HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
غالبًا ما تجد إصدار أربوت قديمًا في مستودع [إف-درويد](https://guardianproject.info/fdroid) لمشروع جارديَن [ومتجر بلاي](https://play.google.com/store/apps/details?id=org.torproject.android)، فربما من الأفضل أن تنزِّله من [مستودع جتهب](https://github.com/guardianproject/orbot/releases) مباشرةً.
-كلُّ الإصدارات وُقِّع عليها بنفس التوقيع، لذلك تتوافق.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/ar/vpn.md b/i18n/ar/vpn.md
index 78f0f71a..7939667a 100644
--- a/i18n/ar/vpn.md
+++ b/i18n/ar/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "خِدْمَات شبكة خاصة افتراضية"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. اعثر على مزود للخدمة هنا ليس يريد التجسس عليك.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### ملفاد
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/bn-IN/about.md b/i18n/bn-IN/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/bn-IN/about.md
+++ b/i18n/bn-IN/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/bn-IN/about/contributors.md b/i18n/bn-IN/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/bn-IN/about/contributors.md
+++ b/i18n/bn-IN/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/bn-IN/about/criteria.md b/i18n/bn-IN/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/bn-IN/about/criteria.md
+++ b/i18n/bn-IN/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/bn-IN/about/executive-policy.md b/i18n/bn-IN/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/bn-IN/about/executive-policy.md
+++ b/i18n/bn-IN/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/bn-IN/about/notices.md b/i18n/bn-IN/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/bn-IN/about/notices.md
+++ b/i18n/bn-IN/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/bn-IN/about/privacytools.md b/i18n/bn-IN/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/bn-IN/about/privacytools.md
+++ b/i18n/bn-IN/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/bn-IN/about/statistics.md b/i18n/bn-IN/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/bn-IN/about/statistics.md
+++ b/i18n/bn-IN/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/bn-IN/advanced/communication-network-types.md b/i18n/bn-IN/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/bn-IN/advanced/communication-network-types.md
+++ b/i18n/bn-IN/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/bn-IN/advanced/dns-overview.md b/i18n/bn-IN/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/bn-IN/advanced/dns-overview.md
+++ b/i18n/bn-IN/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/bn-IN/advanced/tor-overview.md b/i18n/bn-IN/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/bn-IN/advanced/tor-overview.md
+++ b/i18n/bn-IN/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/bn-IN/ai-chat.md b/i18n/bn-IN/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/bn-IN/ai-chat.md
+++ b/i18n/bn-IN/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/bn-IN/alternative-networks.md b/i18n/bn-IN/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/bn-IN/alternative-networks.md
+++ b/i18n/bn-IN/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/bn-IN/android/general-apps.md b/i18n/bn-IN/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/bn-IN/android/general-apps.md
+++ b/i18n/bn-IN/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/bn-IN/basics/account-creation.md b/i18n/bn-IN/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/bn-IN/basics/account-creation.md
+++ b/i18n/bn-IN/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/bn-IN/basics/account-deletion.md b/i18n/bn-IN/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/bn-IN/basics/account-deletion.md
+++ b/i18n/bn-IN/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/bn-IN/basics/common-misconceptions.md b/i18n/bn-IN/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/bn-IN/basics/common-misconceptions.md
+++ b/i18n/bn-IN/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/bn-IN/basics/common-threats.md b/i18n/bn-IN/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/bn-IN/basics/common-threats.md
+++ b/i18n/bn-IN/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/bn-IN/basics/email-security.md b/i18n/bn-IN/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/bn-IN/basics/email-security.md
+++ b/i18n/bn-IN/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/bn-IN/basics/hardware.md b/i18n/bn-IN/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/bn-IN/basics/hardware.md
+++ b/i18n/bn-IN/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/bn-IN/basics/multi-factor-authentication.md b/i18n/bn-IN/basics/multi-factor-authentication.md
index 37d39223..d3903d2c 100644
--- a/i18n/bn-IN/basics/multi-factor-authentication.md
+++ b/i18n/bn-IN/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
সাধারণত, যদি কোনো হ্যাকার (বা শত্রু) আপনার পাসওয়ার্ড ডিক্রিপ্ট করতে সক্ষম হয় তাহলে তারা যে অ্যাকাউন্টে ওই পাসওয়ার্ড আছে সেটিতে প্রবেশ করতে সক্ষম হবে। MFA আছে এমন একটি অ্যাকাউন্ট-এর ক্ষেত্রে হ্যাকারকে পাসওয়ার্ড ( যা আপনি *জানেন*) এবং আপনার মালিকানাধীন একটি ডিভাইস (যা আপনার *কাছে আছে*), যেমন আপনার ফোন,উভয়ই থাকলে তবে হ্যাকার হ্যাক করতে সক্ষম হবে।
@@ -26,7 +26,7 @@ MFA পদ্ধতিগুলির নিরাপত্তা বিভি
### সময়-সাপেক্ষ ওয়ান-টাইম পাসওয়ার্ড (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. শেয়ার্ড সিক্রেট অথেনটিকেশন অ্যাপের ভিতরে সুরক্ষিত থাকে এবং কখনও কখনও পাসওয়ার্ড দ্বারা সুরক্ষিত থাকে।
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
সময়-সাপেক্ষ কোড তারপর শেয়ার্ড সিক্রেট এবং সময় থেকে জেনারেট হয়। As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/bn-IN/basics/passwords-overview.md b/i18n/bn-IN/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/bn-IN/basics/passwords-overview.md
+++ b/i18n/bn-IN/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/bn-IN/basics/threat-modeling.md b/i18n/bn-IN/basics/threat-modeling.md
index e3c7e0e0..860d4c81 100644
--- a/i18n/bn-IN/basics/threat-modeling.md
+++ b/i18n/bn-IN/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/bn-IN/browser-extensions.md b/i18n/bn-IN/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/bn-IN/browser-extensions.md
+++ b/i18n/bn-IN/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/bn-IN/calendar.md b/i18n/bn-IN/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/bn-IN/calendar.md
+++ b/i18n/bn-IN/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/bn-IN/cloud.md b/i18n/bn-IN/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/bn-IN/cloud.md
+++ b/i18n/bn-IN/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/bn-IN/cryptocurrency.md b/i18n/bn-IN/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/bn-IN/cryptocurrency.md
+++ b/i18n/bn-IN/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/bn-IN/data-broker-removals.md b/i18n/bn-IN/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/bn-IN/data-broker-removals.md
+++ b/i18n/bn-IN/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/bn-IN/desktop-browsers.md b/i18n/bn-IN/desktop-browsers.md
index 82821366..ee50038a 100644
--- a/i18n/bn-IN/desktop-browsers.md
+++ b/i18n/bn-IN/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/bn-IN/desktop.md b/i18n/bn-IN/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/bn-IN/desktop.md
+++ b/i18n/bn-IN/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/bn-IN/device-integrity.md b/i18n/bn-IN/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/bn-IN/device-integrity.md
+++ b/i18n/bn-IN/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/bn-IN/dns.md b/i18n/bn-IN/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/bn-IN/dns.md
+++ b/i18n/bn-IN/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/bn-IN/document-collaboration.md b/i18n/bn-IN/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/bn-IN/document-collaboration.md
+++ b/i18n/bn-IN/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/bn-IN/email-aliasing.md b/i18n/bn-IN/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/bn-IN/email-aliasing.md
+++ b/i18n/bn-IN/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/bn-IN/email.md b/i18n/bn-IN/email.md
index 0eba0be3..8b57a816 100644
--- a/i18n/bn-IN/email.md
+++ b/i18n/bn-IN/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/bn-IN/encryption.md b/i18n/bn-IN/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/bn-IN/encryption.md
+++ b/i18n/bn-IN/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/bn-IN/file-sharing.md b/i18n/bn-IN/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/bn-IN/file-sharing.md
+++ b/i18n/bn-IN/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/bn-IN/frontends.md b/i18n/bn-IN/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/bn-IN/frontends.md
+++ b/i18n/bn-IN/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/bn-IN/index.md b/i18n/bn-IN/index.md
index 24891736..d3fe4a59 100644
--- a/i18n/bn-IN/index.md
+++ b/i18n/bn-IN/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/bn-IN/meta/brand.md b/i18n/bn-IN/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/bn-IN/meta/brand.md
+++ b/i18n/bn-IN/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/bn-IN/meta/translations.md b/i18n/bn-IN/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/bn-IN/meta/translations.md
+++ b/i18n/bn-IN/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/bn-IN/meta/uploading-images.md b/i18n/bn-IN/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/bn-IN/meta/uploading-images.md
+++ b/i18n/bn-IN/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/bn-IN/meta/writing-style.md b/i18n/bn-IN/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/bn-IN/meta/writing-style.md
+++ b/i18n/bn-IN/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/bn-IN/mobile-browsers.md b/i18n/bn-IN/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/bn-IN/mobile-browsers.md
+++ b/i18n/bn-IN/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/bn-IN/multi-factor-authentication.md b/i18n/bn-IN/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/bn-IN/multi-factor-authentication.md
+++ b/i18n/bn-IN/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/bn-IN/notebooks.md b/i18n/bn-IN/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/bn-IN/notebooks.md
+++ b/i18n/bn-IN/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/bn-IN/os/android-overview.md b/i18n/bn-IN/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/bn-IN/os/android-overview.md
+++ b/i18n/bn-IN/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/bn-IN/os/ios-overview.md b/i18n/bn-IN/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/bn-IN/os/ios-overview.md
+++ b/i18n/bn-IN/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/bn-IN/os/linux-overview.md b/i18n/bn-IN/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/bn-IN/os/linux-overview.md
+++ b/i18n/bn-IN/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/bn-IN/os/macos-overview.md b/i18n/bn-IN/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/bn-IN/os/macos-overview.md
+++ b/i18n/bn-IN/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/bn-IN/os/windows/group-policies.md b/i18n/bn-IN/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/bn-IN/os/windows/group-policies.md
+++ b/i18n/bn-IN/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/bn-IN/os/windows/index.md b/i18n/bn-IN/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/bn-IN/os/windows/index.md
+++ b/i18n/bn-IN/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/bn-IN/passwords.md b/i18n/bn-IN/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/bn-IN/passwords.md
+++ b/i18n/bn-IN/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/bn-IN/photo-management.md b/i18n/bn-IN/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/bn-IN/photo-management.md
+++ b/i18n/bn-IN/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/bn-IN/real-time-communication.md b/i18n/bn-IN/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/bn-IN/real-time-communication.md
+++ b/i18n/bn-IN/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/bn-IN/router.md b/i18n/bn-IN/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/bn-IN/router.md
+++ b/i18n/bn-IN/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/bn-IN/security-keys.md b/i18n/bn-IN/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/bn-IN/security-keys.md
+++ b/i18n/bn-IN/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/bn-IN/tools.md b/i18n/bn-IN/tools.md
index 44dd5a59..48348f9b 100644
--- a/i18n/bn-IN/tools.md
+++ b/i18n/bn-IN/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/bn-IN/tor.md b/i18n/bn-IN/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/bn-IN/tor.md
+++ b/i18n/bn-IN/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/bn-IN/vpn.md b/i18n/bn-IN/vpn.md
index 90a4e5e4..1b68ee82 100644
--- a/i18n/bn-IN/vpn.md
+++ b/i18n/bn-IN/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/bn/about.md b/i18n/bn/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/bn/about.md
+++ b/i18n/bn/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/bn/about/contributors.md b/i18n/bn/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/bn/about/contributors.md
+++ b/i18n/bn/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/bn/about/criteria.md b/i18n/bn/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/bn/about/criteria.md
+++ b/i18n/bn/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/bn/about/executive-policy.md b/i18n/bn/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/bn/about/executive-policy.md
+++ b/i18n/bn/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/bn/about/notices.md b/i18n/bn/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/bn/about/notices.md
+++ b/i18n/bn/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/bn/about/privacytools.md b/i18n/bn/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/bn/about/privacytools.md
+++ b/i18n/bn/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/bn/about/statistics.md b/i18n/bn/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/bn/about/statistics.md
+++ b/i18n/bn/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/bn/advanced/communication-network-types.md b/i18n/bn/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/bn/advanced/communication-network-types.md
+++ b/i18n/bn/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/bn/advanced/dns-overview.md b/i18n/bn/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/bn/advanced/dns-overview.md
+++ b/i18n/bn/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/bn/advanced/tor-overview.md b/i18n/bn/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/bn/advanced/tor-overview.md
+++ b/i18n/bn/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/bn/ai-chat.md b/i18n/bn/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/bn/ai-chat.md
+++ b/i18n/bn/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/bn/alternative-networks.md b/i18n/bn/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/bn/alternative-networks.md
+++ b/i18n/bn/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/bn/android/general-apps.md b/i18n/bn/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/bn/android/general-apps.md
+++ b/i18n/bn/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/bn/basics/account-creation.md b/i18n/bn/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/bn/basics/account-creation.md
+++ b/i18n/bn/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/bn/basics/account-deletion.md b/i18n/bn/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/bn/basics/account-deletion.md
+++ b/i18n/bn/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/bn/basics/common-misconceptions.md b/i18n/bn/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/bn/basics/common-misconceptions.md
+++ b/i18n/bn/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/bn/basics/common-threats.md b/i18n/bn/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/bn/basics/common-threats.md
+++ b/i18n/bn/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/bn/basics/email-security.md b/i18n/bn/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/bn/basics/email-security.md
+++ b/i18n/bn/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/bn/basics/hardware.md b/i18n/bn/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/bn/basics/hardware.md
+++ b/i18n/bn/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/bn/basics/multi-factor-authentication.md b/i18n/bn/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/bn/basics/multi-factor-authentication.md
+++ b/i18n/bn/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/bn/basics/passwords-overview.md b/i18n/bn/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/bn/basics/passwords-overview.md
+++ b/i18n/bn/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/bn/basics/threat-modeling.md b/i18n/bn/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/bn/basics/threat-modeling.md
+++ b/i18n/bn/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/bn/browser-extensions.md b/i18n/bn/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/bn/browser-extensions.md
+++ b/i18n/bn/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/bn/calendar.md b/i18n/bn/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/bn/calendar.md
+++ b/i18n/bn/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/bn/cloud.md b/i18n/bn/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/bn/cloud.md
+++ b/i18n/bn/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/bn/cryptocurrency.md b/i18n/bn/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/bn/cryptocurrency.md
+++ b/i18n/bn/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/bn/data-broker-removals.md b/i18n/bn/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/bn/data-broker-removals.md
+++ b/i18n/bn/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/bn/desktop-browsers.md b/i18n/bn/desktop-browsers.md
index 82821366..ee50038a 100644
--- a/i18n/bn/desktop-browsers.md
+++ b/i18n/bn/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/bn/desktop.md b/i18n/bn/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/bn/desktop.md
+++ b/i18n/bn/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/bn/device-integrity.md b/i18n/bn/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/bn/device-integrity.md
+++ b/i18n/bn/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/bn/dns.md b/i18n/bn/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/bn/dns.md
+++ b/i18n/bn/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/bn/document-collaboration.md b/i18n/bn/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/bn/document-collaboration.md
+++ b/i18n/bn/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/bn/email-aliasing.md b/i18n/bn/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/bn/email-aliasing.md
+++ b/i18n/bn/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/bn/email.md b/i18n/bn/email.md
index 0eba0be3..8b57a816 100644
--- a/i18n/bn/email.md
+++ b/i18n/bn/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/bn/encryption.md b/i18n/bn/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/bn/encryption.md
+++ b/i18n/bn/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/bn/file-sharing.md b/i18n/bn/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/bn/file-sharing.md
+++ b/i18n/bn/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/bn/frontends.md b/i18n/bn/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/bn/frontends.md
+++ b/i18n/bn/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/bn/index.md b/i18n/bn/index.md
index 24891736..d3fe4a59 100644
--- a/i18n/bn/index.md
+++ b/i18n/bn/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/bn/meta/brand.md b/i18n/bn/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/bn/meta/brand.md
+++ b/i18n/bn/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/bn/meta/translations.md b/i18n/bn/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/bn/meta/translations.md
+++ b/i18n/bn/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/bn/meta/uploading-images.md b/i18n/bn/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/bn/meta/uploading-images.md
+++ b/i18n/bn/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/bn/meta/writing-style.md b/i18n/bn/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/bn/meta/writing-style.md
+++ b/i18n/bn/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/bn/mobile-browsers.md b/i18n/bn/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/bn/mobile-browsers.md
+++ b/i18n/bn/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/bn/multi-factor-authentication.md b/i18n/bn/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/bn/multi-factor-authentication.md
+++ b/i18n/bn/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/bn/notebooks.md b/i18n/bn/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/bn/notebooks.md
+++ b/i18n/bn/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/bn/os/android-overview.md b/i18n/bn/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/bn/os/android-overview.md
+++ b/i18n/bn/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/bn/os/ios-overview.md b/i18n/bn/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/bn/os/ios-overview.md
+++ b/i18n/bn/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/bn/os/linux-overview.md b/i18n/bn/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/bn/os/linux-overview.md
+++ b/i18n/bn/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/bn/os/macos-overview.md b/i18n/bn/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/bn/os/macos-overview.md
+++ b/i18n/bn/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/bn/os/windows/group-policies.md b/i18n/bn/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/bn/os/windows/group-policies.md
+++ b/i18n/bn/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/bn/os/windows/index.md b/i18n/bn/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/bn/os/windows/index.md
+++ b/i18n/bn/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/bn/passwords.md b/i18n/bn/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/bn/passwords.md
+++ b/i18n/bn/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/bn/photo-management.md b/i18n/bn/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/bn/photo-management.md
+++ b/i18n/bn/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/bn/real-time-communication.md b/i18n/bn/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/bn/real-time-communication.md
+++ b/i18n/bn/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/bn/router.md b/i18n/bn/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/bn/router.md
+++ b/i18n/bn/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/bn/security-keys.md b/i18n/bn/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/bn/security-keys.md
+++ b/i18n/bn/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/bn/tools.md b/i18n/bn/tools.md
index 44dd5a59..48348f9b 100644
--- a/i18n/bn/tools.md
+++ b/i18n/bn/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/bn/tor.md b/i18n/bn/tor.md
index c078aac5..64d5795e 100644
--- a/i18n/bn/tor.md
+++ b/i18n/bn/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/bn/vpn.md b/i18n/bn/vpn.md
index 90a4e5e4..1b68ee82 100644
--- a/i18n/bn/vpn.md
+++ b/i18n/bn/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/cs/about.md b/i18n/cs/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/cs/about.md
+++ b/i18n/cs/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/cs/about/contributors.md b/i18n/cs/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/cs/about/contributors.md
+++ b/i18n/cs/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/cs/about/criteria.md b/i18n/cs/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/cs/about/criteria.md
+++ b/i18n/cs/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/cs/about/executive-policy.md b/i18n/cs/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/cs/about/executive-policy.md
+++ b/i18n/cs/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/cs/about/notices.md b/i18n/cs/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/cs/about/notices.md
+++ b/i18n/cs/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/cs/about/privacytools.md b/i18n/cs/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/cs/about/privacytools.md
+++ b/i18n/cs/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/cs/about/statistics.md b/i18n/cs/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/cs/about/statistics.md
+++ b/i18n/cs/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/cs/advanced/communication-network-types.md b/i18n/cs/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/cs/advanced/communication-network-types.md
+++ b/i18n/cs/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/cs/advanced/dns-overview.md b/i18n/cs/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/cs/advanced/dns-overview.md
+++ b/i18n/cs/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/cs/advanced/tor-overview.md b/i18n/cs/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/cs/advanced/tor-overview.md
+++ b/i18n/cs/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/cs/ai-chat.md b/i18n/cs/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/cs/ai-chat.md
+++ b/i18n/cs/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/cs/alternative-networks.md b/i18n/cs/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/cs/alternative-networks.md
+++ b/i18n/cs/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/cs/android/general-apps.md b/i18n/cs/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/cs/android/general-apps.md
+++ b/i18n/cs/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/cs/basics/account-creation.md b/i18n/cs/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/cs/basics/account-creation.md
+++ b/i18n/cs/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/cs/basics/account-deletion.md b/i18n/cs/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/cs/basics/account-deletion.md
+++ b/i18n/cs/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/cs/basics/common-misconceptions.md b/i18n/cs/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/cs/basics/common-misconceptions.md
+++ b/i18n/cs/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/cs/basics/common-threats.md b/i18n/cs/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/cs/basics/common-threats.md
+++ b/i18n/cs/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/cs/basics/email-security.md b/i18n/cs/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/cs/basics/email-security.md
+++ b/i18n/cs/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/cs/basics/hardware.md b/i18n/cs/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/cs/basics/hardware.md
+++ b/i18n/cs/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/cs/basics/multi-factor-authentication.md b/i18n/cs/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/cs/basics/multi-factor-authentication.md
+++ b/i18n/cs/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/cs/basics/passwords-overview.md b/i18n/cs/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/cs/basics/passwords-overview.md
+++ b/i18n/cs/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/cs/basics/threat-modeling.md b/i18n/cs/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/cs/basics/threat-modeling.md
+++ b/i18n/cs/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/cs/browser-extensions.md b/i18n/cs/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/cs/browser-extensions.md
+++ b/i18n/cs/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/cs/calendar.md b/i18n/cs/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/cs/calendar.md
+++ b/i18n/cs/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/cs/cloud.md b/i18n/cs/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/cs/cloud.md
+++ b/i18n/cs/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/cs/cryptocurrency.md b/i18n/cs/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/cs/cryptocurrency.md
+++ b/i18n/cs/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/cs/data-broker-removals.md b/i18n/cs/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/cs/data-broker-removals.md
+++ b/i18n/cs/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/cs/desktop-browsers.md b/i18n/cs/desktop-browsers.md
index 9ca410f8..2052d54e 100644
--- a/i18n/cs/desktop-browsers.md
+++ b/i18n/cs/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS přes HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/cs/desktop.md b/i18n/cs/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/cs/desktop.md
+++ b/i18n/cs/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/cs/device-integrity.md b/i18n/cs/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/cs/device-integrity.md
+++ b/i18n/cs/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/cs/dns.md b/i18n/cs/dns.md
index 61e8772f..f79bf658 100644
--- a/i18n/cs/dns.md
+++ b/i18n/cs/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/cs/document-collaboration.md b/i18n/cs/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/cs/document-collaboration.md
+++ b/i18n/cs/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/cs/email-aliasing.md b/i18n/cs/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/cs/email-aliasing.md
+++ b/i18n/cs/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/cs/email.md b/i18n/cs/email.md
index 0eba0be3..8b57a816 100644
--- a/i18n/cs/email.md
+++ b/i18n/cs/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/cs/encryption.md b/i18n/cs/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/cs/encryption.md
+++ b/i18n/cs/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/cs/file-sharing.md b/i18n/cs/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/cs/file-sharing.md
+++ b/i18n/cs/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/cs/frontends.md b/i18n/cs/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/cs/frontends.md
+++ b/i18n/cs/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/cs/index.md b/i18n/cs/index.md
index b3d71fd9..cc2373db 100644
--- a/i18n/cs/index.md
+++ b/i18n/cs/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/cs/meta/brand.md b/i18n/cs/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/cs/meta/brand.md
+++ b/i18n/cs/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/cs/meta/translations.md b/i18n/cs/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/cs/meta/translations.md
+++ b/i18n/cs/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/cs/meta/uploading-images.md b/i18n/cs/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/cs/meta/uploading-images.md
+++ b/i18n/cs/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/cs/meta/writing-style.md b/i18n/cs/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/cs/meta/writing-style.md
+++ b/i18n/cs/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/cs/mobile-browsers.md b/i18n/cs/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/cs/mobile-browsers.md
+++ b/i18n/cs/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/cs/multi-factor-authentication.md b/i18n/cs/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/cs/multi-factor-authentication.md
+++ b/i18n/cs/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/cs/notebooks.md b/i18n/cs/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/cs/notebooks.md
+++ b/i18n/cs/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/cs/os/android-overview.md b/i18n/cs/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/cs/os/android-overview.md
+++ b/i18n/cs/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/cs/os/ios-overview.md b/i18n/cs/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/cs/os/ios-overview.md
+++ b/i18n/cs/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/cs/os/linux-overview.md b/i18n/cs/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/cs/os/linux-overview.md
+++ b/i18n/cs/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/cs/os/macos-overview.md b/i18n/cs/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/cs/os/macos-overview.md
+++ b/i18n/cs/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/cs/os/windows/group-policies.md b/i18n/cs/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/cs/os/windows/group-policies.md
+++ b/i18n/cs/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/cs/os/windows/index.md b/i18n/cs/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/cs/os/windows/index.md
+++ b/i18n/cs/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/cs/passwords.md b/i18n/cs/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/cs/passwords.md
+++ b/i18n/cs/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/cs/photo-management.md b/i18n/cs/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/cs/photo-management.md
+++ b/i18n/cs/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/cs/real-time-communication.md b/i18n/cs/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/cs/real-time-communication.md
+++ b/i18n/cs/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/cs/router.md b/i18n/cs/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/cs/router.md
+++ b/i18n/cs/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/cs/security-keys.md b/i18n/cs/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/cs/security-keys.md
+++ b/i18n/cs/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/cs/tools.md b/i18n/cs/tools.md
index 44dd5a59..48348f9b 100644
--- a/i18n/cs/tools.md
+++ b/i18n/cs/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/cs/tor.md b/i18n/cs/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/cs/tor.md
+++ b/i18n/cs/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/cs/vpn.md b/i18n/cs/vpn.md
index 90a4e5e4..1b68ee82 100644
--- a/i18n/cs/vpn.md
+++ b/i18n/cs/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/de/about.md b/i18n/de/about.md
index 5690cd45..f175e880 100644
--- a/i18n/de/about.md
+++ b/i18n/de/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/de/about/contributors.md b/i18n/de/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/de/about/contributors.md
+++ b/i18n/de/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/de/about/criteria.md b/i18n/de/about/criteria.md
index 52619b18..ba1e221b 100644
--- a/i18n/de/about/criteria.md
+++ b/i18n/de/about/criteria.md
@@ -24,7 +24,7 @@ Wir haben diese Anforderungen an Entwickler, die eigene Projekt oder Software zu
- Muss die Zugehörigkeit offenlegen, d.h. deine Position innerhalb des eingereichten Projekts.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Wenn möglich, gib bitte an, wer die Prüfung durchführen wird.
- Muss erklären, was das Projekt im Hinblick auf den Schutz der Privatsphäre bietet.
diff --git a/i18n/de/about/executive-policy.md b/i18n/de/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/de/about/executive-policy.md
+++ b/i18n/de/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/de/about/notices.md b/i18n/de/about/notices.md
index 267e7c84..534c001f 100644
--- a/i18n/de/about/notices.md
+++ b/i18n/de/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/de/about/privacytools.md b/i18n/de/about/privacytools.md
index df0f7036..b7c00651 100644
--- a/i18n/de/about/privacytools.md
+++ b/i18n/de/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Kontrolle über r/privacytoolsIO
-Gleichzeitig mit den anhaltenden Problemen mit der Website privacytools.io stand das Moderationsteam von r/privacytoolsIO vor Herausforderungen bei der Verwaltung des Subreddits. Das Subreddit wurde schon immer weitgehend unabhängig von der Entwicklung der Website betrieben, aber BurungHantu war auch der Hauptmoderator des Subreddits, und er war der einzige Moderator, der über die "volle Kontrolle" verfügte. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit verlangt, dass Subreddits aktive Moderatoren haben. Wenn der Hauptmoderator über einen längeren Zeitraum (z. B. ein Jahr) inaktiv ist, kann der Posten des Hauptmoderators an den nächsten Moderator in der Reihe vergeben werden. Damit diesem Antrag stattgegeben werden konnte, musste BurungHantu über einen längeren Zeitraum hinweg vollständig von allen Reddit-Aktivitäten abwesend sein, was seinem Verhalten auf anderen Plattformen entsprach.
+Reddit requires that Subreddits have active moderators. Wenn der Hauptmoderator über einen längeren Zeitraum (z. B. ein Jahr) inaktiv ist, kann der Posten des Hauptmoderators an den nächsten Moderator in der Reihe vergeben werden. Damit diesem Antrag stattgegeben werden konnte, musste BurungHantu über einen längeren Zeitraum hinweg vollständig von allen Reddit-Aktivitäten abwesend sein, was seinem Verhalten auf anderen Plattformen entsprach.
> Wenn du als Moderator aus einem Subreddit über eine Reddit-Anfrage entfernt wurdest, liegt das daran, dass deine mangelnde Reaktion und fehlende Aktivität das Subreddit für eine r/redditrequest-Übertragung qualifiziert hat.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Die Archivierung des Source Codes auf GitHub, um unsere bisherige Arbeit und den Issue Tracker zu bewahren, den wir für die zukünftige Entwicklung dieser Seite monatelang weiter nutzten.
-- Die Veröffentlichung von Ankündigungen in unserem Subreddit und verschiedenen anderen Communities, um die Leute über die offizielle Änderung zu informieren.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Die offizielle Schließung von privacytools.io-Diensten wie Matrix und Mastodon und die Bitte an bestehende Nutzer, so bald wie möglich zu migrieren.
Die Dinge schienen reibungslos zu verlaufen, und die meisten unserer aktiven Mitglieder wechselten genau wie erhofft zu unserem neuen Projekt.
@@ -66,11 +66,11 @@ Etwa eine Woche nach der Umstellung war BurungHantu zum ersten Mal seit fast ein
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Wir haben uns dazu bereit erklärt und ihn gebeten, die Subdomains für Matrix, Mastodon und PeerTube zumindest für ein paar Monate als öffentlichen Service für unsere Community aktiv zu halten, damit die Nutzer dieser Plattformen problemlos auf andere Accounts umsteigen können. Aufgrund des föderalen Charakters der von uns angebotenen Dienste waren diese an bestimmte Domainnamen gebunden, was eine Migration sehr schwierig (und in einigen Fällen unmöglich) machte.
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Daraufhin erhob BurungHantu falsche Anschuldigungen, wonach Jonah Spendengelder für das Projekt gestohlen haben soll. BurungHantu hatte mehr als ein Jahr Zeit, den angeblichen Vorfall zu melden, und dennoch hat er erst nach der Migration von Privacy Guides jemanden darauf aufmerksam gemacht. BurungHantu wurde vom Team und [der Community](https://twitter.com/TommyTran732/status/1526153536962281474) wiederholt um Beweise und eine Stellungnahme zu den Gründen für sein Schweigen gebeten, doch er hat sich nicht dazu geäußert.
-BurungHantu veröffentlichte zudem einen [Twitter-Beitrag](https://twitter.com/privacytoolsIO/status/1510560676967710728), in dem er behauptete, ein "Anwalt" habe ihn auf Twitter kontaktiert und berate ihn. Dies war ein weiterer Versuch, uns einzuschüchtern, damit wir ihm die Kontrolle über unser Subreddit überlassen, und Teil seiner Verleumdungskampagne, die darauf abzielte, die Einführung von Privacy Guides zu behindern, während er vorgab, ein Opfer zu sein.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io heute
@@ -80,7 +80,7 @@ Seit dem 25. September 2022 sehen wir, wie die Pläne von BurungHantu auf privac
## r/privacytoolsIO heute
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] Das Wachstum dieses Subreddits war das Ergebnis großer Anstrengungen, die das Team von PrivacyGuides.org über mehrere Jahre hinweg unternommen hat. Und jedem einzelnen von euch.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits gehören niemandem, und sie gehören vor allem nicht den Markeninhabern. Sie gehören zu ihren Communities, und die Community und ihre Moderatoren haben die Entscheidung getroffen, den Umzug zu r/PrivacyGuides zu unterstützen.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Vergeltungsmaßnahmen seitens eines Moderators im Zusammenhang mit Entfernungsanträgen sind unzulässig.
-Für eine Community mit vielen Tausend verbleibenden Abonnenten wäre es unserer Meinung nach unglaublich respektlos, die Kontrolle über diese riesige Plattform an die Person zurückzugeben, die sie über ein Jahr lang im Stich gelassen hat und die nun eine Webseite betreibt, die unserer Meinung nach sehr minderwertige Informationen liefert. Es ist uns wichtiger, die jahrelangen Diskussionen in dieser Community zu bewahren, und deshalb haben u/trai_dep und der Rest des Moderationsteams des Subreddits die Entscheidung getroffen, r/privacytoolsIO so zu belassen, wie es ist.
+Für eine Community mit vielen Tausend verbleibenden Abonnenten wäre es unserer Meinung nach unglaublich respektlos, die Kontrolle über diese riesige Plattform an die Person zurückzugeben, die sie über ein Jahr lang im Stich gelassen hat und die nun eine Webseite betreibt, die unserer Meinung nach sehr minderwertige Informationen liefert. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective heute
diff --git a/i18n/de/about/statistics.md b/i18n/de/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/de/about/statistics.md
+++ b/i18n/de/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/de/advanced/communication-network-types.md b/i18n/de/advanced/communication-network-types.md
index 986feb80..bab8d840 100644
--- a/i18n/de/advanced/communication-network-types.md
+++ b/i18n/de/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Wenn sie selbst gehostet werden, können die Mitglieder eines Verbund-Servers di
- Ermöglicht eine bessere Kontrolle über deine eigenen Daten, wenn du deinen eigenen Server betreibst.
- Erlaubt dir auszuwählen, wem du deine Daten anvertraust, indem du zwischen mehreren "öffentlichen" Servern entscheiden kannst.
- Ermöglicht oft den Einsatz von Drittanbieter-Clients, die eine nativere, individuellere oder zugänglichere Erfahrung bieten können.
-- Bei Serversoftware kann überprüft werden, ob sie mit dem öffentlichen Quellcode übereinstimmt; vorausgesetzt, du hast Zugang zum Server oder du vertraust der Person, die Zugang hat (z. B. einem Familienmitglied).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Nachteile:**
@@ -60,7 +60,7 @@ Wenn sie selbst gehostet werden, können die Mitglieder eines Verbund-Servers di
P2P-Messenger stellen eine Verbindung zu einem [verteilten Netzwerk](https://en.wikipedia.org/wiki/Distributed_networking) von Knoten her, um eine Nachricht ohne einen Server von Dritten an die Zielperson weiterzuleiten.
-Die Clients (Peers) finden einander in der Regel über ein [verteiltes Computernetz](https://en.wikipedia.org/wiki/Distributed_computing). Beispiele hierfür sind [verteilte Hashtabellen (DHT)](https://de.wikipedia.org/wiki/Verteilte_Hashtabelle), die z. B. von [Torrents](https://de.wikipedia.org/wiki/BitTorrent) und [IPFS](https://de.wikipedia.org/wiki/InterPlanetary_File_System) verwendet werden. Ein anderer Ansatz sind auf Nähe basierende Netzwerke, bei denen eine Verbindung über WiFi oder Bluetooth hergestellt wird (z. B. Briar oder das Protokoll des sozialen Netzwerks [Scuttlebutt](https://scuttlebutt.nz)).
+Die Clients (Peers) finden einander in der Regel über ein [verteiltes Computernetz](https://en.wikipedia.org/wiki/Distributed_computing). Beispiele hierfür sind [verteilte Hashtabellen (DHT)](https://de.wikipedia.org/wiki/Verteilte_Hashtabelle), die z. B. von [Torrents](https://de.wikipedia.org/wiki/BitTorrent) und [IPFS](https://de.wikipedia.org/wiki/InterPlanetary_File_System) verwendet werden. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Sobald ein Peer über eine dieser Methoden einen Weg zu dem Kontakt gefunden hat, wird eine direkte Verbindung zwischen beiden hergestellt. Obwohl die Nachrichten in der Regel verschlüsselt sind, kann ein Beobachter dennoch den Standort und die Identität von Absender und Empfänger feststellen.
@@ -85,9 +85,9 @@ P2P-Netze verwenden keine Server, da die Peers direkt miteinander kommunizieren
Ein Messenger, der [anonymes Routing](https://doi.org/10.1007/978-1-4419-5906-5_628) verwendet, verbirgt entweder die Identität des Absenders, des Empfängers oder den Nachweis, dass sie miteinander kommuniziert haben. Im Idealfall sollte ein Messenger alle drei verstecken.
-Es gibt [viele](https://doi.org/10.1145/3182658) verschiedene Möglichkeiten, anonymes Routing zu implementieren. Eines der bekanntesten ist das [Onion-Routing](https://de.wikipedia.org/wiki/Onion-Routing) (d. h. [Tor](tor-overview.md)), bei dem verschlüsselte Nachrichten über ein virtuelles [Overlay-Netzwerk](https://en.wikipedia.org/wiki/Overlay_network) übertragen werden, das den Standort jedes Knotens sowie den Empfänger und Absender jeder Nachricht verbirgt. Absender und Empfänger interagieren nie direkt, sondern treffen sich nur über einen geheimen Rendezvous-Knoten, so dass weder IP-Adressen noch physische Standorte bekannt werden. Die Knoten können die Nachrichten nicht entschlüsseln, ebenso wenig wie das endgültige Ziel, nur der Empfänger kann es. Jeder Zwischenknoten kann nur einen Teil entschlüsseln, der angibt, wohin die noch verschlüsselte Nachricht als Nächstes zu senden ist, bis sie beim Empfänger ankommt, der sie vollständig entschlüsseln kann, daher die "Onion Layer" (zu Deutsch: Zwiebelschichten).
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Eines der bekanntesten ist das [Onion-Routing](https://de.wikipedia.org/wiki/Onion-Routing) (d. h. [Tor](tor-overview.md)), bei dem verschlüsselte Nachrichten über ein virtuelles [Overlay-Netzwerk](https://en.wikipedia.org/wiki/Overlay_network) übertragen werden, das den Standort jedes Knotens sowie den Empfänger und Absender jeder Nachricht verbirgt. Absender und Empfänger interagieren nie direkt, sondern treffen sich nur über einen geheimen Rendezvous-Knoten, so dass weder IP-Adressen noch physische Standorte bekannt werden. Die Knoten können die Nachrichten nicht entschlüsseln, ebenso wenig wie das endgültige Ziel, nur der Empfänger kann es. Jeder Zwischenknoten kann nur einen Teil entschlüsseln, der angibt, wohin die noch verschlüsselte Nachricht als Nächstes zu senden ist, bis sie beim Empfänger ankommt, der sie vollständig entschlüsseln kann, daher die "Onion Layer" (zu Deutsch: Zwiebelschichten).
-Das Selbsthosten eines Knotens in einem anonymen Routing-Netz verschafft dem Hoster keine zusätzlichen Vorteile in Bezug auf die Privatsphäre, sondern trägt vielmehr zum Nutzen aller zur Widerstandsfähigkeit des gesamten Netzes gegen Identifizierungsangriffe bei.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Vorteile:**
diff --git a/i18n/de/advanced/dns-overview.md b/i18n/de/advanced/dns-overview.md
index d73a974e..faa77060 100644
--- a/i18n/de/advanced/dns-overview.md
+++ b/i18n/de/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Das Domain Name System ist das "Telefonbuch des Internets" und hilft dem Browser, die gesuchte Webseite zu finden.
---
-Das [Domain Name System](https://de.wikipedia.org/wiki/Domain_Name_System) ist das "Telefonbuch des Internets". DNS übersetzt Domainnamen in IP-Adressen, damit Browser und andere Dienste Internet-Ressourcen über ein dezentrales Netz von Servern laden können.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS übersetzt Domainnamen in IP-Adressen, damit Browser und andere Dienste Internet-Ressourcen über ein dezentrales Netz von Servern laden können.
## Was ist DNS?
@@ -24,7 +24,7 @@ Im Folgenden erörtern wir, was ein außenstehender Beobachter mit Hilfe von nor
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. Wir können dann [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) oder [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) verwenden, um den DNS-Lookup an beide Server zu senden. Software wie Webbrowser führen diese Nachschläge automatisch durch, sofern sie nicht für die Verwendung von verschlüsseltem DNS konfiguriert sind.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software wie Webbrowser führen diese Nachschläge automatisch durch, sofern sie nicht für die Verwendung von verschlüsseltem DNS konfiguriert sind.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Im Folgenden erörtern wir, was ein außenstehender Beobachter mit Hilfe von nor
nslookup privacyguides.org 8.8.8.8
```
-3. Als Nächstes wollen wir die Ergebnisse [analysieren](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs):
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Verschlüsseltes DNS kann sich auf eine Reihe von Protokollen beziehen, die gän
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) war eine der ersten Methoden zur Verschlüsselung von DNS-Anfragen. DNSCrypt arbeitet auf Port 443 und funktioniert mit den Transportprotokollen TCP und UDP. DNSCrypt wurde nie bei der [Internet Engineering Task Force (IETF](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force)), englisch für "Internettechnik-Arbeitsgruppe", eingereicht und hat auch nicht den [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments), englisch für "Anfrage für Kommentare", Prozess durchlaufen, sodass es außerhalb einiger weniger [Implementierungen](https://dnscrypt.info/implementations) nicht weit verbreitet ist. Infolgedessen wurde es weitgehend durch das populärere [DNS über HTTPS](#dns-over-https-doh) ersetzt.
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) war eine der ersten Methoden zur Verschlüsselung von DNS-Anfragen. DNSCrypt arbeitet auf Port 443 und funktioniert mit den Transportprotokollen TCP und UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Infolgedessen wurde es weitgehend durch das populärere [DNS über HTTPS](#dns-over-https-doh) ersetzt.
### DNS über TLS (DoT)
@@ -118,7 +118,7 @@ In diesem Beispiel werden wir aufzeichnen, was passiert, wenn wir eine DoH-Anfra
3. Nach der Anfrage können wir die Paketaufnahme mit STRG + C beenden.
-4. Analysieren Sie die Ergebnisse in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/de/advanced/tor-overview.md b/i18n/de/advanced/tor-overview.md
index 1430de69..51a4d48f 100644
--- a/i18n/de/advanced/tor-overview.md
+++ b/i18n/de/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor funktioniert, indem es deinen Internetverkehr über von Freiwilligen betrieb
Bevor du dich mit Tor verbindest, solltest du dir genau überlegen, was du mit der Nutzung von Tor erreichen willst und vor wem du deine Netzwerkaktivitäten verbergen willst.
-Wenn du in einem freien Land lebst, über Tor auf alltägliche Inhalte zugreifst, dir keine Sorgen darüber machst, dass dein Internetanbieter oder die Administratoren deines lokalen Netzwerks wissen, dass du Tor benutzt und zur [Entstigmatisierung der](https://2019.www.torproject.org/about/torusers.html.en) Tor-Nutzung beitragen willst, kannst du dich wahrscheinlich ohne Bedenken über Standardmittel wie den [Tor Browser](../tor.md) direkt mit Tor verbinden.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
Wenn du die Möglichkeit hast, auf einen vertrauenswürdigen VPN-Anbieter zuzugreifen und **einer der** folgenden Punkte auf dich zutrifft, solltest du dich auf jeden Fall über ein VPN mit Tor verbinden:
diff --git a/i18n/de/ai-chat.md b/i18n/de/ai-chat.md
index e8a27f1d..0ea1a982 100644
--- a/i18n/de/ai-chat.md
+++ b/i18n/de/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Im besten Fall
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Unsere Empfehlungen enthalten möglicherweise keine oder nicht alle dieser Merkmale, aber diejenigen, die sie enthalten, werden möglicherweise höher eingestuft als andere auf dieser Seite.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/de/alternative-networks.md b/i18n/de/alternative-networks.md
index b6cac56e..8d6be055 100644
--- a/i18n/de/alternative-networks.md
+++ b/i18n/de/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/de/android/general-apps.md b/i18n/de/android/general-apps.md
index e7124a80..7d0d9a63 100644
--- a/i18n/de/android/general-apps.md
+++ b/i18n/de/android/general-apps.md
@@ -95,7 +95,7 @@ Zu den wichtigsten Privatsphäre-Funktionen gehören:
Anmerkung
-Metadaten werden derzeit nicht aus Videodateien gelöscht, dies ist jedoch geplant.
+Metadata is not currently deleted from video files, but that is planned.
Die Metadaten zur Bildausrichtung werden nicht gelöscht. Wenn du den Standort (in Secure Camera) aktivierst, wird dieser auch **nicht** gelöscht. Wenn du dies später löschen möchtest, musst du eine externe App wie [ExifEraser](../data-redaction.md#exiferaser-android) verwenden.
diff --git a/i18n/de/basics/account-creation.md b/i18n/de/basics/account-creation.md
index 66120cdb..f2688035 100644
--- a/i18n/de/basics/account-creation.md
+++ b/i18n/de/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Das Anlegen von Online-Konten ist praktisch eine Notwendigkeit für das Internet. Mit diesen Schritten kannst du sicherstellen, dass du privat bleibst.
---
-Oft melden sich Menschen für Dienste an, ohne nachzudenken. Vielleicht ist es ein Streaming-Dienst, mit dem du die neue Serie, über die alle reden, sehen kannst, oder ein Konto, mit dem du einen Rabatt für dein Lieblingsrestaurant bekommst. In jedem Fall solltest du die Auswirkungen auf Ihre Daten jetzt und in Zukunft beachten.
+Oft melden sich Menschen für Dienste an, ohne nachzudenken. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. In jedem Fall solltest du die Auswirkungen auf Ihre Daten jetzt und in Zukunft beachten.
Mit jedem neuen Dienst, den du nutzt, sind Risiken verbunden. Datenlecks, die Weitergabe von Kundeninformationen an Dritte, der Zugriff auf Daten durch unberechtigte Mitarbeiter - all dies sind Möglichkeiten, die bei der Weitergabe deiner Informationen berücksichtigt werden müssen. Du musst sicher sein, dass du dem Dienst vertrauen kannst. Deshalb empfehlen wir, wertvolle Daten nur auf den ausgereiftesten und erprobten Produkten zu speichern. Das bedeutet in der Regel Dienste, die E2EE anbieten und eine kryptographisches Audit durchlaufen haben. Ein Audit erhöht die Sicherheit, dass das Produkt ohne eklatante Sicherheitsprobleme entwickelt wurde, die von einem unerfahrenen Entwickler verursacht wurden.
@@ -13,11 +13,11 @@ Bei einigen Diensten kann es auch schwierig sein, die Konten zu löschen. Manchm
## Nutzungsbedingungen & Datenschutzbestimmungen
-Die Nutzungsbedingungen sind die Regeln, denen du zustimmst, wenn du einen Dienst in Anspruch nimmst. Bei größeren Dienstleistern werden diese Regeln oft durch automatisierte Systeme durchgesetzt. Manchmal können diese automatischen Systeme Fehler machen. So kann es beispielsweise vorkommen, dass dein Konto bei einigen Diensten gesperrt wird, weil du eine VPN- oder VOIP-Nummer verwendest. Gegen solche Verbote Einspruch zu erheben, ist oft schwierig und erfordert auch ein automatisiertes Verfahren, das nicht immer erfolgreich ist. Dies wäre einer der Gründe, warum wir beispielsweise nicht empfehlen würden, Gmail für E-Mail zu verwenden. E-Mail ist entscheidend für den Zugriff auf andere Dienste, für die du dich möglicherweise angemeldet hast.
+Die Nutzungsbedingungen sind die Regeln, denen du zustimmst, wenn du einen Dienst in Anspruch nimmst. Bei größeren Dienstleistern werden diese Regeln oft durch automatisierte Systeme durchgesetzt. Manchmal können diese automatischen Systeme Fehler machen. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Gegen solche Verbote Einspruch zu erheben, ist oft schwierig und erfordert auch ein automatisiertes Verfahren, das nicht immer erfolgreich ist. Dies wäre einer der Gründe, warum wir beispielsweise nicht empfehlen würden, Gmail für E-Mail zu verwenden. E-Mail ist entscheidend für den Zugriff auf andere Dienste, für die du dich möglicherweise angemeldet hast.
-In den Datenschutzrichtlinien steht, wie der Dienst deine Daten verwenden wird, und es lohnt sich, sie zu lesen, damit du verstehst, wie deine Daten verwendet werden. Ein Unternehmen oder eine Organisation ist möglicherweise rechtlich nicht verpflichtet, alles zu befolgen, was in der Richtlinie enthalten ist (dies hängt von der jeweiligen Rechtsprechung ab). Wir empfehlen dir, einen Überblick über die örtlichen Gesetze zu verschaffen und darüber, was ein Anbieter erheben darf.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Ein Unternehmen oder eine Organisation ist möglicherweise rechtlich nicht verpflichtet, alles zu befolgen, was in der Richtlinie enthalten ist (dies hängt von der jeweiligen Rechtsprechung ab). Wir empfehlen dir, einen Überblick über die örtlichen Gesetze zu verschaffen und darüber, was ein Anbieter erheben darf.
-Wir empfehlen die Suche nach bestimmten Begriffen wie "Datenerfassung", "Datenanalyse", "Cookies", "Anzeigen" oder "Drittanbieter". Manchmal hast du die Möglichkeit, die Datenerfassung oder die Weitergabe deiner Daten abzulehnen, aber es ist am besten, einen Dienst zu wählen, der deine Privatsphäre von Anfang an respektiert.
+Wir empfehlen die Suche nach bestimmten Begriffen wie "Datenerfassung", "Datenanalyse", "Cookies", "Anzeigen" oder "Drittanbieter". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Denke auch daran, dass du dem Unternehmen oder der Organisation dein Vertrauen schenkst und dass sie ihre eigenen Datenschutzrichtlinien einhalten.
@@ -42,7 +42,7 @@ Du bist für die Verwaltung deiner Anmeldedaten verantwortlich. Für zusätzlich
#### E-Mail-Aliasse
-Wenn du deine echte E-Mail-Adresse nicht an einen Dienst weitergeben möchtest, hast du die Möglichkeit, einen Alias zu verwenden. Wir haben diese auf unserer Empfehlungsseite für E-Mail-Dienste näher beschrieben. Im Grunde erlauben dir Alias-Dienste neue E-Mail-Adressen zu generieren, die alle E-Mails an deine Hauptadresse weiterleiten. Dies kann dazu beitragen, die Nachverfolgung über verschiedene Dienste hinweg zu verhindern und die Marketing-E-Mails zu verwalten, die manchmal mit dem Anmeldeprozess einhergehen. Diese können automatisch anhand des Alias gefiltert werden, an den sie gesendet werden.
+Wenn du deine echte E-Mail-Adresse nicht an einen Dienst weitergeben möchtest, hast du die Möglichkeit, einen Alias zu verwenden. Wir haben diese auf unserer Empfehlungsseite für E-Mail-Dienste näher beschrieben. Im Grunde erlauben dir Alias-Dienste neue E-Mail-Adressen zu generieren, die alle E-Mails an deine Hauptadresse weiterleiten. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Diese können automatisch anhand des Alias gefiltert werden, an den sie gesendet werden.
Sollte ein Dienst gehackt werden, erhältst du möglicherweise Phishing- oder Spam-E-Mails an die Adresse, die du für die Anmeldung verwendet hast. Die Verwendung eindeutiger Aliasnamen für jeden Dienst kann dabei helfen, genau festzustellen, welcher Dienst gehackt wurde.
@@ -76,7 +76,7 @@ Bösartige Anwendungen, insbesondere auf mobilen Geräten, bei denen die Anwendu
Wir empfehlen, Dienste zu meiden, die eine Telefonnummer für die Anmeldung erfordern. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Wenn möglich, solltest du deine echte Telefonnummer nicht herausgeben. Einige Dienste gestatten die Verwendung von VOIP-Nummern, die jedoch häufig Betrugserkennungssysteme auslösen und zur Sperrung eines Kontos führen, weshalb wir dies für wichtige Konten nicht empfehlen.
+Wenn möglich, solltest du deine echte Telefonnummer nicht herausgeben. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In vielen Fällen musst du eine Nummer angeben, unter der du SMS oder Anrufe empfangen kannst, insbesondere bei internationalen Einkäufen, falls es bei der Grenzkontrolle Probleme mit deiner Bestellung gibt. Es ist üblich, dass Dienste deine Nummer als Verifizierungsmethode verwenden; lasse es nicht zu, dass du aus einem wichtigen Konto ausgesperrt wirst, weil du clever sein und eine falsche Nummer angeben willst!
diff --git a/i18n/de/basics/account-deletion.md b/i18n/de/basics/account-deletion.md
index bab1b1ba..6f708fe9 100644
--- a/i18n/de/basics/account-deletion.md
+++ b/i18n/de/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop-Plattformen haben oft auch einen Passwort-Manager, der dir helfen kann,
### E-Mail
-Wenn du in der Vergangenheit keinen Passwort-Manager verwendet hast oder glaubst, dass du Konten hast, die nie zu deinem Passwort-Manager hinzugefügt wurden, ist eine weitere Option, deine E-Mail-Konten zu durchsuchen, auf denen du dich angemeldet hast. Suche in deinem E-Mail-Programm nach „Bestätige“ oder „Willkommen“. Fast jedes Mal, wenn du ein Online-Konto erstellst, sendet der Dienst einen Bestätigungslink oder eine Willkommensnachricht an deine E-Mail-Adresse. Dies kann eine gute Möglichkeit sein, alte, vergessene Konten zu finden.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. Suche in deinem E-Mail-Programm nach „Bestätige“ oder „Willkommen“. Fast jedes Mal, wenn du ein Online-Konto erstellst, sendet der Dienst einen Bestätigungslink oder eine Willkommensnachricht an deine E-Mail-Adresse. Dies kann eine gute Möglichkeit sein, alte, vergessene Konten zu finden.
## Alte Konten löschen
@@ -39,7 +39,7 @@ Wenn die Webseite beim Versuch, den Zugang wiederherzustellen, eine Fehlermeldun
### DSGVO (nur für EWR-Bewohner)
-Bewohner des EWR haben zusätzliche Rechte in Bezug auf die Datenlöschung, die in [Artikel 17](https://gdpr-info.eu/art-17-gdpr) der DSGVO festgelegt sind. Wenn dies auf dich zutrifft, lies die Datenschutzerklärung für den jeweiligen Dienst, um zu erfahren, wie du dein Recht auf Löschung ausüben kannst. Das Lesen der Datenschutzerklärung kann sich als wichtig erweisen, da einige Dienste eine Option "Konto löschen" haben, die nur dein Konto deaktiviert, und für die tatsächliche Löschung musst du zusätzliche Maßnahmen ergreifen. Manchmal kann die tatsächliche Löschung das Ausfüllen von Fragebögen, eine E-Mail an die Datenschutzbeauftragten des Dienstes oder sogar den Nachweis deines Wohnsitzes im EWR erfordern. Wenn du diesen Weg gehen möchtest, überschreibe **keine** Kontoinformationen – deine Identität als EWR-Bewohner kann erforderlich sein. Beachte, dass der Standort des Dienstes keine Rolle spielt; die DSGVO gilt für alle, die europäische Benutzer bedienen. Wenn der Dienst dein Recht auf Löschung nicht respektiert, kannst du dich an deine nationale [Datenschutzbehörde](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) wenden und unter Umständen einen finanziellen Ausgleich erhalten.
+Bewohner des EWR haben zusätzliche Rechte in Bezug auf die Datenlöschung, die in [Artikel 17](https://gdpr-info.eu/art-17-gdpr) der DSGVO festgelegt sind. Wenn dies auf dich zutrifft, lies die Datenschutzerklärung für den jeweiligen Dienst, um zu erfahren, wie du dein Recht auf Löschung ausüben kannst. Das Lesen der Datenschutzerklärung kann sich als wichtig erweisen, da einige Dienste eine Option "Konto löschen" haben, die nur dein Konto deaktiviert, und für die tatsächliche Löschung musst du zusätzliche Maßnahmen ergreifen. Manchmal kann die tatsächliche Löschung das Ausfüllen von Fragebögen, eine E-Mail an die Datenschutzbeauftragten des Dienstes oder sogar den Nachweis deines Wohnsitzes im EWR erfordern. Wenn du diesen Weg gehen möchtest, überschreibe **keine** Kontoinformationen – deine Identität als EWR-Bewohner kann erforderlich sein. Beachte, dass der Standort des Dienstes keine Rolle spielt; die DSGVO gilt für alle, die europäische Benutzer bedienen. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Kontoinformationen überschreiben
diff --git a/i18n/de/basics/common-misconceptions.md b/i18n/de/basics/common-misconceptions.md
index 7c098c2a..3ed5ceb4 100644
--- a/i18n/de/basics/common-misconceptions.md
+++ b/i18n/de/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Die Datenschutzrichtlinien und Geschäftspraktiken der Anbieter, die du auswähl
## „Kompliziert ist besser“
-Oft sehen wir Menschen, die Bedrohungsmodelle für ihre Privatsphäre beschreiben, die übermäßig komplex sind. Oft beinhalten diese Lösungen Probleme wie viele verschiedene E-Mail-Konten oder komplizierte Konfigurationen mit vielen beweglichen Teilen und Bedingungen. Die Antworten sind in der Regel Antworten auf die Frage "Wie kann man *X* am besten machen?"
+Oft sehen wir Menschen, die Bedrohungsmodelle für ihre Privatsphäre beschreiben, die übermäßig komplex sind. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Die Antworten sind in der Regel Antworten auf die Frage "Wie kann man *X* am besten machen?"
Die "beste" Lösung für sich selbst zu finden, bedeutet nicht unbedingt, dass du eine unfehlbare Lösung mit Dutzenden von Bedingungen anstrebst - solche Lösungen sind oft schwer realistisch zu handhaben. Wie wir bereits besprochen haben, geht Sicherheit oft auf Kosten der Bequemlichkeit. Unten geben wir einige Tipps:
1. ==Aktionen müssen einem bestimmten Zweck dienen:== Überlege dir, wie du dein Ziel mit möglichst wenigen Aktionen erreichen kannst.
2. ==Beseitige menschliche Schwachstellen:== Wir versagen, werden müde und vergessen Dinge. Um Sicherheit zu gewährleisten, solltest du dich nicht auf manuelle Bedingungen und Prozesse verlassen, die du dir merken musst.
-3. ==Wähle das richtige Maß an Schutz für das, was du beabsichtigst.== Wir sehen oft Empfehlungen für sogenannte gesetzeskonforme oder vorladungssichere Lösungen. Diese erfordern oft Fachwissen und sind im Allgemeinen nicht das, was die Meisten wollen. Es macht keinen Sinn, ein kompliziertes Bedrohungsmodell für Anonymität zu entwickeln, wenn man durch ein einfaches Versehen de-anonymisiert werden kann.
+3. ==Wähle das richtige Maß an Schutz für das, was du beabsichtigst.== Wir sehen oft Empfehlungen für sogenannte gesetzeskonforme oder vorladungssichere Lösungen. Diese erfordern oft Fachwissen und sind im Allgemeinen nicht das, was die Meisten wollen. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Wie könnte das also aussehen?
@@ -94,4 +94,4 @@ Eines der klarsten Bedrohungsmodelle ist eines, bei dem die Menschen *wissen, we
Die Verwendung von Tor kann dabei helfen. Es ist auch erwähnenswert, dass eine größere Anonymität durch asynchrone Kommunikation möglich ist: Echtzeitkommunikation ist anfällig für die Analyse von Tippmustern (d. h. mehr als ein Absatz Text, der in einem Forum, per E-Mail usw. verbreitet wird).
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/de/basics/common-threats.md b/i18n/de/basics/common-threats.md
index 4ac3152b..488a9fa8 100644
--- a/i18n/de/basics/common-threats.md
+++ b/i18n/de/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Deine persönliche Bedrohungsanalyse kannst nur du selber durchführen. Vielen Besuchern dieser Webseite sind aber folgende Dinge wichtig.
---
-Wir ordnen unsere Empfehlungen nach [Bedrohungen](threat-modeling.md) beziehungsweise Zielen, die für die meisten Menschen gelten. ==Dich können keine, eine, einige oder alle dieser Themen betreffen==, und du solltest die von dir eingesetzten Werkzeuge und Dienste von deinen Zielen abhängig machen. Du kannst auch spezifische Bedrohungen außerhalb dieser Kategorien haben, das ist völlig in Ordnung! Wichtig ist, dass du die Vorteile und Schwächen der von dir gewählten Werkzeuge kennst, denn praktisch keines davon schützt dich vor jeder Bedrohung.
+Wir ordnen unsere Empfehlungen nach [Bedrohungen](threat-modeling.md) beziehungsweise Zielen, die für die meisten Menschen gelten. ==Dich können keine, eine, einige oder alle dieser Themen betreffen==, und du solltest die von dir eingesetzten Werkzeuge und Dienste von deinen Zielen abhängig machen. You may have specific threats outside these categories as well, which is perfectly fine! Wichtig ist, dass du die Vorteile und Schwächen der von dir gewählten Werkzeuge kennst, denn praktisch keines davon schützt dich vor jeder Bedrohung.
:material-incognito: **Anonymität**
:
@@ -19,7 +19,7 @@ Schutz vor Hackern oder anderen böswilligen Akteuren, die versuchen, sich Zugan
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Angriffe**
:
@@ -44,7 +44,7 @@ Schutz vor großen Werbenetzwerken wie Google und Facebook sowie vor einer Vielz
:material-account-search: **Public Exposure**
:
-Begrenzung der Informationen über dich online—für Suchmaschinen oder die allgemeine Öffentlichkeit.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Zensur**
:
@@ -76,7 +76,7 @@ Um den Schaden, den eine bösartige Software anrichten *könnte*, zu minimieren,
Mobile Betriebssysteme verfügen im Allgemeinen über eine bessere Sandbox für Anwendungen als Desktop-Betriebssysteme: Apps können keinen Root-Zugriff erhalten und benötigen eine Genehmigung für den Zugriff auf Systemressourcen.
-Desktop-Betriebssysteme hinken im Allgemeinen bei ordnungsgemäßen Sandboxing-Technik hinterher. ChromeOS verfügt über ähnliche Sandboxing-Funktionen wie Android, und macOS bietet eine vollständige Kontrolle der Systemberechtigungen (und Entwickler können sich für Sandboxing von Anwendungen entscheiden). Allerdings übermitteln diese Betriebssysteme identifizierende Informationen an ihre jeweiligen OEMs. Linux tendiert dazu, keine Informationen an Systemanbieter weiterzugeben, bietet aber nur einen geringen Schutz gegen Exploits und bösartige Anwendungen. Dies kann mit spezialisierten Distributionen, die in erheblichem Umfang virtuelle Maschinen oder Container verwenden, wie [Qubes OS](../desktop.md#qubes-os), etwas abgemildert werden.
+Desktop-Betriebssysteme hinken im Allgemeinen bei ordnungsgemäßen Sandboxing-Technik hinterher. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Allerdings übermitteln diese Betriebssysteme identifizierende Informationen an ihre jeweiligen OEMs. Linux tendiert dazu, keine Informationen an Systemanbieter weiterzugeben, bietet aber nur einen geringen Schutz gegen Exploits und bösartige Anwendungen. Dies kann mit spezialisierten Distributionen, die in erheblichem Umfang virtuelle Maschinen oder Container verwenden, wie [Qubes OS](../desktop.md#qubes-os), etwas abgemildert werden.
@@ -143,7 +143,7 @@ Daher solltest du, wann immer möglich, native Anwendungen anstelle von Webclien
-Selbst mit E2EE können Dienstanbieter immer noch Profile von dir auf der Grundlage von **Metadaten** erstellen, die normalerweise nicht geschützt sind. Der Dienstanbieter kann deine Nachrichten zwar nicht lesen, aber er kann dennoch wichtige Dinge beobachten, z. B. mit wem du sprichst, wie oft du einer Person Nachrichten schickst und wann du normalerweise aktiv bist. Der Schutz von Metadaten ist eher unüblich, und wenn es in deinem [Bedrohungsmodell](threat-modeling.md) vorkommt, solltest du die technische Dokumentation der Software, die du verwendest, genau prüfen, um zu sehen, ob es eine Minimierung oder einen Schutz von Metadaten gibt.
+Selbst mit E2EE können Dienstanbieter immer noch Profile von dir auf der Grundlage von **Metadaten** erstellen, die normalerweise nicht geschützt sind. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Der Schutz von Metadaten ist eher unüblich, und wenn es in deinem [Bedrohungsmodell](threat-modeling.md) vorkommt, solltest du die technische Dokumentation der Software, die du verwendest, genau prüfen, um zu sehen, ob es eine Minimierung oder einen Schutz von Metadaten gibt.
## Massenüberwachungsprogramme
@@ -156,7 +156,7 @@ Unter Massenüberwachung versteht man die aufwändige Überwachung des "Verhalte
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In Frankreich kannst du einen Blick auf die [Technopolice Website](https://technopolice.fr/villes) werfen, die von dem gemeinnützigen Verein La Quadrature du Net betrieben wird.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ Wenn du über Massenüberwachungsprogramme besorgt bist, kannst du Strategien an
Für viele Menschen ist die Verfolgung und Überwachung durch private Unternehmen eine wachsende Sorge. Weit verbreitete Werbenetzwerke, wie die von Google und Facebook betriebenen, umspannen das Internet weit über die von ihnen kontrollierten Websites hinaus und verfolgen dabei deine Handlungen. Der Einsatz von Tools wie Content-Blockern zur Begrenzung der Netzwerkanfragen an ihre Server und das Lesen der Datenschutzrichtlinien der von dir genutzten Dienste kann dir helfen, viele einfache Angriffe zu vermeiden (auch wenn dies das Tracking nicht vollständig verhindern kann).[^4]
-Darüber hinaus können auch Unternehmen außerhalb der *AdTech-* oder Tracking-Branche deine Informationen an [Datenmakler](https://en.wikipedia.org/wiki/Information_broker) (wie Cambridge Analytica, Experian oder Datalogix) oder andere Parteien weitergeben. Du kannst nicht automatisch annehmen, dass deine Daten sicher sind, nur weil der Dienst, den du verwendest, nicht zum typischen AdTech- oder Tracking-Geschäftsmodell gehört. Der stärkste Schutz vor der Datensammlung durch Unternehmen ist es, deine Daten zu verschlüsseln oder zu verschleiern, wann immer möglich, um es verschiedenen Anbietern schwer zu machen, Daten miteinander zu korrelieren und ein Profil über dich zu erstellen.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Du kannst nicht automatisch annehmen, dass deine Daten sicher sind, nur weil der Dienst, den du verwendest, nicht zum typischen AdTech- oder Tracking-Geschäftsmodell gehört. Der stärkste Schutz vor der Datensammlung durch Unternehmen ist es, deine Daten zu verschlüsseln oder zu verschleiern, wann immer möglich, um es verschiedenen Anbietern schwer zu machen, Daten miteinander zu korrelieren und ein Profil über dich zu erstellen.
## Einschränkung der öffentlichen Information
diff --git a/i18n/de/basics/email-security.md b/i18n/de/basics/email-security.md
index 67c18f59..9c4e2e16 100644
--- a/i18n/de/basics/email-security.md
+++ b/i18n/de/basics/email-security.md
@@ -29,13 +29,13 @@ Wenn du eine gemeinsam genutzte Domain eines Anbieters verwendest, welcher WKD n
### Welche E-Mail-Clients unterstützen E2EE?
-E-Mail-Anbieter, die dir die Verwendung von Standard-Zugriffsprotokollen wie IMPA und SMTP ermöglichen, können mit jedem der [von uns empfohlenen E-Mail-Clients](../email-clients.md) verwendet werden. Abhängig von der Authentifizierungsmethode kann dies zu einer Verringerung der Sicherheit führen, wenn entweder der Anbieter oder der E-Mail-Client OATH oder eine Bridge-Anwendung nicht unterstützt, da eine [Multi-Faktor-Authentifizierung](multi-factor-authentication.md) mit einer reinen Passwort-Authentifizierung nicht möglich ist.
+E-Mail-Anbieter, die dir die Verwendung von Standard-Zugriffsprotokollen wie IMPA und SMTP ermöglichen, können mit jedem der [von uns empfohlenen E-Mail-Clients](../email-clients.md) verwendet werden. Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Wie schütze ich meine privaten Schlüssel?
-Eine Smartcard (wie z. B. ein [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) oder [Nitrokey](../security-keys.md#nitrokey)) funktioniert, indem sie eine verschlüsselte E-Mail-Nachricht von einem Gerät (Telefon, Tablet, Computer usw.) empfängt, auf dem ein E-Mail-/Webmail-Client läuft. Die Nachricht wird dann von der Smartcard entschlüsselt und der entschlüsselte Inhalt an das Gerät zurückgeschickt.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Es ist vorteilhaft, wenn die Entschlüsselung auf der Smartcard erfolgt, um zu vermeiden, dass dein privater Schlüssel möglicherweise einem kompromittierten Gerät preisgegeben wird.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Übersicht über E-Mail-Metadaten
@@ -49,4 +49,4 @@ Die E-Mail-Metadaten sind mit [Opportunistic TLS](https://de.wikipedia.org/wiki/
### Warum können Metadaten nicht E2EE werden?
-E-Mail-Metadaten sind entscheidend für die grundlegenden Funktionen von E-Mails (woher sie kommen und wohin sie gehen sollen). E2EE war ursprünglich nicht in den E-Mail-Protokollen enthalten, sondern erfordert zusätzliche Software wie OpenPGP. Da OpenPGP-Nachrichten mit herkömmlichen E-Mail-Anbietern zusammenarbeiten müssen, kann es keine E-Mail-Metadaten verschlüsseln, sondern nur den eigentlichen Nachrichtentext. Das bedeutet, dass selbst bei Verwendung von OpenPGP Außenstehende viele Informationen über deine Nachrichten sehen können, z. B. an wen du eine E-Mail sendest, die Betreffzeilen, wann du sie sendest usw.
+E-Mail-Metadaten sind entscheidend für die grundlegenden Funktionen von E-Mails (woher sie kommen und wohin sie gehen sollen). E2EE war ursprünglich nicht in den E-Mail-Protokollen enthalten, sondern erfordert zusätzliche Software wie OpenPGP. Da OpenPGP-Nachrichten mit herkömmlichen E-Mail-Anbietern zusammenarbeiten müssen, kann es keine E-Mail-Metadaten verschlüsseln, sondern nur den eigentlichen Nachrichtentext. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/de/basics/hardware.md b/i18n/de/basics/hardware.md
index 03f4bc61..416b6f0b 100644
--- a/i18n/de/basics/hardware.md
+++ b/i18n/de/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warnung
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/de/basics/multi-factor-authentication.md b/i18n/de/basics/multi-factor-authentication.md
index 34dd7754..fa11b08d 100644
--- a/i18n/de/basics/multi-factor-authentication.md
+++ b/i18n/de/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Faktor-Authentifizierung"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA ist ein wichtiger Sicherheitsmechanismus zum Schutz deiner Online-Konten, aber einige Methoden sind stärker als andere.
---
-Die **Multi-Faktor-Authentifizierung****(MFA**) ist ein Sicherheitsmechanismus, der über die Eingabe von Benutzername (oder E-Mail) und Passwort hinaus zusätzliche Schritte erfordert. Die gängigste Methode sind zeitlich begrenzte Codes, die du per SMS oder über eine App erhalten kannst.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Die gängigste Methode sind zeitlich begrenzte Codes, die du per SMS oder über eine App erhalten kannst.
Wenn ein Hacker (oder Angreifer) in der Lage ist, dein Passwort herauszufinden, erhält dieser normalerweise Zugang zu dem Konto, zu dem dieses Passwort gehört. Ein Konto mit MFA zwingt den Hacker dazu, sowohl das Passwort (etwas, das du *weißt*) als auch ein Gerät zu haben, das dir gehört (etwas, das du *hast*), wie dein Handy.
@@ -26,7 +26,7 @@ Die Sicherheit der MFA für Push-Benachrichtigungen hängt sowohl von der Qualit
### Zeitbasiertes Einmalpasswort (TOTP)
-TOTP ist eine der am weitesten verbreiteten Formen zur MFA. Bei der Einrichtung von TOTP musst du in der Regel einen [QR-Code](https://de.wikipedia.org/wiki/QR-Code) scannen, der ein [gemeinsames Geheimnis](https://de.wikipedia.org/wiki/Gemeinsames_Geheimnis) mit dem Dienst, den du nutzen möchten, festlegt. Das gemeinsame Geheimnis ist in den Daten der Authentifikator-App gesichert und manchmal durch ein Passwort geschützt.
+TOTP ist eine der am weitesten verbreiteten Formen zur MFA. Bei der Einrichtung von TOTP musst du in der Regel einen [QR-Code](https://de.wikipedia.org/wiki/QR-Code) scannen, der ein [gemeinsames Geheimnis](https://de.wikipedia.org/wiki/Gemeinsames_Geheimnis) mit dem Dienst, den du nutzen möchten, festlegt. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Der zeitlich begrenzte Code wird dann aus dem gemeinsamen Geheimnis und der aktuellen Zeit abgeleitet. Da der Code nur für eine kurze Zeit gültig ist, kann ein Angreifer ohne Zugang zum gemeinsamen Geheimnis keine neuen Codes erzeugen.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (und KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/de/basics/passwords-overview.md b/i18n/de/basics/passwords-overview.md
index 469c83d5..8f4369e1 100644
--- a/i18n/de/basics/passwords-overview.md
+++ b/i18n/de/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Alle von uns [empfohlenen Passwort-Manager](../passwords.md) enthalten einen int
Passwörter, die du dir merken musst (z. B. das Master-Passwort deines Passwort-Managers), solltest du nicht zu oft ändern, es sei denn, du hast Grund zu der Annahme, dass es kompromittiert wurde, denn wenn du es zu oft änderst, besteht die Gefahr, dass du es vergisst.
-Wenn es um Passwörter geht, die du dir nicht merken musst (z. B. Passwörter, die in deinem Passwort-Manager gespeichert sind), empfehlen wir, falls dein [Bedrohungsmodell](threat-modeling.md) dies erfordert, wichtige Konten durchzugehen (insbesondere Konten, die keine Multi-Faktor-Authentifizierung verwenden) und deine Passwörter alle paar Monate zu ändern, für den Fall, dass sie durch eine noch nicht öffentlich gewordene Datenpanne gefährdet sind. Bei den meisten Passwort-Managern kannst du ein Verfallsdatum für dein Passwort festlegen, um die Verwaltung zu erleichtern.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Bei den meisten Passwort-Managern kannst du ein Verfallsdatum für dein Passwort festlegen, um die Verwaltung zu erleichtern.
Nach Datenlecks suchen
@@ -54,13 +54,13 @@ Gehe wie folgt vor, um eine Diceware-Passphrase mit echten Würfeln zu erstellen
Anmerkung
-In dieser Anleitung wird davon ausgegangen, dass du die [EFF Large Wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) verwendest, um die Passphrase zu generieren, was fünf Würfelwürfe pro Wort erfordert. Andere Wortlisten können mehr oder weniger Würfe pro Wort erfordern und eine andere Anzahl von Wörtern benötigen, um die gleiche Entropie zu erreichen.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Würfel fünfmal mit einem sechsseitigen Würfel und notiere dir die Zahl nach jedem Wurf.
-2. Nehmen wir zum Beispiel an, du hast `2-5-2-6-6` gewürfelt. Suche in [der großen Wortliste des EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) nach dem Wort, das `25266` entspricht.
+2. Nehmen wir zum Beispiel an, du hast `2-5-2-6-6` gewürfelt. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Du findest das Wort `encrypt`. Schreibe dieses Wort auf.
@@ -75,25 +75,25 @@ Du solltest die Wörter **nicht** neu rollen bis du eine Kombination von Wörter
Wenn du keinen Zugang zu echten Würfeln hast oder es vorziehst, diesen nicht zu verwenden, kannst du den integrierten Passwortgenerator deines Passwort-Managers verwenden, da die meisten von ihnen die Option haben, zusätzlich zu den normalen Passwörtern auch Diceware-Passphrasen zu generieren.
-Wir empfehlen, die [große Wortliste des EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) zu verwenden, um deine Diceware-Passphrasen zu generieren, da sie genau die gleiche Sicherheit bietet wie die ursprüngliche Liste, aber Wörter enthält, die man sich leichter merken kann. Es gibt auch [andere Wortlisten in verschiedenen Sprachen](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), wenn du nicht willst, dass deine Passphrase auf Englisch ist ([hier findest du die deutsche Version](https://theworld.com/~reinhold/diceware_german.txt)).
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Erläuterung von Entropie und der Stärke Diceware-Passphrasen
-Um zu demonstrieren, wie stark Passphrasen für Diceware sind, verwenden wir die oben erwähnte Passphrase mit sieben Wörtern(`sichtbar Schnelligkeit zögerlich weich siebzehn gezeigt Bleistift`) und die [große Wortliste des EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) als Beispiel.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
Eine Kennzahl zur Bestimmung der Stärke einer Diceware-Passphrase ist die Entropie, die sie aufweist. Die Entropie pro Wort in einer Diceware-Passphrase wird wie folgt berechnet und die Gesamtentropie der Passphrase wird wie folgt berechnet:
Daher ergibt jedes Wort in der oben genannten Liste ~12,9 Bits an Entropie (), und eine daraus abgeleitete Passphrase mit sieben Wörtern hat eine Entropie von ~90,47 Bit ().
-[Die große Wortliste des EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) enthält 7776 einzigartige Wörter. Um die Anzahl der möglichen Passphrasen zu berechnen, müssen wir nur Folgendes tun , oder in unserem Fall, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. Um die Anzahl der möglichen Passphrasen zu berechnen, müssen wir nur Folgendes tun , oder in unserem Fall, .
-Lass uns das in den richtigen Kontext setzen: Eine Passphrase mit sieben Wörtern unter Verwendung der [großen Wortliste des EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) ist eine von ~1.719.070.799.748.422.500.000.000.000 möglichen Passphrasen.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
Im Durchschnitt müssen 50 % aller möglichen Kombinationen ausprobiert werden, um deinen Satz zu erraten. Selbst wenn dein Gegner in der Lage ist, ~1.000.000.000.000 Mal pro Sekunde zu raten, bräuchte er immer noch ~27.255.689 Jahre, um deine Passphrase zu erraten. Das ist auch dann der Fall, wenn die folgenden Dinge zutreffen:
- Dein Gegner weiß, dass du die Diceware-Methode verwendet hast.
-- Dein Gegner weiß die spezifische Wortliste, die du verwendet hast.
+- Your adversary knows the specific word list that you used.
- Dein Gegner weiß, wie viele Wörter deine Passphrase enthält.
@@ -113,7 +113,7 @@ Es stehen viele gute Optionen zur Auswahl, sowohl cloudbasierte als auch lokale.
Speichere deine Passwörter und TOTP-Tokens nicht im selben Passwortmanager ab
-Wenn du [TOTP-Codes als Multi-Faktor-Authentifizierung](multi-factor-authentication.md#time-based-one-time-password-totp) verwendest, ist es die beste Sicherheitspraxis, deine TOTP-Codes in einer [separaten Anwendung](../multi-factor-authentication.md) zu speichern.
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Das Speichern deiner TOTP-Tokens am gleichen Ort wie deine Passwörter ist zwar praktisch, reduziert aber die Konten auf einen einzigen Faktor, falls ein Angreifer Zugang zu deinem Passwortmanager erhält.
diff --git a/i18n/de/basics/threat-modeling.md b/i18n/de/basics/threat-modeling.md
index 961122ca..2f9e046f 100644
--- a/i18n/de/basics/threat-modeling.md
+++ b/i18n/de/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Ein „Wertgegenstand“ (Asset) ist etwas, das du schätzt und schützen möcht
Um diese Frage zu beantworten, ist es wichtig festzustellen, wer dich oder deine Informationen angreifen könnte. ==Eine Person oder Einrichtung, die eine Bedrohung für deine Wertsachen darstellt, ist ein „Gegner“ (Adversary).== Beispiele für potenzielle Gegner sind dein Chef, dein Ex-Partner, deine Geschäftskonkurrenz, deine Regierung oder ein Hacker in einem öffentlichen Netzwerk.
-*Erstelle eine Liste deiner Gegner oder derjenigen, die versuchen könnten, an deine Wertsachen zu gelangen. Deine Liste kann Einzelpersonen, eine Regierungsbehörde oder Unternehmen enthalten.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Deine Liste kann Einzelpersonen, eine Regierungsbehörde oder Unternehmen enthalten.*
Je nachdem, um wen es sich bei deinen Gegnern handelt, möchtest du diese Liste vielleicht vernichten, nachdem du dein Bedrohungsmodell entwickelt hast.
diff --git a/i18n/de/browser-extensions.md b/i18n/de/browser-extensions.md
index 3635eb32..bfd27c20 100644
--- a/i18n/de/browser-extensions.md
+++ b/i18n/de/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/de/calendar.md b/i18n/de/calendar.md
index a0c3b24d..b9f6a161 100644
--- a/i18n/de/calendar.md
+++ b/i18n/de/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** bietet einen kostenlosen und verschlüsselten Kalender auf all ihren unterstützten Plattformen an. Zu den Funktionen gehören: automatische E2EE aller Daten, Freigabefunktionen, Import-/Exportfunktionen, Mehrfachauthentisierung und [mehr](https://tuta.com/calendar-app-comparison).
+**Tuta** bietet einen kostenlosen und verschlüsselten Kalender auf all ihren unterstützten Plattformen an. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Mehrere Kalender und erweiterte Sharing-Funktionen sind auf zahlende Abonnenten beschränkt.
diff --git a/i18n/de/cloud.md b/i18n/de/cloud.md
index 4425a9fc..fd2973e4 100644
--- a/i18n/de/cloud.md
+++ b/i18n/de/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/de/cryptocurrency.md b/i18n/de/cryptocurrency.md
index 341e96b0..aaae8daf 100644
--- a/i18n/de/cryptocurrency.md
+++ b/i18n/de/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Kriterien
diff --git a/i18n/de/data-broker-removals.md b/i18n/de/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/de/data-broker-removals.md
+++ b/i18n/de/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/de/desktop-browsers.md b/i18n/de/desktop-browsers.md
index 9d07b6b7..6c7c251f 100644
--- a/i18n/de/desktop-browsers.md
+++ b/i18n/de/desktop-browsers.md
@@ -109,7 +109,7 @@ Dies ist erforderlich, um fortgeschrittene Formen der Nachverfolgung zu verhinde
### Mullvad Leta
-Der Mullvad Browser wird mit DuckDuckGo als Standard [Suchmaschine](search-engines.md) ausgeliefert, aber es ist auch **Mullvad Leta** vorinstalliert, eine Suchmaschine, die ein aktives Mullvad VPN-Abonnement erfordert, um darauf zugreifen zu können. Mullvad Leta greift für die Suche direkt auf die kostenpflichtige API von Google zu, daher ist es auf zahlende Abonnenten beschränkt. Aufgrund dieser Einschränkung ist es für Mullvad jedoch möglich, Suchanfragen über Mullvad Leta mit Mullvad-VPN-Konten in einen Zusammenhang zu setzen. Aus diesem Grund raten wir von der Verwendung von Mullvad Leta ab, auch wenn Mullvad nur sehr wenige Informationen über seine VPN-Abonnenten sammelt.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta greift für die Suche direkt auf die kostenpflichtige API von Google zu, daher ist es auf zahlende Abonnenten beschränkt. Aufgrund dieser Einschränkung ist es für Mullvad jedoch möglich, Suchanfragen über Mullvad Leta mit Mullvad-VPN-Konten in einen Zusammenhang zu setzen. Aus diesem Grund raten wir von der Verwendung von Mullvad Leta ab, auch wenn Mullvad nur sehr wenige Informationen über seine VPN-Abonnenten sammelt.
## Firefox
@@ -189,7 +189,7 @@ Laut Mozillas Datenschutzrichtlinie für Firefox,
> Firefox sendet Daten über deine Firefox-Version und -Sprache, das Betriebssystem und die Hardware-Konfiguration deines Geräts, den Arbeitsspeicher, grundlegende Informationen über Abstürze und Fehler sowie die Ergebnisse automatisierter Prozesse wie Updates, Safebrowsing und Aktivierung an Mozilla. Wenn Firefox Daten an Mozilla sendet, wird deine IP-Adresse vorübergehend als Teil von Mozillas Serverprotokollen erfasst.
-Außerdem sammelt der Mozilla-Konten-Dienst [einige technische Daten](https://mozilla.org/privacy/mozilla-accounts). Wenn du ein Mozilla-Konto verwendest, kannst du dich hiervon abmelden:
+Außerdem sammelt der Mozilla-Konten-Dienst [einige technische Daten](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Öffnen deine [Profileinstellungen auf accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Deaktiviere **Datenerfassung und -nutzung** > **Helfen Sie, Firefox-Konten zu verbessern**
@@ -204,7 +204,7 @@ Mit der Veröffentlichung von Firefox 128 wurde eine neue Einstellung für die [
- [x] Wähle **Nur-HTTPS-Modus in allen Fenstern aktivieren**
-Dadurch wird verhindert, dass ungewollt eine Verbindung zu einer Website mit einer unverschlüsselten HTTP-Verbindung hergestellt wird. Websites ohne HTTPS sind heutzutage unüblich, sodass dies nur geringe oder gar keine Auswirkungen auf das tägliche Surfen haben sollte.
+Dadurch wird verhindert, dass ungewollt eine Verbindung zu einer Website mit einer unverschlüsselten HTTP-Verbindung hergestellt wird. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS über HTTPS
@@ -297,7 +297,7 @@ Brave ermöglicht die Auswahl zusätzlicher Inhaltsfilter auf der internen Seite
-1. Mit dieser Option wird JavaScript deaktiviert, was bei vielen Websites zu Problemen führt. Um sie wieder nutzbar zu machen, können Sie Ausnahmen für jede einzelne Website festlegen, indem Sie auf das Schild-Symbol in der Adressleiste klicken und diese Einstellung unter *Fortgeschrittene Steuerung* deaktivieren.
+1. Mit dieser Option wird JavaScript deaktiviert, was bei vielen Websites zu Problemen führt. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. Wenn Sie bei einer bestimmten Website, die Sie häufig besuchen, angemeldet bleiben möchten, können Sie Ausnahmen für jede einzelne Website festlegen, indem Sie auf das Schild-Symbol in der Adressleiste klicken und diese Einstellung unter *Erweiterte Steuerelemente* deaktivieren.
#### Datenschutz und Sicherheit
diff --git a/i18n/de/desktop.md b/i18n/de/desktop.md
index 6cd16264..997523c3 100644
--- a/i18n/de/desktop.md
+++ b/i18n/de/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/de/device-integrity.md b/i18n/de/device-integrity.md
index 5cce842e..f89010a1 100644
--- a/i18n/de/device-integrity.md
+++ b/i18n/de/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/de/dns.md b/i18n/de/dns.md
index f3825789..2e0196f6 100644
--- a/i18n/de/dns.md
+++ b/i18n/de/dns.md
@@ -75,7 +75,7 @@ AdGuard Home bietet eine ausgefeilte Weboberfläche, über die Einblicke erhalte
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Verschlüsselte DNS-Proxy-Software stellt einen lokalen Proxy für den [unversch
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/de/document-collaboration.md b/i18n/de/document-collaboration.md
index 2c745cbd..9994bf48 100644
--- a/i18n/de/document-collaboration.md
+++ b/i18n/de/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Unsere Best-Case-Kriterien stellen dar, was wir uns von einem perfekten Projekt in dieser Kategorie wünschen würden. Unsere Empfehlungen enthalten möglicherweise keine oder nicht alle dieser Merkmale, aber diejenigen, die sie enthalten, werden möglicherweise höher eingestuft als andere auf dieser Seite.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/de/email-aliasing.md b/i18n/de/email-aliasing.md
index eb9a197b..93ad1242 100644
--- a/i18n/de/email-aliasing.md
+++ b/i18n/de/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/de/email.md b/i18n/de/email.md
index 89c65570..6e6d5d10 100644
--- a/i18n/de/email.md
+++ b/i18n/de/email.md
@@ -58,7 +58,7 @@ OpenPGP unterstützt auch keine Forward Secrecy. Das heißt, wenn entweder dein
{ align=right }
-**Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit 2013 in Betrieb. Die Proton AG hat ihren Sitz in Genf, Schweiz. Der Proton Mail Free Tarif beinhaltet 500 MB Mailspeicher, den du kostenlos auf bis zu 1 GB erweitern kannst.
+**Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit 2013 in Betrieb. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail akzeptiert, neben den üblichen Zahlungen per Kredit-/Debitkarte, [B
#### :material-check:{ .pg-green } Kontosicherheit
-Proton Mail unterstützt TOTP [Zwei-Faktor-Authentifizierung](https://proton.me/de/support/two-factor-authentication-2fa) und [Hardware-Sicherheitsschlüssel](https://proton.me/de/support/2fa-security-key) unter Verwendung der Standards FIDO2 oder U2F. Für die Verwendung eines Hardwaresicherheitsschlüssels muss zunächst die TOTP-Zwei-Faktor-Authentifizierung eingerichtet werden.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Datensicherheit
@@ -117,7 +117,7 @@ Wenn du ein kostenpflichtiges Konto hast und deine Rechnung [nach 14 Tagen noch
#### :material-information-outline:{ .pg-blue } Zusätzliche Funktionen
-Der [Unlimited-Tarif](https://proton.me/support/proton-plans#proton-unlimited) von Proton Mail ermöglicht auch den Zugang zu anderen Proton-Diensten und bietet darüber hinaus mehrere benutzerdefinierte Domains, eine unbegrenzte Anzahl von "Hide-my-email"-Aliasnamen und 500 GB Speicherplatz.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail bietet keine Funktion für deinen digitalen Nachlass.
@@ -127,7 +127,7 @@ Proton Mail bietet keine Funktion für deinen digitalen Nachlass.
{ align=right }
-**Mailbox.org** ist ein E-Mail-Dienst, mit dem Ziel sicher und werbefrei zu sein und der mit 100 % Ökostrom betrieben wird. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Konten beginnen mit 2 GB Speicherplatz, der nach Bedarf erweitert werden kann.
+**Mailbox.org** ist ein E-Mail-Dienst, mit dem Ziel sicher und werbefrei zu sein und der mit 100 % Ökostrom betrieben wird. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Datenschutzrichtlinie" }
@@ -148,11 +148,11 @@ Bei Mailbox.org kannst du deine eigene Domain verwenden, und es werden [Catch-Al
#### :material-check:{ .pg-green } Diskrete Zahlungsmöglichkeiten
-Mailbox.org akzeptiert keine Kryptowährungen, da deren Zahlungsanbieter BitPay seinen Betrieb in Deutschland eingestellt hat. Sie akzeptieren jedoch Bargeld per Post, Bareinzahlung auf ein Bankkonto, Banküberweisung, Kreditkarte, PayPal und einige Deutschland spezifische Anbieter: paydirekt und Sofortüberweisung.
+Mailbox.org akzeptiert keine Kryptowährungen, da deren Zahlungsanbieter BitPay seinen Betrieb in Deutschland eingestellt hat. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Kontosicherheit
-Mailbox.org unterstützt die [Zwei-Faktor-Authentisierung](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) nur für Webmail. Du kannst entweder TOTP oder einen [YubiKey](https://en.wikipedia.org/wiki/YubiKey) über die [YubiCloud](https://yubico.com/products/services-software/yubicloud) verwenden. Webstandards wie [WebAuthn](https://de.wikipedia.org/wiki/WebAuthn) werden noch nicht unterstützt.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. Du kannst entweder TOTP oder einen [YubiKey](https://en.wikipedia.org/wiki/YubiKey) über die [YubiCloud](https://yubico.com/products/services-software/yubicloud) verwenden. Webstandards wie [WebAuthn](https://de.wikipedia.org/wiki/WebAuthn) werden noch nicht unterstützt.
#### :material-information-outline:{ .pg-blue } Datensicherheit
@@ -172,7 +172,7 @@ Nach Ablauf deines Vertrags wird dein Konto zunächst auf ein eingeschränktes B
#### :material-information-outline:{ .pg-blue } Zusätzliche Funktionen
-Du kannst auf Ihr Mailbox.org-Konto über IMAP/SMTP zugreifen, indem du deren [.onion-Dienst](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org) nutzt. Auf die Webmail-Schnittstelle kann jedoch nicht über den .onion-Dienst zugegriffen werden und es können TLS-Zertifikatsfehler auftreten.
+Du kannst auf Ihr Mailbox.org-Konto über IMAP/SMTP zugreifen, indem du deren [.onion-Dienst](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org) nutzt. However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Alle Konten verfügen über einen begrenzten Cloud-Speicher, der [verschlüsselt werden kann](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org bietet auch den Alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely) an, der die TLS-Verschlüsselung der Verbindung zwischen den Mailservern erzwingt, ansonsten wird die Nachricht erst gar nicht gesendet. Mailbox.org unterstützt neben den Standardzugriffsprotokollen wie IMAP und POP3 auch [Exchange ActiveSync](https://de.wikipedia.org/wiki/Exchange_ActiveSync).
@@ -195,7 +195,7 @@ Diese Anbieter speichern deine E-Mails mit Zero-Knowledge-Verschlüsselung und s
{ align=right }
{ align=right }
-**Tuta** (ehemals *Tutanota*) ist ein E-Mail-Dienst mit einem Fokus auf Sicherheit und Privatsphäre durch Verschlüsselung. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Kostenlose Konten beginnen mit 1 GB Speicherplatz.
+**Tuta** (ehemals *Tutanota*) ist ein E-Mail-Dienst mit einem Fokus auf Sicherheit und Privatsphäre durch Verschlüsselung. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Datenschutzrichtlinie" }
@@ -226,11 +226,11 @@ Bezahlte Tuta-Konten können je nach Tarif entweder 15 oder 30 Aliase und unbegr
#### :material-information-outline:{ .pg-blue } Private Zahlungsmöglichkeiten
-Tuta akzeptiert nur Kreditkarten und PayPal, aber [Kryptowährung](cryptocurrency.md) kann verwendet werden, um Guthabenkarten über ihre [Partnerschaft](https://tuta.com/support/#cryptocurrency) mit Proxystore zu kaufen.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Kontosicherheit
-Tuta unterstützt die [Zwei-Faktor-Authentisierung](https://tuta.com/support#2fa) entweder mit TOTP oder U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Datensicherheit
@@ -297,7 +297,7 @@ Wir halten diese Merkmale für wichtig, um einen sicheren und optimalen Service
**Mindestvoraussetzung um sich zu qualifizieren:**
- Verschlüsselt die Daten von E-Mail-Konten im Ruhezustand mit Zero-Access-Verschlüsselung.
-- Exportmöglichkeit als [Mbox](https://de.wikipedia.org/wiki/Mbox) oder individuelle .eml mit [RFC5322-Standard](https://datatracker.ietf.org/doc/rfc5322).
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Erlaubt es dem Nutzer, seinen eigenen [Domainnamen](https://de.wikipedia.org/wiki/Domain_(Internet)) zu verwenden. Benutzerdefinierte Domänennamen sind für die Nutzer wichtig, da du so deine Identität von dem Dienst fernhalten kannst, falls dieser sich als schlecht erweist oder von einem anderen Unternehmen übernommen wird, bei dem der Datenschutz keine Rolle spielt.
- Arbeitet auf einer eigenen Infrastruktur, d.h. nicht auf der eines Drittanbieters von E-Mail-Diensten.
diff --git a/i18n/de/encryption.md b/i18n/de/encryption.md
index 56017328..aeadfa78 100644
--- a/i18n/de/encryption.md
+++ b/i18n/de/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt ist eine Fork des eingestellten TrueCrypt-Projekts. Nach Angaben der E
Beim Verschlüsseln mit VeraCrypt hast du die Möglichkeit, zwischen verschiedenen [Hash-Funktionen](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme) zu wählen. Wir empfehlen dir **nur** [SHA-512](https://en.wikipedia.org/wiki/SHA-512) auszuwählen und beim [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-Blockchiffre zu bleiben.
-Truecrypt wurde bereits [mehrfach geprüft](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), und auch VeraCrypt wurde einem [separaten Audit](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit) unterzogen.
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Sichere die Datei `BitLocker-Recovery-Key.txt` auf deinem Desktop auf einem sepa
{ align=right }
-**FileVault** ist die in macOS eingebaute "on-the-fly"-Verschlüsselungslösung. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** ist die in macOS eingebaute "on-the-fly"-Verschlüsselungslösung. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Dokumentation" }
diff --git a/i18n/de/file-sharing.md b/i18n/de/file-sharing.md
index dc58d73d..7ac062c2 100644
--- a/i18n/de/file-sharing.md
+++ b/i18n/de/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/de/frontends.md b/i18n/de/frontends.md
index 8a78ff5a..c0428d53 100644
--- a/i18n/de/frontends.md
+++ b/i18n/de/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/de/index.md b/i18n/de/index.md
index 1093b6df..57aebccb 100644
--- a/i18n/de/index.md
+++ b/i18n/de/index.md
@@ -91,7 +91,7 @@ Der Versuch, alle deine Daten ständig vor allen zu schützen, ist unpraktisch,
---
- Proton Mail ist ein E-Mail-Dienst mit einem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit 2013 in Betrieb. Die Proton AG hat ihren Sitz in Genf, Schweiz. Der Proton Mail Free Tarif beinhaltet 500 MB Mailspeicher, den du kostenlos auf bis zu 1 GB erweitern kannst.
+ Proton Mail ist ein E-Mail-Dienst mit einem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit 2013 in Betrieb. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Lese die vollständige Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Der Versuch, alle deine Daten ständig vor allen zu schützen, ist unpraktisch,
---
- Mailbox.org ist ein E-Mail-Dienst, mit dem Ziel sicher und werbefrei zu sein und der mit 100% Ökostrum betrieben wird. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Konten beginnen mit 2 GB Speicherplatz, der nach Bedarf erweitert werden kann.
+ Mailbox.org ist ein E-Mail-Dienst, mit dem Ziel sicher und werbefrei zu sein und der mit 100% Ökostrum betrieben wird. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Lese die vollständige Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Der Versuch, alle deine Daten ständig vor allen zu schützen, ist unpraktisch,
---
- Tuta (ehemals *Tutanota*) ist ein E-Mail-Dienst mit einem Fokus auf Sicherheit und Datenschutz durch Verschlüsselung. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Kostenlose Konten beginnen mit 1 GB Speicherplatz.
+ Tuta (ehemals *Tutanota*) ist ein E-Mail-Dienst mit einem Fokus auf Sicherheit und Datenschutz durch Verschlüsselung. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Lese die vollständige Review](email.md#tuta)
@@ -172,7 +172,7 @@ Bekannt aus **WIRED**, **Tweakers.net**, **The New York Times** und vielen ander
## Was sind Datenschutz-Tools?
-Wir empfehlen eine breite Palette von **Datenschutz/Privatsphäre-Tools** (auch bekannt als *Privatsphäre-Apps*, *Privatsphäre-Dienstprogramme*, *Privatsphäre-Software*), die Software und Hardware umfassen, die du zur Verbesserung deiner Privatsphäre einsetzen kannst. Viele der von uns empfohlenen Tools sind völlig kostenlos und Open-Source-Software, während einige kommerzielle Dienste zum Kauf angeboten werden. Das Wechseln von gängiger datenhungriger Software wie Google Chrome und Windows auf datenschutzfreundliche Werkzeuge wie [Brave](Desktop-Browser.md#brave) und [Linux](desktop.md) können viel dazu beitragen, die Informationen, die du an Unternehmen und andere weitergibst, zu kontrollieren.
+Wir empfehlen eine breite Palette von **Datenschutz/Privatsphäre-Tools** (auch bekannt als *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Viele der von uns empfohlenen Tools sind völlig kostenlos und Open-Source-Software, während einige kommerzielle Dienste zum Kauf angeboten werden. Das Wechseln von gängiger datenhungriger Software wie Google Chrome und Windows auf datenschutzfreundliche Werkzeuge wie [Brave](Desktop-Browser.md#brave) und [Linux](desktop.md) können viel dazu beitragen, die Informationen, die du an Unternehmen und andere weitergibst, zu kontrollieren.
[:material-check-all: Unsere Standardkriterien](about/criteria.md){ class="md-button" }
diff --git a/i18n/de/meta/brand.md b/i18n/de/meta/brand.md
index 02588681..4aeaf48c 100644
--- a/i18n/de/meta/brand.md
+++ b/i18n/de/meta/brand.md
@@ -12,7 +12,7 @@ Der Name der Website lautet **Privacy Guides** und sollte **nicht** geändert we
- PG.org
-Der Name des Subreddits lautet **r/PrivacyGuides** oder **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Weitere Branding-Richtlinien können unter [github.com/privacyguides/brand](https://github.com/privacyguides/brand) gefunden werden
diff --git a/i18n/de/meta/translations.md b/i18n/de/meta/translations.md
index cff26e40..e8a5b294 100644
--- a/i18n/de/meta/translations.md
+++ b/i18n/de/meta/translations.md
@@ -27,8 +27,8 @@ Bei Beispielen wie den obigen Admonitions müssen Anführungszeichen, z. B.: `"
## Alternativen in voller Breite und Markdown-Syntax
-CJK Schreibsysteme neigen dazu, alternative "Vollbreite"-Varianten von gängigen Symbolen zu verwenden. Dies sind unterschiedliche Zeichen und können nicht für die Markdown-Syntax verwendet werden.
+CJK Schreibsysteme neigen dazu, alternative "Vollbreite"-Varianten von gängigen Symbolen zu verwenden. These are different characters and cannot be used for Markdown syntax.
-- Links müssen reguläre Klammern verwenden, d. h. `(` (Linke Parenthese U+0028) und `)` (Rechte Parenthese U+0029) und nicht `(` (Linke Parenthese in voller Breite U+FF08) oder `)` (volle Breite der rechten Klammer U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Eingerückter Text in Anführungszeichen muss `:` (Doppelpunkt U+003A) und nicht `:` (Doppelpunkt mit voller Breite U+FF1A) verwenden
- Bilder müssen `!` (Ausrufezeichen U+0021) und nicht `!` (Ausrufezeichen in voller Breite U+FF01) verwenden
diff --git a/i18n/de/meta/uploading-images.md b/i18n/de/meta/uploading-images.md
index 222d9af4..ffd3595d 100644
--- a/i18n/de/meta/uploading-images.md
+++ b/i18n/de/meta/uploading-images.md
@@ -48,7 +48,7 @@ In der **SVG-Ausgabe** Registerkarte unter **Dokumenteinstellungen**:
- [ ] Ausschalten **XML-Deklaration entfernen**
- [x] Einschalten **Metadaten entfernen**
- [x] Einschalten **Kommentare entfernen**
-- [x] Einschalten **Rasterbilder einbetten**
+- [x] Turn on **Embedded raster images**
- [x] Einschalten **Viewbox aktivieren**
In der **SVG-Ausgabe** Registerkarte unter **Formatierung**:
diff --git a/i18n/de/meta/writing-style.md b/i18n/de/meta/writing-style.md
index 24457478..a2eb1e9d 100644
--- a/i18n/de/meta/writing-style.md
+++ b/i18n/de/meta/writing-style.md
@@ -64,7 +64,7 @@ Wir sollten versuchen, Abkürzungen so weit wie möglich zu vermeiden, aber Tech
## Prägnant sein
-> Unnötige Worte verschwenden die Zeit deines Publikums. Gutes Schreiben ist wie ein Gespräch. Lass Informationen weg, die das Publikum nicht wissen muss. Als Fachexperte kann dies schwierig sein, daher ist es wichtig, dass jemand die Informationen aus der Perspektive des Publikums betrachtet.
+> Unnötige Worte verschwenden die Zeit deines Publikums. Gutes Schreiben ist wie ein Gespräch. Lass Informationen weg, die das Publikum nicht wissen muss. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/de/mobile-browsers.md b/i18n/de/mobile-browsers.md
index ad008a66..d3c82bfb 100644
--- a/i18n/de/mobile-browsers.md
+++ b/i18n/de/mobile-browsers.md
@@ -247,7 +247,7 @@ Dadurch wird verhindert, dass ungewollt eine Verbindung zu einer Website mit ein
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** ist der Standard-Browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** ist der Standard-Browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Die Funktion hat an sich wenig Datenschutzbedenken. Du kannst sie zwar aktiviert
- [x] Wähle **Privat**
-Der Modus "Privates Surfen" von Safari bietet zusätzlichen Schutz für die Privatsphäre. Private Browsing verwendet eine neue [kurzlebige](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) Sitzung für jedn Tab, was bedeutet, dass die Tabs voneinander isoliert sind. Private Browsing bietet noch weitere kleinere Vorteile für den Datenschutz, z. B. wird die Adresse einer Webseite nicht an Apple gesendet, wenn die Übersetzungsfunktion von Safari verwendet wird.
+Der Modus "Privates Surfen" von Safari bietet zusätzlichen Schutz für die Privatsphäre. Private Browsing verwendet eine neue [kurzlebige](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) Sitzung für jedn Tab, was bedeutet, dass die Tabs voneinander isoliert sind. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Beachte, dass Private Browsing keine Cookies und Website-Daten speichert, sodass es nicht möglich ist, auf Websites angemeldet zu bleiben. Dies kann zu Unannehmlichkeiten führen.
diff --git a/i18n/de/multi-factor-authentication.md b/i18n/de/multi-factor-authentication.md
index 0e0d0b5b..5f0712c2 100644
--- a/i18n/de/multi-factor-authentication.md
+++ b/i18n/de/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Faktor-Authentifizierung"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: Diese Tools helfen dir, deine Konten mit Multi-Faktor-Authentifizierung zu sichern, ohne deine Geheimnisse an Dritte weiterzugeben.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/de/notebooks.md b/i18n/de/notebooks.md
index ffa3fd03..ba27fb69 100644
--- a/i18n/de/notebooks.md
+++ b/i18n/de/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Diensteanbieter](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md
index 82e4deca..0c11d4f9 100644
--- a/i18n/de/os/android-overview.md
+++ b/i18n/de/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Anmerkung
-Datenschutzfreundliche Anwendungen wie [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) können einige Tracker wie [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49) anzeigen. Diese Bibliothek enthält [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging), das [Push-Benachrichtigungen](https://en.wikipedia.org/wiki/Push_technology) in Anwendungen bereitstellen kann. Dies [ist der Fall](https://fosstodon.org/@bitwarden/109636825700482007) bei Bitwarden. Das bedeutet nicht, dass Bitwarden alle von Google Firebase Analytics bereitgestellten Analysefunktionen nutzt.
+Datenschutzfreundliche Anwendungen wie [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) können einige Tracker wie [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49) anzeigen. Diese Bibliothek enthält [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging), das [Push-Benachrichtigungen](https://en.wikipedia.org/wiki/Push_technology) in Anwendungen bereitstellen kann. Dies [ist der Fall](https://fosstodon.org/@bitwarden/109636825700482007) bei Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Kill-Switch
+### VPN kill switch
Android 7 und höher unterstützt einen VPN-Kill-Switch, der ohne die Installation von Drittanbieter-Apps verfügbar ist. Diese Funktion kann Leaks verhindern, wenn die VPN-Verbindung unterbrochen wird. Du findest sie unter :gear: **Einstellungen** → **Netzwerk & Internet** → **VPN** → :gear: → **Verbindungen ohne VPN blockieren**.
@@ -124,7 +124,7 @@ Moderne Android-Geräte haben globale Schalter zum Deaktivieren von Bluetooth un
## Google-Dienste
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/de/os/ios-overview.md b/i18n/de/os/ios-overview.md
index 3d67c831..d736759b 100644
--- a/i18n/de/os/ios-overview.md
+++ b/i18n/de/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/de/os/linux-overview.md b/i18n/de/os/linux-overview.md
index 269b13eb..00c463df 100644
--- a/i18n/de/os/linux-overview.md
+++ b/i18n/de/os/linux-overview.md
@@ -10,9 +10,9 @@ Auf unserer Website wird der Begriff "Linux" im Allgemeinen zur Beschreibung von
[Unsere Linux-Empfehlungen :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Hinweise zum Datenschutz
+## Security Notes
-Es gibt einige Datenschutzprobleme bei Linux, die Sie beachten sollten. Trotz dieser Nachteile sind Desktop-Linux-Distributionen immer noch großartig für die meisten Menschen, die:
+There are some notable security concerns with Linux which you should be aware of. Trotz dieser Nachteile sind Desktop-Linux-Distributionen immer noch großartig für die meisten Menschen, die:
- Telemetrie vermeiden wollen, die oft mit proprietären Betriebssystemen einhergeht
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/de/os/macos-overview.md b/i18n/de/os/macos-overview.md
index a8a58087..e368519e 100644
--- a/i18n/de/os/macos-overview.md
+++ b/i18n/de/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Quellen
diff --git a/i18n/de/os/windows/group-policies.md b/i18n/de/os/windows/group-policies.md
index 7403d954..bf8d1981 100644
--- a/i18n/de/os/windows/group-policies.md
+++ b/i18n/de/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/de/os/windows/index.md b/i18n/de/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/de/os/windows/index.md
+++ b/i18n/de/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/de/passwords.md b/i18n/de/passwords.md
index 7ecb95cf..3adf025b 100644
--- a/i18n/de/passwords.md
+++ b/i18n/de/passwords.md
@@ -228,7 +228,7 @@ Der serverseitige Code von Bitwarden ist [quelloffen](https://github.com/bitward
Mit der Übernahme von SimpleLogin im April 2022 bietet Proton eine "Hide-My-Email"-Funktion an, mit der du 10 Aliase (kostenloser Plan) oder unbegrenzte Aliase (kostenpflichtige Pläne) erstellen kannst.
-Die mobilen Anwendungen und die Browsererweiterung von Proton Pass wurden im Mai und Juni 2023 von Cure53 geprüft. Das Sicherheitsanalyseunternehmen kam zu dem Schluss:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. Das Sicherheitsanalyseunternehmen kam zu dem Schluss:
> Proton Pass Apps und Komponenten hinterlassen einen recht positiven Eindruck in Sachen Sicherheit.
@@ -325,9 +325,9 @@ Mit diesen Optionen kannst du eine verschlüsselte Kennwortdatenbank lokal verwa
-{ align=right }
+{ align=right }
-**KeePassXC** ist ein Community-Fork von KeePassX, einer nativen, plattformübergreifenden Portierung von KeePass Password Safe, mit dem Ziel, es mit neuen Funktionen und Fehlerbehebungen zu erweitern und zu verbessern, um einen funktionsreichen, plattformübergreifenden und modernen Open-Source-Passwortmanager anzubieten.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -355,9 +355,9 @@ KeePassXC speichert seine Exportdaten als [CSV-Dateien](https://en.wikipedia.org
-{ align=right }
+{ align=right }
-**KeePassDX** ist ein leichtgewichtiger Passwort-Manager für Android; er ermöglicht die Bearbeitung verschlüsselter Daten in einer einzigen Datei im KeePass-Format und kann Formulare auf sichere Weise ausfüllen. Die [Pro-Version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) der App ermöglicht es dir, kosmetische Inhalte und nicht standardmäßige Protokollfunktionen freizuschalten, aber noch wichtiger ist, dass sie die Entwicklung unterstützt und fördert.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. Die [Pro-Version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) der App ermöglicht es dir, kosmetische Inhalte und nicht standardmäßige Protokollfunktionen freizuschalten, aber noch wichtiger ist, dass sie die Entwicklung unterstützt und fördert.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/de/photo-management.md b/i18n/de/photo-management.md
index e9607e4d..79dc04ca 100644
--- a/i18n/de/photo-management.md
+++ b/i18n/de/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/de/real-time-communication.md b/i18n/de/real-time-communication.md
index 001be695..a8a40b2a 100644
--- a/i18n/de/real-time-communication.md
+++ b/i18n/de/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> Das allgemeine Sicherheitsniveau dieser Anwendung ist gut und macht sie für Menschen, die sich um ihre Privatsphäre sorgen, nutzbar.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Kriterien
diff --git a/i18n/de/router.md b/i18n/de/router.md
index 747eaba5..a8a192df 100644
--- a/i18n/de/router.md
+++ b/i18n/de/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt* ist ein auf Linux basierendes Betriebssystem; es wird primär auf eingebetteten Geräten zum Weiterleiten des Netzwerkverkehrs genutzt. Es enthält util-linux, uClib und BusyBox. Alle Komponenten sind für Heim-Router optimiert.
+**OpenWrt* ist ein auf Linux basierendes Betriebssystem; es wird primär auf eingebetteten Geräten zum Weiterleiten des Netzwerkverkehrs genutzt. Es enthält util-linux, uClib und BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Hauptseite](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Dokumentation}
diff --git a/i18n/de/security-keys.md b/i18n/de/security-keys.md
index aa73dc27..8eff1263 100644
--- a/i18n/de/security-keys.md
+++ b/i18n/de/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Angriffe](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/de/tools.md b/i18n/de/tools.md
index e3a9e8fc..d5f74f4d 100644
--- a/i18n/de/tools.md
+++ b/i18n/de/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. Sie sind seit 2013 in Betrieb. Die Proton AG hat ihren Sitz in Genf, Schweiz. Der Proton Mail Free Tarif beinhaltet 500 MB Mailspeicher, den du kostenlos auf bis zu 1 GB erweitern kannst.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. Sie sind seit 2013 in Betrieb. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Konten beginnen mit 2 GB Speicherplatz, der nach Bedarf erweitert werden kann.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Er wird seit 2014 betrieben. Mailbox.org hat seinen Sitz in Berlin, Deutschland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Kostenlose Konten beginnen mit 1 GB Speicherplatz.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta ist seit 2011 in Betrieb und hat seinen Sitz in Hannover, Deutschland. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/de/tor.md b/i18n/de/tor.md
index f6b9b588..c03bc8e6 100644
--- a/i18n/de/tor.md
+++ b/i18n/de/tor.md
@@ -44,7 +44,7 @@ Es gibt eine Vielzahl von Möglichkeiten, sich von deinem Gerät aus mit dem Tor
Einige dieser Anwendungen sind besser als andere, und auch hier hängt die Entscheidung von deinem Bedrohungsmodell ab. Wenn du ein gelegentlicher Tor-Benutzer bist, der sich keine Sorgen darüber macht, dass dein Internetanbieter Beweise gegen dich sammelt, ist es wahrscheinlich in Ordnung, Anwendungen wie [Orbot](#orbot) oder mobile Browseranwendungen zu benutzen, um auf das Tor-Netzwerk zuzugreifen. Wenn mehr Menschen regelmäßig Tor nutzen, hilft das, das schlechte Stigma von Tor zu verringern und senkt zudem die Qualität der "Listen von Tor-Nutzern", die ISPs und Regierungen erstellen können.
-Wenn du Wert auf vollständige Anonymität legst, solltest du **ausschließlich** den Tor-Browser-Client verwenden, idealerweise in einer Kombination aus [Whonix](desktop.md#whonix) und [Qubes](desktop.md#qubes-os). Mobile Browser sind bei Tor weniger verbreitet (daher mehr anfällig für Fingerprinting). Außerdem sind diese Konfigurationen nicht so gründlich gegen Deanonymisierung getestet.
+Wenn du Wert auf vollständige Anonymität legst, solltest du **ausschließlich** den Tor-Browser-Client verwenden, idealerweise in einer Kombination aus [Whonix](desktop.md#whonix) und [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ Wir haben bereits empfohlen, die Einstellung *Isolate Destination Address* in de
Tipps für Android
-Orbot kann einzelne Anwendungen proxyen, wenn diese SOCKS oder HTTP-Proxys unterstützen. Es kann auch alle Ihre Netzwerkverbindungen mit [VpnService](https://developer.android.com/reference/android/net/VpnService) proxyen und kann mit dem VPN-Killswitch in :gear: **Einstellungen** → **Netzwerk & Internet** → **VPN** → :gear: → **Verbindungen ohne VPN** blockieren.
+Orbot kann einzelne Anwendungen proxyen, wenn diese SOCKS oder HTTP-Proxys unterstützen. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot ist auf dem [F-Droid Repository](https://guardianproject.info/fdroid) des Guardian Projects und [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) oft veraltet, daher solltest du den Download direkt vom [GitHub Repository](https://github.com/guardianproject/orbot/releases) in Betracht ziehen.
-Alle Versionen sind mit der gleichen Signatur versehen, sodass sie miteinander kompatibel sein sollten.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/de/vpn.md b/i18n/de/vpn.md
index 0c17a0a9..1cbd87ee 100644
--- a/i18n/de/vpn.md
+++ b/i18n/de/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN-Anbieter Empfehlungen und Vergleiche, kein Sponsoring und keine Werbung - Privacy Guides"
title: "VPN Anbieter"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Hier findest du einen Anbieter, der nicht darauf aus ist, dich auszuspionieren.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Portweiterleitung
-Proton VPN unterstützt derzeit nur vorrübergehende [Remote-Port-Weiterleitung](https://protonvpn.com/support/port-forwarding) über NAT-PMP, mit 60 Sekunden Bestandszeit. Die Windows-App bietet eine leicht zugängliche Option dafür, während du auf anderen Betriebssystemen deinen eigenen [NAT-PMP-Client](https://protonvpn.com/support/port-forwarding-manual-setup) ausführen musst. Torrent-Anwendungen unterstützen oft NAT-PMP von Haus aus.
+Proton VPN unterstützt derzeit nur vorrübergehende [Remote-Port-Weiterleitung](https://protonvpn.com/support/port-forwarding) über NAT-PMP, mit 60 Sekunden Bestandszeit. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent-Anwendungen unterstützen oft NAT-PMP von Haus aus.
#### :material-information-outline:{ .pg-blue } Anti-Zensur
-Proton VPN hat sein [Stealth-Protokoll](https://protonvpn.com/blog/stealth-vpn-protocol), das in Situationen helfen *kann*, in denen VPN-Protokolle wie OpenVPN oder Wireguard mit verschiedenen, rudimentären Techniken blockiert werden. Stealth kapselt den VPN-Tunnel in eine TLS-Sitzung ein, damit er mehr wie normaler Internetverkehr aussieht.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth kapselt den VPN-Tunnel in eine TLS-Sitzung ein, damit er mehr wie normaler Internetverkehr aussieht.
Leider funktioniert das nicht sehr gut in Ländern, in denen ausgeklügelte Filter eingesetzt werden, die den gesamten ausgehenden Datenverkehr analysieren und versuchen, verschlüsselte Tunnel zu entdecken. Stealth ist für Android, iOS, Windows und macOS verfügbar, aber noch nicht für Linux.
@@ -113,11 +113,11 @@ Neben der Bereitstellung von Standard-OpenVPN-Konfigurationsdateien bietet Proto
#### :material-information-outline:{ .pg-blue } Zusätzliche Hinweise
-Proton VPN Clients unterstützen Zwei-Faktor-Authentisierung auf allen Plattformen. Proton VPN hat eigene Server und Rechenzentren in der Schweiz, Island und Schweden. Sie bieten mit ihrem DNS-Dienst die Blockierung von Inhalten und bekannter Malware an. Darüber hinaus bietet Proton VPN auch "Tor"-Server an, die es dir ermöglichen, sich problemlos mit Onion-Seiten zu verbinden. Wir empfehlen jedoch dringend, zu diesem Zweck [den offiziellen Tor-Browser](tor.md#tor-browser) zu verwenden.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN hat eigene Server und Rechenzentren in der Schweiz, Island und Schweden. Sie bieten mit ihrem DNS-Dienst die Blockierung von Inhalten und bekannter Malware an. Darüber hinaus bietet Proton VPN auch "Tor"-Server an, die es dir ermöglichen, sich problemlos mit Onion-Seiten zu verbinden. Wir empfehlen jedoch dringend, zu diesem Zweck [den offiziellen Tor-Browser](tor.md#tor-browser) zu verwenden.
-##### :material-alert-outline:{ .pg-orange } Die Killswitch-Funktion ist auf Intel-basierten Macs defekt
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-Systemabstürze [können](https://protonvpn.com/support/macos-t2-chip-kill-switch) auf Intel-basierten Macs auftreten, wenn der VPN-Killswitch verwendet wird. Wenn du diese Funktion benötigst und einen Mac mit Intel-Chipsatz verwendest, solltest du einen anderen VPN-Dienst nutzen.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Wenn du diese Funktion benötigst und einen Mac mit Intel-Chipsatz verwendest, solltest du einen anderen VPN-Dienst nutzen.
### IVPN
@@ -183,7 +183,7 @@ IVPN unterstützte früher die Portweiterleitung, entfernte diese Option aber im
#### :material-check:{ .pg-green } Anti-Zensur
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Derzeit ist diese Funktion nur auf Desktop und [iOS](https://ivpn.net/knowledgebase/ios/v2ray) verfügbar. Sie verfügt über zwei Modi, in denen man [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) über QUIC- oder TCP-Verbindungen nutzen kann. QUIC ist ein modernes Protokoll mit besserer Staukontrolle und kann daher schneller sein und geringere Latenzzeiten aufweisen. Der TCP-Modus lässt deine Daten als normalen HTTP-Verkehr erscheinen.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Sie verfügt über zwei Modi, in denen man [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) über QUIC- oder TCP-Verbindungen nutzen kann. QUIC ist ein modernes Protokoll mit besserer Staukontrolle und kann daher schneller sein und geringere Latenzzeiten aufweisen. Der TCP-Modus lässt deine Daten als normalen HTTP-Verkehr erscheinen.
#### :material-check:{ .pg-green } Mobile Anwendungen
@@ -191,7 +191,7 @@ Zusätzlich zu den Standard-OpenVPN-Konfigurationsdateien bietet IVPN mobile Cli
#### :material-information-outline:{ .pg-blue } Zusätzliche Hinweise
-IVPN-Clients unterstützen die Zwei-Faktor-Authentisierung. IVPN bietet auch die Funktion "[AntiTracker](https://ivpn.net/antitracker)", die Werbenetzwerke und Tracker auf der Netzwerkebene blockiert.
+IVPN clients support two-factor authentication. IVPN bietet auch die Funktion "[AntiTracker](https://ivpn.net/antitracker)", die Werbenetzwerke und Tracker auf der Netzwerkebene blockiert.
### Mullvad
@@ -199,7 +199,7 @@ IVPN-Clients unterstützen die Zwei-Faktor-Authentisierung. IVPN bietet auch die
{ align=right }
-**Mullvad** ist ein schnelles und preiswertes VPN mit einem ernsthaften Fokus auf Transparenz und Sicherheit. Sie sind seit 2009 in Betrieb. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** ist ein schnelles und preiswertes VPN mit einem ernsthaften Fokus auf Transparenz und Sicherheit. Sie sind seit 2009 in Betrieb. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net/de){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Dienst" }
@@ -260,7 +260,7 @@ Mullvad unterstützte früher die Portweiterleitung, entfernte diese Option jedo
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Es ist wichtig zu wissen, dass die Nutzung eines VPN-Anbieters dich nicht anonym
### Technologie
-Wir setzen von allen von uns empfohlenen VPN-Anbietern voraus, dass sie OpenVPN-Konfigurationsdateien zur Verfügung stellen, die in jedem Client verwendet werden können. **Wenn** ein eigener VPN-Client bereitstellt wird, benötigt er einen Killswitch, um Datenlecks im Netzwerk zu blockieren, wenn die Verbindung getrennt wird.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Mindestvoraussetzung um zu qualifizieren:**
-- Unterstützung von starken Protokollen wie WireGuard & OpenVPN.
-- Notaus ist in den Clients integriert.
-- Multihop-Unterstützung. Multihopping ist wichtig, um Daten im Falle einer Kompromittierung eines einzelnen Knotens geheim zu halten.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- Wenn VPN-Clients zur Verfügung gestellt werden, sollten sie [Open Source](https://de.wikipedia.org/wiki/Open_Source)sein, wie die VPN-Software, die in der Regel in sie integriert ist. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Im besten Fall:**
-- Notaus mit hochgradig konfigurierbaren Optionen (Aktivierung/Deaktivierung in bestimmten Netzen, beim Booten usw.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Einfach zu bedienende VPN-Clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Wir erwarten, dass die Server eingehende Verbindungen über IPv6 zulassen und dir den Zugang zu Diensten ermöglichen, die auf IPv6-Adressen gehostet werden.
- Die Möglichkeit der [Remote-Port-Weiterleitung](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) hilft bei der Herstellung von Verbindungen bei der Verwendung von P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) Dateitauschbörsen-Software zum Austausch von Dateien oder zum Hosten eines Servers (z. B. Mumble).
@@ -316,11 +316,11 @@ Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wi
**Im besten Fall:**
- Akzeptiert mehrere [anonyme Zahlungsmöglichkeiten](advanced/payments.md).
-- Es werden keine persönlichen Informationen akzeptiert (automatisch generierter Benutzername, keine E-Mail erforderlich, usw.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Sicherheit
-Ein VPN ist sinnlos, wenn es nicht einmal angemessene Sicherheit bieten kann. Wir setzen für all von uns empfohlenen Anbietern voraus, dass sie die aktuellen Sicherheitsstandards für ihre OpenVPN-Verbindungen einhalten. Idealerweise würden sie standardmäßig zukunftssichere Verschlüsselungsverfahren verwenden. Wir setzen auch voraus, dass ein unabhängiger Dritter die Sicherheit des Anbieters überprüft, idealerweise sehr umfassend und wiederholt (jährlich).
+Ein VPN ist sinnlos, wenn es nicht einmal angemessene Sicherheit bieten kann. We require all our recommended providers to abide by current security standards. Idealerweise würden sie standardmäßig zukunftssichere Verschlüsselungsverfahren verwenden. Wir setzen auch voraus, dass ein unabhängiger Dritter die Sicherheit des Anbieters überprüft, idealerweise sehr umfassend und wiederholt (jährlich).
**Mindestvoraussetzung um zu qualifizieren:**
@@ -358,7 +358,7 @@ Bei den von uns empfohlenen VPN-Anbietern legen wir Wert auf ein verantwortungsv
**Mindestvoraussetzung um zu qualifizieren:**
-- Sie müssen die Analysen selbst hosten (d. h. kein Google Analytics). Die Website des Anbieters muss auch die Anforderungen von [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) für Personen erfüllen, die das möchten.
+- Sie müssen die Analysen selbst hosten (d. h. kein Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Es darf kein Marketing geben, das unverantwortlich ist:
diff --git a/i18n/el/about.md b/i18n/el/about.md
index a7032f69..d40338e3 100644
--- a/i18n/el/about.md
+++ b/i18n/el/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/el/about/contributors.md b/i18n/el/about/contributors.md
index 1e2ea88f..f590c8c8 100644
--- a/i18n/el/about/contributors.md
+++ b/i18n/el/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-Το παρόν έργο ακολουθεί την προδιαγραφή [all-contributors](https://github.com/all-contributors/all-contributors). Συνεισφορές **οποιουδήποτε** είδους είναι ευπρόσδεκτες να προστεθούν στη [λίστα αυτή](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), συμπεριλαμβανομένων συνεισφορών στο Privacy Guides εκτός αυτού του αποθετηρίου και συνεισφορών που δεν σχετίζονται με το περιεχόμενο (όπως η ανταλλαγή ιδεών του Privacy Guides, η προώθηση του έργου, η απάντηση σε ερωτήσεις στο forum, κτλ).
+Το παρόν έργο ακολουθεί την προδιαγραφή [all-contributors](https://github.com/all-contributors/all-contributors). Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/el/about/criteria.md b/i18n/el/about/criteria.md
index 9e5afe48..4aa4c081 100644
--- a/i18n/el/about/criteria.md
+++ b/i18n/el/about/criteria.md
@@ -24,7 +24,7 @@ description: A list of general priorities we consider for all submissions to Pri
- Πρέπει να γνωστοποιήσετε τη σχέση σας, δηλαδή τη θέση σας στο πλαίσιο του υποβαλλόμενου έργου.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Εάν είναι δυνατόν, αναφέρετε ποιος θα διενεργήσει τον έλεγχο.
- Πρέπει να εξηγήσει τι προσφέρει το έργο όσον αφορά την προστασία της ιδιωτικότητας.
diff --git a/i18n/el/about/executive-policy.md b/i18n/el/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/el/about/executive-policy.md
+++ b/i18n/el/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/el/about/notices.md b/i18n/el/about/notices.md
index a8ce0324..2de94cb4 100644
--- a/i18n/el/about/notices.md
+++ b/i18n/el/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* Η γραμματοσειρά [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) που χρησιμοποιείται για το μεγαλύτερο μέρος του κειμένου στον ιστότοπο έχει αδειοδοτηθεί σύμφωνα με τους όρους που περιγράφονται [εδώ](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* Η γραμματοσειρά [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) που χρησιμοποιείται για το μονοδιάστιχο κείμενο στον ιστότοπο έχει άδεια χρήσης σύμφωνα με την [Άδεια χρήσης ανοικτών γραμματοσειρών SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. Με λίγα λόγια, το νομικό [δόγμα της δίκαιης χρήσης](https://copyright.gov/fair-use/more-info.html) επιτρέπει τη χρήση εικόνων που προστατεύονται από πνευματικά δικαιώματα προκειμένου να προσδιοριστεί το θέμα για σκοπούς δημόσιου σχολιασμού. Ωστόσο, αυτά τα λογότυπα και άλλες εικόνες ενδέχεται να εξακολουθούν να υπόκεινται στους νόμους περί εμπορικών σημάτων σε ένα ή περισσότερα νομικά καθεστώτα. Πριν από τη χρήση αυτού του περιεχομένου, βεβαιωθείτε ότι χρησιμοποιείτε για την αναγνώριση της οντότητας ή του οργανισμού που είναι κάτοχος του εμπορικού σήματος και ότι έχετε το δικαίωμα να το χρησιμοποιήσετε σύμφωνα με τους νόμους που ισχύουν στις περιστάσεις της σκοπούμενης χρήσης σας. *Όταν αντιγράφετε περιεχόμενο από αυτόν τον ιστότοπο, είστε αποκλειστικά υπεύθυνοι να διασφαλίσετε ότι δεν παραβιάζετε το εμπορικό σήμα ή τα πνευματικά δικαιώματα κάποιου άλλου.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Ωστόσο, αυτά τα λογότυπα και άλλες εικόνες ενδέχεται να εξακολουθούν να υπόκεινται στους νόμους περί εμπορικών σημάτων σε ένα ή περισσότερα νομικά καθεστώτα. Πριν από τη χρήση αυτού του περιεχομένου, βεβαιωθείτε ότι χρησιμοποιείτε για την αναγνώριση της οντότητας ή του οργανισμού που είναι κάτοχος του εμπορικού σήματος και ότι έχετε το δικαίωμα να το χρησιμοποιήσετε σύμφωνα με τους νόμους που ισχύουν στις περιστάσεις της σκοπούμενης χρήσης σας. *Όταν αντιγράφετε περιεχόμενο από αυτόν τον ιστότοπο, είστε αποκλειστικά υπεύθυνοι να διασφαλίσετε ότι δεν παραβιάζετε το εμπορικό σήμα ή τα πνευματικά δικαιώματα κάποιου άλλου.*
Όταν συνεισφέρετε στον ιστότοπό μας, το κάνετε με βάση τις παραπάνω άδειες και παραχωρείτε στους Privacy Guides μια διαρκή, παγκόσμια, μη αποκλειστική, μεταβιβάσιμη, χωρίς δικαιώματα, αμετάκλητη άδεια με το δικαίωμα να παραχωρείτε τα δικαιώματα αυτά με υποαδειοδότηση μέσω πολλαπλών βαθμίδων υποαδειούχων, για την αναπαραγωγή, τροποποίηση, προβολή, εκτέλεση και διανομή της συνεισφοράς σας ως μέρος του έργου μας.
diff --git a/i18n/el/about/privacytools.md b/i18n/el/about/privacytools.md
index 134765f3..0ce71158 100644
--- a/i18n/el/about/privacytools.md
+++ b/i18n/el/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/el/about/statistics.md b/i18n/el/about/statistics.md
index e336f1f2..bf92ddaf 100644
--- a/i18n/el/about/statistics.md
+++ b/i18n/el/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
Με αυτή τη διαδικασία:
-- Οι πληροφορίες σας δεν κοινοποιούνται ποτέ σε τρίτους, παραμένουν σε διακομιστές που ελέγχουμε εμείς.
+- Your information is never shared with a third party, it stays on servers we control
- Τα προσωπικά σας δεδομένα δεν αποθηκεύονται ποτέ, συλλέγουμε δεδομένα μόνο συγκεντρωτικά.
- No client-side JavaScript is used
diff --git a/i18n/el/advanced/communication-network-types.md b/i18n/el/advanced/communication-network-types.md
index 7fd86933..0e559e21 100644
--- a/i18n/el/advanced/communication-network-types.md
+++ b/i18n/el/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/el/advanced/dns-overview.md b/i18n/el/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/el/advanced/dns-overview.md
+++ b/i18n/el/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/el/advanced/tor-overview.md b/i18n/el/advanced/tor-overview.md
index d5f9d9f6..3da40545 100644
--- a/i18n/el/advanced/tor-overview.md
+++ b/i18n/el/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/el/ai-chat.md b/i18n/el/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/el/ai-chat.md
+++ b/i18n/el/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/el/alternative-networks.md b/i18n/el/alternative-networks.md
index 6ea4b146..b28ac5b4 100644
--- a/i18n/el/alternative-networks.md
+++ b/i18n/el/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
Σημείωση
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/el/basics/account-creation.md b/i18n/el/basics/account-creation.md
index 6d846111..5dcc8a21 100644
--- a/i18n/el/basics/account-creation.md
+++ b/i18n/el/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/el/basics/account-deletion.md b/i18n/el/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/el/basics/account-deletion.md
+++ b/i18n/el/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/el/basics/common-misconceptions.md b/i18n/el/basics/common-misconceptions.md
index 9bfa3283..4fed8fa6 100644
--- a/i18n/el/basics/common-misconceptions.md
+++ b/i18n/el/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## « Το περίπλοκο είναι και καλύτερο»
-Συχνά βλέπουμε ανθρώπους να περιγράφουν μοντέλα απειλής της ιδιωτικότητας, που είναι υπερβολικά πολύπλοκα. Συχνά, αυτές οι λύσεις περιλαμβάνουν προβλήματα όπως πολλοί διαφορετικοί λογαριασμοί ηλεκτρονικού ταχυδρομείου ή περίπλοκες ρυθμίσεις με πολλά κινούμενα μέρη και συνθήκες. Οι απαντήσεις αποκρίνονται συνήθως στο ερώτημα "Ποιος είναι ο καλύτερος τρόπος για να κάνουμε *X*?"
+Συχνά βλέπουμε ανθρώπους να περιγράφουν μοντέλα απειλής της ιδιωτικότητας, που είναι υπερβολικά πολύπλοκα. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Οι απαντήσεις αποκρίνονται συνήθως στο ερώτημα "Ποιος είναι ο καλύτερος τρόπος για να κάνουμε *X*?"
Η εύρεση της «καλύτερης» λύσης για τον εαυτό σας δε σημαίνει απαραίτητα, ότι αναζητάτε μια αλάνθαστη λύση με δεκάδες συνθήκες - αυτές οι λύσεις είναι συχνά δύσκολο να εφαρμοστούν ρεαλιστικά. Όπως αναφέραμε προηγουμένως, η ασφάλεια συχνά έχει ως κόστος την ευκολία. Παρακάτω, παρέχουμε ορισμένες συμβουλές:
1. ==Οι ενέργειες πρέπει να εξυπηρετούν έναν συγκεκριμένο σκοπό:== Σκεφτείτε, πώς θα κάνετε αυτό που θέλετε, με τις λιγότερες δυνατές ενέργειες.
2. ==Αφαιρέστε τα σημεία ανθρώπινης αποτυχίας: == Αποτυγχάνουμε, κουραζόμαστε, και ξεχνάμε. Για να διατηρήσετε την ασφάλεια, αποφύγετε να βασίζεστε σε χειροκίνητες συνθήκες και διαδικασίες, που πρέπει να θυμάστε.
-3. ==Χρησιμοποιήστε το σωστό επίπεδο προστασίας για τους σκοπούς σας.== Συχνά βλέπουμε να προτείνονται οι λεγόμενες λύσεις των δυνάμεων ασφαλείας ή οι λύσεις, που καθιστούν αδύνατη την κλήτευση. Αυτές συχνά απαιτούν εξειδικευμένη γνώση και γενικά δεν είναι αυτό που επιθυμούν οι άνθρωποι. Δεν υπάρχει νόημα να δημιουργήσετε ένα περίπλοκο μοντέλο απειλών για την ανωνυμία, αν μπορείτε εύκολα να χάσετε την εν λόγω ανωνυμία, λόγω μιας απλής παράβλεψης.
+3. ==Χρησιμοποιήστε το σωστό επίπεδο προστασίας για τους σκοπούς σας.== Συχνά βλέπουμε να προτείνονται οι λεγόμενες λύσεις των δυνάμεων ασφαλείας ή οι λύσεις, που καθιστούν αδύνατη την κλήτευση. Αυτές συχνά απαιτούν εξειδικευμένη γνώση και γενικά δεν είναι αυτό που επιθυμούν οι άνθρωποι. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Έτσι, πώς μπορεί αυτό να φαίνεται;
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/el/basics/common-threats.md b/i18n/el/basics/common-threats.md
index c16c9d0e..8c40ca49 100644
--- a/i18n/el/basics/common-threats.md
+++ b/i18n/el/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Το μοντέλο απειλής σου είναι προσωπικό, αλλά τα εξής αποτελούν μερικά από τα πράγματα που ενδιαφέρουν πολλά επισκεπτόμενα αυτής της ιστοσελίδας.
---
-Γενικά, κατηγοριοποιούμε τις συστάσεις μας σε [απειλές](threat-modeling.md) ή στόχους που αφορούν τα περισσότερα άτομα. ==Ίσως νοιάζεσαι για μία ή περισσότερες (ή και καμία) από αυτές==· τα εργαλεία και οι υπηρεσίες που χρησιμοποιείς εξαρτώνται από τους στόχους σου. Μπορεί να έχεις και συγκεκριμένες απειλές εκτός αυτών των κατηγοριών, πράγμα που είναι απολύτως κατανοητό! Το σημαντικό είναι να κατανοήσεις τα πλεονεκτήματα και τα ελαττώματα των εργαλείων που επιλέγεις, μιας και κανένα από αυτά δεν θα σε προστατεύσει από κάθε απειλή.
+Γενικά, κατηγοριοποιούμε τις συστάσεις μας σε [απειλές](threat-modeling.md) ή στόχους που αφορούν τα περισσότερα άτομα. ==Ίσως νοιάζεσαι για μία ή περισσότερες (ή και καμία) από αυτές==· τα εργαλεία και οι υπηρεσίες που χρησιμοποιείς εξαρτώνται από τους στόχους σου. You may have specific threats outside these categories as well, which is perfectly fine! Το σημαντικό είναι να κατανοήσεις τα πλεονεκτήματα και τα ελαττώματα των εργαλείων που επιλέγεις, μιας και κανένα από αυτά δεν θα σε προστατεύσει από κάθε απειλή.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/el/basics/email-security.md b/i18n/el/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/el/basics/email-security.md
+++ b/i18n/el/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/el/basics/hardware.md b/i18n/el/basics/hardware.md
index 2485b199..5b952fbe 100644
--- a/i18n/el/basics/hardware.md
+++ b/i18n/el/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/el/basics/multi-factor-authentication.md b/i18n/el/basics/multi-factor-authentication.md
index af2b275a..6abb539c 100644
--- a/i18n/el/basics/multi-factor-authentication.md
+++ b/i18n/el/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Αυθεντικοποίηση Πολλών Παραγόντων"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/el/basics/passwords-overview.md b/i18n/el/basics/passwords-overview.md
index 2ca6ccb6..65e654f4 100644
--- a/i18n/el/basics/passwords-overview.md
+++ b/i18n/el/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Σημείωση
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/el/basics/threat-modeling.md b/i18n/el/basics/threat-modeling.md
index d360d07d..a3506a05 100644
--- a/i18n/el/basics/threat-modeling.md
+++ b/i18n/el/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/el/browser-extensions.md b/i18n/el/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/el/browser-extensions.md
+++ b/i18n/el/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/el/calendar.md b/i18n/el/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/el/calendar.md
+++ b/i18n/el/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/el/cloud.md b/i18n/el/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/el/cloud.md
+++ b/i18n/el/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/el/cryptocurrency.md b/i18n/el/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/el/cryptocurrency.md
+++ b/i18n/el/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/el/data-broker-removals.md b/i18n/el/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/el/data-broker-removals.md
+++ b/i18n/el/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/el/desktop-browsers.md b/i18n/el/desktop-browsers.md
index dc9b7013..9d1123e3 100644
--- a/i18n/el/desktop-browsers.md
+++ b/i18n/el/desktop-browsers.md
@@ -109,7 +109,7 @@ These are our currently recommended **desktop web browsers** and configurations
### Mullvad Leta
-Ο περιηγητής Mullvad διαθέτει το DuckDuckGo ως προεπιλεγμένη μηχανή αναζήτησης [](search-engines.md), αλλά έχει επίσης προεγκατεστημένο και το **Mullvad Leta**, μια μηχανή αναζήτησης που απαιτεί μια ενεργή συνδρομή Mullvad VPN για πρόσβαση. Το Mullvad Leta αναζητά απευθείας το API πληρωμένης αναζήτησης της Google, γι' αυτό και περιορίζεται σε συνδρομητές επί πληρωμής. Ωστόσο, η Mullvad μπορεί να συσχετίσει τα ερωτήματα αναζήτησης και τους λογαριασμούς VPN της Mullvad λόγω αυτού του περιορισμού. Για το λόγο αυτό, αποθαρρύνουμε τη χρήση του Mullvad Leta, παρόλο που η Mullvad συλλέγει πολύ λίγες πληροφορίες για τους συνδρομητές VPN της.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Το Mullvad Leta αναζητά απευθείας το API πληρωμένης αναζήτησης της Google, γι' αυτό και περιορίζεται σε συνδρομητές επί πληρωμής. Ωστόσο, η Mullvad μπορεί να συσχετίσει τα ερωτήματα αναζήτησης και τους λογαριασμούς VPN της Mullvad λόγω αυτού του περιορισμού. Για το λόγο αυτό, αποθαρρύνουμε τη χρήση του Mullvad Leta, παρόλο που η Mullvad συλλέγει πολύ λίγες πληροφορίες για τους συνδρομητές VPN της.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/el/desktop.md b/i18n/el/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/el/desktop.md
+++ b/i18n/el/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/el/device-integrity.md b/i18n/el/device-integrity.md
index 6fe582ac..d5330390 100644
--- a/i18n/el/device-integrity.md
+++ b/i18n/el/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/el/dns.md b/i18n/el/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/el/dns.md
+++ b/i18n/el/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/el/document-collaboration.md b/i18n/el/document-collaboration.md
index 1410227d..92a8152e 100644
--- a/i18n/el/document-collaboration.md
+++ b/i18n/el/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/el/email-aliasing.md b/i18n/el/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/el/email-aliasing.md
+++ b/i18n/el/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/el/email.md b/i18n/el/email.md
index b3cbeb82..f3540bb9 100644
--- a/i18n/el/email.md
+++ b/i18n/el/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/el/encryption.md b/i18n/el/encryption.md
index 14624389..10711567 100644
--- a/i18n/el/encryption.md
+++ b/i18n/el/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/el/file-sharing.md b/i18n/el/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/el/file-sharing.md
+++ b/i18n/el/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/el/frontends.md b/i18n/el/frontends.md
index ea57a69e..77a0be3f 100644
--- a/i18n/el/frontends.md
+++ b/i18n/el/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/el/index.md b/i18n/el/index.md
index 3d8f35fc..ab87082c 100644
--- a/i18n/el/index.md
+++ b/i18n/el/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/el/meta/brand.md b/i18n/el/meta/brand.md
index 864da2ec..ab033ab4 100644
--- a/i18n/el/meta/brand.md
+++ b/i18n/el/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-Το όνομα του subreddit είναι **r/PrivacyGuides** ή **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Πρόσθετες κατευθυντήριες γραμμές για το branding μπορείτε να βρείτε στη διεύθυνση [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/el/meta/translations.md b/i18n/el/meta/translations.md
index f2f6c7d2..b80a7810 100644
--- a/i18n/el/meta/translations.md
+++ b/i18n/el/meta/translations.md
@@ -27,8 +27,8 @@ description: A guide for website contributors on adding translations to our webs
## Εναλλακτικές λύσεις Fullwidth και σύνταξη Markdown
-Τα συστήματα γραφής CJK τείνουν να χρησιμοποιούν εναλλακτικές παραλλαγές "fullwidth" κοινών συμβόλων. Πρόκειται για διαφορετικούς χαρακτήρες και δεν μπορούν να χρησιμοποιηθούν για σύνταξη markdown.
+Τα συστήματα γραφής CJK τείνουν να χρησιμοποιούν εναλλακτικές παραλλαγές "fullwidth" κοινών συμβόλων. These are different characters and cannot be used for Markdown syntax.
-- Οι σύνδεσμοι πρέπει να χρησιμοποιούν κανονικές παρενθέσεις δηλαδή `(` (Αριστερή παρένθεση U+0028) και `)` (Δεξιά παρένθεση U+0029) και όχι `(` (Αριστερή παρένθεση πλήρους πλάτους U+FF08) ή `)`. (Δεξιά παρένθεση fullwidth U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Το κείμενο με εισαγωγικά σε εσοχή πρέπει να χρησιμοποιεί `:` (άνω και κάτω τελεία U+003A) και όχι `:` (Fullwidth Colon U+FF1A)
- Οι εικόνες πρέπει να χρησιμοποιούν `!` (Θαυμαστικό U+0021) και όχι `!` (Θαυμαστικό fullwidth U+FF01)
diff --git a/i18n/el/meta/uploading-images.md b/i18n/el/meta/uploading-images.md
index 398c8c85..43571728 100644
--- a/i18n/el/meta/uploading-images.md
+++ b/i18n/el/meta/uploading-images.md
@@ -48,7 +48,7 @@ optipng -o7 file.png
- [ ] Απενεργοποιήστε **Remove the XML declaration**
- [x] Ενεργοποιήστε **Remove metadata**
- [x] Ενεργοποιήστε **Remove comments**
-- [x] Ενεργοποιήστε **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Ενεργοποιήστε **Enable viewboxing**
Στην καρτέλα **SVG Output** στις επιλογές εγγράφου **Pretty-printing**:
diff --git a/i18n/el/meta/writing-style.md b/i18n/el/meta/writing-style.md
index bafe8055..aab11e87 100644
--- a/i18n/el/meta/writing-style.md
+++ b/i18n/el/meta/writing-style.md
@@ -64,7 +64,7 @@ Privacy Guides' intended [audience](https://plainlanguage.gov/guidelines/audienc
## Να είστε συνοπτικοί
-> Οι περιττές λέξεις σπαταλούν το χρόνο του κοινού σας. Το καλό γράψιμο είναι σαν μια συζήτηση. Παραλείψτε πληροφορίες που το κοινό δεν χρειάζεται να γνωρίζει. Αυτό μπορεί να είναι δύσκολο ως ειδικός στο θέμα, γι' αυτό είναι σημαντικό να έχετε κάποιον να δει τις πληροφορίες από την οπτική γωνία του κοινού.
+> Οι περιττές λέξεις σπαταλούν το χρόνο του κοινού σας. Το καλό γράψιμο είναι σαν μια συζήτηση. Παραλείψτε πληροφορίες που το κοινό δεν χρειάζεται να γνωρίζει. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Πηγή: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/el/mobile-browsers.md b/i18n/el/mobile-browsers.md
index d3996c41..be685eb5 100644
--- a/i18n/el/mobile-browsers.md
+++ b/i18n/el/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/el/multi-factor-authentication.md b/i18n/el/multi-factor-authentication.md
index 66eab966..c8ca78d9 100644
--- a/i18n/el/multi-factor-authentication.md
+++ b/i18n/el/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Αυθεντικοποίηση Πολλών Παραγόντων"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Παράδειγμα
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/el/notebooks.md b/i18n/el/notebooks.md
index a1284c71..3a2b810f 100644
--- a/i18n/el/notebooks.md
+++ b/i18n/el/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/el/os/android-overview.md b/i18n/el/os/android-overview.md
index c376d84f..de43e60c 100644
--- a/i18n/el/os/android-overview.md
+++ b/i18n/el/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Σημείωση
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/el/os/ios-overview.md b/i18n/el/os/ios-overview.md
index 4dfc5ccb..49dce716 100644
--- a/i18n/el/os/ios-overview.md
+++ b/i18n/el/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/el/os/linux-overview.md b/i18n/el/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/el/os/linux-overview.md
+++ b/i18n/el/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/el/os/macos-overview.md b/i18n/el/os/macos-overview.md
index 9ffbbcba..10d29e64 100644
--- a/i18n/el/os/macos-overview.md
+++ b/i18n/el/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/el/os/windows/group-policies.md b/i18n/el/os/windows/group-policies.md
index 9adced13..b62f40db 100644
--- a/i18n/el/os/windows/group-policies.md
+++ b/i18n/el/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/el/os/windows/index.md b/i18n/el/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/el/os/windows/index.md
+++ b/i18n/el/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/el/passwords.md b/i18n/el/passwords.md
index 9f2df041..a0498ddb 100644
--- a/i18n/el/passwords.md
+++ b/i18n/el/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/el/photo-management.md b/i18n/el/photo-management.md
index ce234e10..5662abad 100644
--- a/i18n/el/photo-management.md
+++ b/i18n/el/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Πρέπει να είναι ανοικτού κώδικα.
diff --git a/i18n/el/real-time-communication.md b/i18n/el/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/el/real-time-communication.md
+++ b/i18n/el/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/el/router.md b/i18n/el/router.md
index d7c5f0c1..afae9fb7 100644
--- a/i18n/el/router.md
+++ b/i18n/el/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-Το **OpenWrt** είναι ένα λειτουργικό σύστημα βασισμένο στο Linux· χρησιμοποιείται κυρίως σε ενσωματωμένες συσκευές για τη δρομολόγηση δικτυακής κίνησης. Περιλαμβάνει τα util-linux, uClibc, και BusyBox. Όλα τα εξαρτήματα έχουν βελτιστοποιηθεί για οικιακούς δρομολογητές.
+Το **OpenWrt** είναι ένα λειτουργικό σύστημα βασισμένο στο Linux· χρησιμοποιείται κυρίως σε ενσωματωμένες συσκευές για τη δρομολόγηση δικτυακής κίνησης. Περιλαμβάνει τα util-linux, uClibc, και BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Αρχική](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Τεκμηρίωση}
diff --git a/i18n/el/security-keys.md b/i18n/el/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/el/security-keys.md
+++ b/i18n/el/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/el/tools.md b/i18n/el/tools.md
index 6bfd965e..0a9f8fa1 100644
--- a/i18n/el/tools.md
+++ b/i18n/el/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/el/tor.md b/i18n/el/tor.md
index 033b3ee4..326c6efd 100644
--- a/i18n/el/tor.md
+++ b/i18n/el/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/el/vpn.md b/i18n/el/vpn.md
index 3e6abbb2..7ba93cd6 100644
--- a/i18n/el/vpn.md
+++ b/i18n/el/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Συστάσεις και σύγκριση ιδιωτικών υπηρεσιών VPN, Χωρίς Χορηγούς ή Διαφημίσεις - Privacy Guides"
title: "Υπηρεσίες VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Βρείτε εδώ έναν πάροχο που δεν έχει σκοπό να σας κατασκοπεύσει.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/eo/about.md b/i18n/eo/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/eo/about.md
+++ b/i18n/eo/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/eo/about/contributors.md b/i18n/eo/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/eo/about/contributors.md
+++ b/i18n/eo/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/eo/about/criteria.md b/i18n/eo/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/eo/about/criteria.md
+++ b/i18n/eo/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/eo/about/executive-policy.md b/i18n/eo/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/eo/about/executive-policy.md
+++ b/i18n/eo/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/eo/about/notices.md b/i18n/eo/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/eo/about/notices.md
+++ b/i18n/eo/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/eo/about/privacytools.md b/i18n/eo/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/eo/about/privacytools.md
+++ b/i18n/eo/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/eo/about/statistics.md b/i18n/eo/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/eo/about/statistics.md
+++ b/i18n/eo/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/eo/advanced/communication-network-types.md b/i18n/eo/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/eo/advanced/communication-network-types.md
+++ b/i18n/eo/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/eo/advanced/dns-overview.md b/i18n/eo/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/eo/advanced/dns-overview.md
+++ b/i18n/eo/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/eo/advanced/tor-overview.md b/i18n/eo/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/eo/advanced/tor-overview.md
+++ b/i18n/eo/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/eo/ai-chat.md b/i18n/eo/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/eo/ai-chat.md
+++ b/i18n/eo/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/eo/alternative-networks.md b/i18n/eo/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/eo/alternative-networks.md
+++ b/i18n/eo/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/eo/android/general-apps.md b/i18n/eo/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/eo/android/general-apps.md
+++ b/i18n/eo/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/eo/basics/account-creation.md b/i18n/eo/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/eo/basics/account-creation.md
+++ b/i18n/eo/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/eo/basics/account-deletion.md b/i18n/eo/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/eo/basics/account-deletion.md
+++ b/i18n/eo/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/eo/basics/common-misconceptions.md b/i18n/eo/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/eo/basics/common-misconceptions.md
+++ b/i18n/eo/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/eo/basics/common-threats.md b/i18n/eo/basics/common-threats.md
index 8c79b5b0..6670b15f 100644
--- a/i18n/eo/basics/common-threats.md
+++ b/i18n/eo/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Via modelo de minaco estas propra, sed ĉi tiuj estas iuj el la aferoj pri kiuj la vizitantoj al ĉi tiu retejo zorgas.
---
-Ĝenerale, ni kategoriigas niajn rekomendojn en [minacoj](threat-modeling.md) aŭ celoj pri kiuj la plej multaj homoj zorgas. ==Eble vi zorgus pri neniu, unu, kelkaj, aŭ ĉiuj el tiuj ebloj==, kaj la ilojn kaj servojn vi uzus, dependas de kiaj viaj celoj estas. Eble vi ankaŭ havas specifajn minacojn ekster ĉi tiuj kategorioj, kiu tute bonas! La plej grava parto estas evoluigi komprenon de la avantaĝoj kaj mankoj de la iloj kiujn vi elektas uzi, ĉar preskaŭ neniuj el ili protektos vin kontraŭ ĉiuj minacoj.
+Ĝenerale, ni kategoriigas niajn rekomendojn en [minacoj](threat-modeling.md) aŭ celoj pri kiuj la plej multaj homoj zorgas. ==Eble vi zorgus pri neniu, unu, kelkaj, aŭ ĉiuj el tiuj ebloj==, kaj la ilojn kaj servojn vi uzus, dependas de kiaj viaj celoj estas. You may have specific threats outside these categories as well, which is perfectly fine! La plej grava parto estas evoluigi komprenon de la avantaĝoj kaj mankoj de la iloj kiujn vi elektas uzi, ĉar preskaŭ neniuj el ili protektos vin kontraŭ ĉiuj minacoj.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Amasgvatado
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limigado de Publika Informo
diff --git a/i18n/eo/basics/email-security.md b/i18n/eo/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/eo/basics/email-security.md
+++ b/i18n/eo/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/eo/basics/hardware.md b/i18n/eo/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/eo/basics/hardware.md
+++ b/i18n/eo/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/eo/basics/multi-factor-authentication.md b/i18n/eo/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/eo/basics/multi-factor-authentication.md
+++ b/i18n/eo/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/eo/basics/passwords-overview.md b/i18n/eo/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/eo/basics/passwords-overview.md
+++ b/i18n/eo/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/eo/basics/threat-modeling.md b/i18n/eo/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/eo/basics/threat-modeling.md
+++ b/i18n/eo/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/eo/browser-extensions.md b/i18n/eo/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/eo/browser-extensions.md
+++ b/i18n/eo/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/eo/calendar.md b/i18n/eo/calendar.md
index 26af4d6c..3cc5667c 100644
--- a/i18n/eo/calendar.md
+++ b/i18n/eo/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/eo/cloud.md b/i18n/eo/cloud.md
index 352eef9a..58be5a1d 100644
--- a/i18n/eo/cloud.md
+++ b/i18n/eo/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/eo/cryptocurrency.md b/i18n/eo/cryptocurrency.md
index 0fe3bf40..c2386416 100644
--- a/i18n/eo/cryptocurrency.md
+++ b/i18n/eo/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/eo/data-broker-removals.md b/i18n/eo/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/eo/data-broker-removals.md
+++ b/i18n/eo/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/eo/desktop-browsers.md b/i18n/eo/desktop-browsers.md
index 82821366..ee50038a 100644
--- a/i18n/eo/desktop-browsers.md
+++ b/i18n/eo/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/eo/desktop.md b/i18n/eo/desktop.md
index 6b18abfb..10a058ac 100644
--- a/i18n/eo/desktop.md
+++ b/i18n/eo/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/eo/device-integrity.md b/i18n/eo/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/eo/device-integrity.md
+++ b/i18n/eo/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/eo/dns.md b/i18n/eo/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/eo/dns.md
+++ b/i18n/eo/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/eo/document-collaboration.md b/i18n/eo/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/eo/document-collaboration.md
+++ b/i18n/eo/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/eo/email-aliasing.md b/i18n/eo/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/eo/email-aliasing.md
+++ b/i18n/eo/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/eo/email.md b/i18n/eo/email.md
index 72dd2e2e..5139fdbd 100644
--- a/i18n/eo/email.md
+++ b/i18n/eo/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/eo/encryption.md b/i18n/eo/encryption.md
index a809ab16..6297e5ce 100644
--- a/i18n/eo/encryption.md
+++ b/i18n/eo/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/eo/file-sharing.md b/i18n/eo/file-sharing.md
index 30fe4eff..fdf19597 100644
--- a/i18n/eo/file-sharing.md
+++ b/i18n/eo/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/eo/frontends.md b/i18n/eo/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/eo/frontends.md
+++ b/i18n/eo/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/eo/index.md b/i18n/eo/index.md
index 24891736..d3fe4a59 100644
--- a/i18n/eo/index.md
+++ b/i18n/eo/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/eo/meta/brand.md b/i18n/eo/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/eo/meta/brand.md
+++ b/i18n/eo/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/eo/meta/translations.md b/i18n/eo/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/eo/meta/translations.md
+++ b/i18n/eo/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/eo/meta/uploading-images.md b/i18n/eo/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/eo/meta/uploading-images.md
+++ b/i18n/eo/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/eo/meta/writing-style.md b/i18n/eo/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/eo/meta/writing-style.md
+++ b/i18n/eo/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/eo/mobile-browsers.md b/i18n/eo/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/eo/mobile-browsers.md
+++ b/i18n/eo/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/eo/multi-factor-authentication.md b/i18n/eo/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/eo/multi-factor-authentication.md
+++ b/i18n/eo/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/eo/notebooks.md b/i18n/eo/notebooks.md
index 0d981eb2..a419fe9f 100644
--- a/i18n/eo/notebooks.md
+++ b/i18n/eo/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Provizantoj de Servoj](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/eo/os/android-overview.md b/i18n/eo/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/eo/os/android-overview.md
+++ b/i18n/eo/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/eo/os/ios-overview.md b/i18n/eo/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/eo/os/ios-overview.md
+++ b/i18n/eo/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/eo/os/linux-overview.md b/i18n/eo/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/eo/os/linux-overview.md
+++ b/i18n/eo/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/eo/os/macos-overview.md b/i18n/eo/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/eo/os/macos-overview.md
+++ b/i18n/eo/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/eo/os/windows/group-policies.md b/i18n/eo/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/eo/os/windows/group-policies.md
+++ b/i18n/eo/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/eo/os/windows/index.md b/i18n/eo/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/eo/os/windows/index.md
+++ b/i18n/eo/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/eo/passwords.md b/i18n/eo/passwords.md
index f28d9bf7..e08890fc 100644
--- a/i18n/eo/passwords.md
+++ b/i18n/eo/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/eo/photo-management.md b/i18n/eo/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/eo/photo-management.md
+++ b/i18n/eo/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/eo/real-time-communication.md b/i18n/eo/real-time-communication.md
index 2f718110..538feb99 100644
--- a/i18n/eo/real-time-communication.md
+++ b/i18n/eo/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/eo/router.md b/i18n/eo/router.md
index 147767bc..88356dd1 100644
--- a/i18n/eo/router.md
+++ b/i18n/eo/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/eo/security-keys.md b/i18n/eo/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/eo/security-keys.md
+++ b/i18n/eo/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/eo/tools.md b/i18n/eo/tools.md
index 44dd5a59..48348f9b 100644
--- a/i18n/eo/tools.md
+++ b/i18n/eo/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/eo/tor.md b/i18n/eo/tor.md
index b2df643d..e2ed3986 100644
--- a/i18n/eo/tor.md
+++ b/i18n/eo/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/eo/vpn.md b/i18n/eo/vpn.md
index 90a4e5e4..1b68ee82 100644
--- a/i18n/eo/vpn.md
+++ b/i18n/eo/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/es/about.md b/i18n/es/about.md
index 17215f56..cd906509 100644
--- a/i18n/es/about.md
+++ b/i18n/es/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Página Principal }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Código Fuente" }
-Privacy Guides está elaborada por voluntarios y miembros del personal de todo el mundo. Todos los cambios en nuestras recomendaciones y recursos son revisados por al menos dos personas [de confianza](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all), y trabajamos con diligencia para garantizar que nuestro contenido se actualice lo más rápidamente posible para adaptarse al panorama siempre cambiante de las amenazas a la ciberseguridad.
+Privacy Guides está elaborada por voluntarios y miembros del personal de todo el mundo. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
Además de nuestro equipo central, [muchas otras personas](about/contributors.md) han contribuido al proyecto. ¡Tú también puedes contribuir! Somos de código abierto en GitHub y aceptamos sugerencias de traducciones en [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/es/about/contributors.md b/i18n/es/about/contributors.md
index f0e9cabb..aa1a032e 100644
--- a/i18n/es/about/contributors.md
+++ b/i18n/es/about/contributors.md
@@ -7,7 +7,7 @@ description: Una lista completa de colaboradores que, colectivamente, han tenido
-Este proyecto sigue la especificación de [todos los colaboradores](https://github.com/all-contributors/all-contributors). Las contribuciones de **cualquier** tipo son bienvenidas para ser agregadas a [esta lista](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), incluyendo las colaboraciones a Privacy Guides fuera de este repositorio y las contribuciones que no están relacionadas con el contenido (como compartir ideas para Privacy Guides, promocionar el proyecto, responder preguntas en el foro, etc).
+Este proyecto sigue la especificación de [todos los colaboradores](https://github.com/all-contributors/all-contributors). Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Tipo | Descripción |
| ----- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/es/about/criteria.md b/i18n/es/about/criteria.md
index 2380817e..9ec0d39e 100644
--- a/i18n/es/about/criteria.md
+++ b/i18n/es/about/criteria.md
@@ -24,7 +24,7 @@ Estos son los requisitos que exigimos a los desarrolladores que deseen presentar
- Debe revelar su afiliación, es decir, su cargo dentro del proyecto que se presenta.
-- Debe contar con un documento de seguridad si se trata de un proyecto que implica el manejo de información sensible como un servicio de mensajería, un administrador de contraseñas, almacenamiento cifrado en la nube, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- En cuanto al estado de la auditoría de terceros, queremos saber si se ha sometido a una o la ha solicitado. Si es posible, mencione quién realizará la auditoría.
- Debe explicar qué aporta el proyecto en materia de privacidad.
diff --git a/i18n/es/about/executive-policy.md b/i18n/es/about/executive-policy.md
index 261a818a..7126ab2d 100644
--- a/i18n/es/about/executive-policy.md
+++ b/i18n/es/about/executive-policy.md
@@ -5,7 +5,7 @@ description: Se trata de políticas adoptadas formalmente por nuestro comité ej
Se trata de políticas adoptadas formalmente por el comité ejecutivo de Privacy Guides, y prevalecen sobre cualquier otra declaración expresada en este sitio web.
-Las palabras clave **debe**, **no debe**, **requerido**, **deberá**, **no deberá**, **debería**, **no debería**, **recomendado**, **puede**, y **opcional** deben interpretarse como se describe en [RFC 2119](https://datatracker. etf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Muestras Gratuitas de Productos
diff --git a/i18n/es/about/notices.md b/i18n/es/about/notices.md
index 4f194984..83209693 100644
--- a/i18n/es/about/notices.md
+++ b/i18n/es/about/notices.md
@@ -31,7 +31,7 @@ Esto no incluye el código de terceros incrustado en el código del repositorio
* La fuente [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) utilizada para la mayoría del texto en este sitio está licenciada bajo los términos detallados [aquí](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* La fuente [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) utilizada para el texto monoespaciado está licenciada bajo la [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Creemos que los logotipos y otras imágenes en `assets` obtenidos de terceros proveedores son de dominio público o **de uso leal**. En pocas palabras, la [doctrina legal de uso justo](https://copyright.gov/fair-use/more-info.html) permite el uso de imágenes protegidas por derechos de autor con el fin de identificar el tema a efectos de comentario público. Sin embargo, estos logotipos y otras imágenes pueden estar sujetos a la legislación sobre marcas en una o más jurisdicciones. Antes de utilizar este contenido, asegúrese de que se utiliza para identificar a la entidad u organización propietaria de la marca comercial y de que usted tiene derecho a utilizarla según las leyes que se aplican en las circunstancias de tu uso previsto. *Al copiar el contenido de este sitio web, usted es el único responsable de asegurarse de no infringir la marca comercial o los derechos de autor de otra persona.*
+Creemos que los logotipos y otras imágenes en `assets` obtenidos de terceros proveedores son de dominio público o **de uso leal**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Sin embargo, estos logotipos y otras imágenes pueden estar sujetos a la legislación sobre marcas en una o más jurisdicciones. Antes de utilizar este contenido, asegúrese de que se utiliza para identificar a la entidad u organización propietaria de la marca comercial y de que usted tiene derecho a utilizarla según las leyes que se aplican en las circunstancias de tu uso previsto. *Al copiar el contenido de este sitio web, usted es el único responsable de asegurarse de no infringir la marca comercial o los derechos de autor de otra persona.*
Cuando contribuyes a nuestro sitio web lo estás haciendo bajo las licencias anteriores, y estás otorgando a las Guías de Privacidad un autor, mundial, no exclusivo, transferible, sin realismo Licencia irrevocable con derecho a sublicenciar tales derechos a través de múltiples niveles de sublicencias, para reproducir, modificar, mostrar, realizar y distribuir su contribución como parte de nuestro proyecto.
diff --git a/i18n/es/about/privacytools.md b/i18n/es/about/privacytools.md
index 5f0b8e05..37d7d641 100644
--- a/i18n/es/about/privacytools.md
+++ b/i18n/es/about/privacytools.md
@@ -37,9 +37,9 @@ A finales de julio de 2021, [informamos](https://web.archive.org/web/20210729184
## Control de r/privacytoolsIO
-Simultáneamente con los problemas del sitio web en privacytools.io, el equipo de moderación de r/privacytoolsIO se enfrentaba a retos en la gestión del subreddit. El subreddit siempre había sido operado en su mayor parte independientemente del desarrollo del sitio web, pero BurungHantu era el principal moderador del subreddit también, y era el único moderador al que se le habían concedido privilegios de "Control total". u/trai_dep era el único moderador activo en ese momento, y [publicó](https://reddit.com/comments/o9tllh) una solicitud a los administradores de Reddit el 28 de junio de 2021, pidiendo que se le concediera el puesto de moderador principal y privilegios de control total, con el fin de realizar los cambios necesarios en el subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep era el único moderador activo en ese momento, y [publicó](https://reddit.com/comments/o9tllh) una solicitud a los administradores de Reddit el 28 de junio de 2021, pidiendo que se le concediera el puesto de moderador principal y privilegios de control total, con el fin de realizar los cambios necesarios en el subreddit.
-Reddit requiere que los subreddits tengan moderadores activos. Si el moderador principal está inactivo durante un largo periodo de tiempo (como un año), el puesto de moderador principal puede volver a asignarse al siguiente moderador en la lista. Para que se le concediera esta petición, BurungHantu tenía que haber estado completamente ausente de toda actividad de Reddit durante un largo periodo de tiempo, lo que era coherente con sus comportamientos en otras plataformas.
+Reddit requires that Subreddits have active moderators. Si el moderador principal está inactivo durante un largo periodo de tiempo (como un año), el puesto de moderador principal puede volver a asignarse al siguiente moderador en la lista. Para que se le concediera esta petición, BurungHantu tenía que haber estado completamente ausente de toda actividad de Reddit durante un largo periodo de tiempo, lo que era coherente con sus comportamientos en otras plataformas.
> Si fuiste removido como moderador de un subreddit a través de una solicitud de Reddit es porque tu falta de respuesta y tu falta de actividad calificaron al subreddit para una transferencia de r/redditrequest.
>
@@ -55,7 +55,7 @@ Este cambio [supuso:](https://reddit.com/comments/pnhn4a)
- Redirigir `www.privacytools.io` a [www.privacyguides.org](https://www.privacyguides.org).
- Archivar el código fuente en GitHub para preservar nuestro trabajo anterior y el rastreador de problemas, que seguimos utilizando durante meses para el desarrollo futuro de este sitio.
-- Publicar anuncios en nuestro subreddit y en varias otras comunidades informando a la gente del cambio oficial.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Cerrar formalmente los servicios de privacytools.io, como Matrix y Mastodon, y animar a los usuarios existentes a migrar lo antes posible.
Las cosas parecían ir bien, y la mayoría de nuestra comunidad activa hizo el cambio a nuestro nuevo proyecto exactamente como esperábamos.
@@ -66,11 +66,11 @@ Aproximadamente una semana después de la transición, BurungHantu volvió a est
En este punto, BurungHantu afirmó que quería seguir trabajando en privacytools.io por su propia cuenta y solicitó la eliminación de la redirección de `www.privacytools.io` a [www.privacyguides.org](https://www.privacyguides.org). Le obligamos y le pedimos que mantuviera activos los subdominios de Matrix, Mastodon y PeerTube para que funcionaran como servicio público para nuestra comunidad durante al menos unos meses, con el fin de que los usuarios de esas plataformas pudieran migrar fácilmente a otras cuentas. Debido a la naturaleza federada de los servicios que prestábamos, estaban vinculados a nombres de dominio específicos, lo que hacía muy difícil la migración (y en algunos casos imposible).
-Desafortunadamente, debido a que el control del subreddit r/privacytoolsIO no fue devuelto a BurungHantu a petición suya (más información a continuación), esos subdominios fueron [cortados](https://reddit.com/comments/pymthv/comment/hexwrps) a principios de octubre, poniendo fin a cualquier posibilidad de migración para los usuarios que todavía utilizan esos servicios.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Tras esto, BurungHantu hizo falsas acusaciones sobre el robo de donaciones del proyecto por parte de Jonah. BurungHantu tenía más de un año desde que ocurrió el presunto incidente y, sin embargo, no lo puso en conocimiento de nadie hasta después de la migración de Privacy Guides. El equipo [y la comunidad](https://twitter.com/TommyTran732/status/1526153536962281474) han pedido repetidamente a BurungHantu que aporte pruebas y comente el motivo de su silencio, y no lo ha hecho.
-BurungHantu también hizo una [publicación en Twitter](https://twitter.com/privacytoolsIO/status/1510560676967710728) alegando que un "abogado" se había puesto en contacto con él en Twitter y le estaba dando consejos, en otro intento de intimidarnos para darle el control de nuestro subreddit, y como parte de su campaña de difamación para enturbiar las aguas que rodean el lanzamiento de Privacy Guides mientras fingía ser una víctima.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Ahora
@@ -80,7 +80,7 @@ A partir del 25 de septiembre de 2022 estamos viendo cómo los planes generales
## r/privacytoolsIO Ahora
-Después del lanzamiento de [r/PrivacyGuides](https://reddit.com/r/privacyguides), era poco práctico para u/trai_dep continuar moderando ambos subreddits, y con la comunidad a bordo con la transición, r/privacytoolsIO se [hizo](https://reddit.com/comments/qk7qrj) un sub restringido en un post el 1 de noviembre de 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] El crecimiento de este Sub fue el resultado de un gran esfuerzo, a lo largo de varios años, del equipo de PrivacyGuides.org. Y por cada uno de ustedes.
>
@@ -88,11 +88,11 @@ Después del lanzamiento de [r/PrivacyGuides](https://reddit.com/r/privacyguides
Los subreddits no pertenecen a nadie, y especialmente no pertenecen a los titulares de las marcas. Pertenecen a sus comunidades, y la comunidad y sus moderadores tomaron la decisión de apoyar el traslado a r/PrivacyGuides.
-En los meses posteriores, BurungHantu ha amenazado y rogado para que le devuelvan el control del subreddit a su cuenta en [violación](https://reddit.com/r/redditrequest/wiki/top_mod_removal) de las normas de Reddit:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> No se permiten las represalias por parte de ningún moderador con respecto a las solicitudes de eliminación.
-Para una comunidad con muchos miles de suscriptores restantes, creemos que sería increíblemente irrespetuoso devolver el control de esa plataforma masiva a la persona que la abandonó durante más de un año, y que ahora gestiona un sitio web que, en nuestra opinión, proporciona información de muy baja calidad. Preservar los años de discusiones pasadas en esa comunidad es más importante para nosotros, y por lo tanto u/trai_dep y el resto del equipo de moderación del subreddit ha tomado la decisión de mantener r/privacytoolsIO como está.
+Para una comunidad con muchos miles de suscriptores restantes, creemos que sería increíblemente irrespetuoso devolver el control de esa plataforma masiva a la persona que la abandonó durante más de un año, y que ahora gestiona un sitio web que, en nuestra opinión, proporciona información de muy baja calidad. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Ahora
diff --git a/i18n/es/about/statistics.md b/i18n/es/about/statistics.md
index 34f5e37e..edbac6fb 100644
--- a/i18n/es/about/statistics.md
+++ b/i18n/es/about/statistics.md
@@ -11,7 +11,7 @@ Nosotros alojamos [Umami](https://umami.is) para crear una bonita visualización
Con estas procesamos:
-- Tu información no es compartida con terceros, esta permanece en los servidores que controlamos
+- Your information is never shared with a third party, it stays on servers we control
- Tus datos personales no se guardan, únicamente recopilamos datos agregados
- No se utiliza JavaScript en el lado del cliente
diff --git a/i18n/es/advanced/communication-network-types.md b/i18n/es/advanced/communication-network-types.md
index 628bd58a..d871d9d1 100644
--- a/i18n/es/advanced/communication-network-types.md
+++ b/i18n/es/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Cuando autoalojados, miembros de un servidor federado pueden descubrir y comunic
- Permite un mayor control sobre tus propios datos cuando administras tu propio servidor.
- Te permite elegir en quién confiar tus datos eligiendo entre varios servidores "públicos".
- A menudo permite los clientes de terceros que pueden ofrecer una experiencia más nativa, personalizada o accesible.
-- El software del servidor se puede verificar que coincide con el código fuente público, asumiendo que tengas acceso al servidor o que confíes en la persona quien lo tiene (por ejemplo, un familiar).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Desventajas:**
@@ -60,7 +60,7 @@ Cuando autoalojados, miembros de un servidor federado pueden descubrir y comunic
Los servicios de mensajería P2P se conectan a una [red distribuida](https://es.wikipedia.org/wiki/Red_distribuida) de nodos para transmitir un mensaje al destinatario sin necesidad de un servidor externo.
-Los clientes (pares) usualmente se encuentran entre sí mediante el uso de una red de [computación distribuida](https://en.wikipedia.org/wiki/Distributed_computing). Ejemplos de esto incluyen la [Tabla de hash distribuida](https://es.wikipedia.org/wiki/Tabla_de_hash_distribuida) (DHT), usada por [torrents](https://es.wikipedia.org/wiki/BitTorrent) y [IPFS](https://es.wikipedia.org/wiki/Sistema_de_archivos_interplanetario) por ejemplo. Otro enfoque son las redes basadas en la proximidad, en las que se establece una conexión a través de WiFi o Bluetooth (por ejemplo, Briar o el protocolo de red social [Scuttlebutt](https://scuttlebutt.nz)).
+Los clientes (pares) usualmente se encuentran entre sí mediante el uso de una red de [computación distribuida](https://en.wikipedia.org/wiki/Distributed_computing). Ejemplos de esto incluyen la [Tabla de hash distribuida](https://es.wikipedia.org/wiki/Tabla_de_hash_distribuida) (DHT), usada por [torrents](https://es.wikipedia.org/wiki/BitTorrent) y [IPFS](https://es.wikipedia.org/wiki/Sistema_de_archivos_interplanetario) por ejemplo. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Una vez que un par ha encontrado una ruta a su contacto a través de cualquiera de estos métodos, se establece una conexión directa entre ellos. Aunque los mensajes suelen estar encriptados, un observador puede deducir la ubicación y la identidad del remitente y del destinatario.
@@ -85,9 +85,9 @@ Las redes P2P no utilizan servidores, ya que los pares se comunican directamente
Un servicio de mensajería que utilice [enrutamiento anónimo](https://doi.org/10.1007/978-1-4419-5906-5_628) oculta la identidad del emisor, del receptor o la evidencia de que se han comunicado. Idealmente, un servicio de mensajería debería ocultar los tres.
-Hay [muchas](https://doi.org/10.1145/3182658) formas diferentes de implementar el enrutamiento anónimo. Una de las más famosas es el [enrutamiento cebolla](https://es.wikipedia.org/wiki/Encaminamiento_cebolla) (es decir, [Tor](tor-overview.md)), que comunica mensajes cifrados a través de una red [superpuesta virtual](https://es.wikipedia.org/wiki/Red_superpuesta) que oculta la ubicación de cada nodo, así como el destinatario y el remitente de cada mensaje. El remitente y el destinatario nunca interactúan directamente y solo se reúnen a través de un nodo de encuentro secreto para que no haya filtración de direcciones IP ni de la ubicación física. Los nodos no pueden descifrar los mensajes, ni el destino final; solo el destinatario puede hacerlo. Cada nodo intermediario solo puede desencriptar una parte que indica a dónde enviar el mensaje aún encriptado a continuación, hasta que llega al destinatario que puede desencriptarlo completamente, de ahí las "capas de cebolla."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Una de las más famosas es el [enrutamiento cebolla](https://es.wikipedia.org/wiki/Encaminamiento_cebolla) (es decir, [Tor](tor-overview.md)), que comunica mensajes cifrados a través de una red [superpuesta virtual](https://es.wikipedia.org/wiki/Red_superpuesta) que oculta la ubicación de cada nodo, así como el destinatario y el remitente de cada mensaje. El remitente y el destinatario nunca interactúan directamente y solo se reúnen a través de un nodo de encuentro secreto para que no haya filtración de direcciones IP ni de la ubicación física. Los nodos no pueden descifrar los mensajes, ni el destino final; solo el destinatario puede hacerlo. Cada nodo intermediario solo puede desencriptar una parte que indica a dónde enviar el mensaje aún encriptado a continuación, hasta que llega al destinatario que puede desencriptarlo completamente, de ahí las "capas de cebolla."
-El autoalojamiento de un nodo en una red de enrutamiento anónimo no proporciona al anfitrión beneficios adicionales de privacidad, sino que contribuye a la resistencia de toda la red contra los ataques de identificación en beneficio de todos.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Ventajas:**
diff --git a/i18n/es/advanced/dns-overview.md b/i18n/es/advanced/dns-overview.md
index 70013843..dbc94a05 100644
--- a/i18n/es/advanced/dns-overview.md
+++ b/i18n/es/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: El Sistema de Nombres de Dominio es la "guía telefónica de Internet", que ayuda a tu navegador a encontrar el sitio web que buscas.
---
-El [Sistema de Nombres de Dominio](https://es.wikipedia.org/wiki/Sistema_de_nombres_de_dominio) es el 'directorio telefónico del Internet'. El DNS traduce los nombres de dominio a direcciones IP para que los navegadores y otros servicios puedan cargar los recursos de Internet, a través de una red descentralizada de servidores.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. El DNS traduce los nombres de dominio a direcciones IP para que los navegadores y otros servicios puedan cargar los recursos de Internet, a través de una red descentralizada de servidores.
## ¿Qué es el DNS?
@@ -24,7 +24,7 @@ A continuación, discutimos y proporcionamos un tutorial para probar lo que un o
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. Entonces podemos usar [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc) o [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) para enviar la búsqueda DNS a ambos servidores. Software como los navegadores web hacen estas búsquedas automáticamente, a menos que estén configurados para usar DNS cifrado.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software como los navegadores web hacen estas búsquedas automáticamente, a menos que estén configurados para usar DNS cifrado.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ A continuación, discutimos y proporcionamos un tutorial para probar lo que un o
nslookup privacyguides.org 8.8.8.8
```
-3. A continuación, queremos [analizar](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) los resultados:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ DNS cifrado puede referirse a uno de varios protocolos, siendo los más comunes
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) fue uno de los primeros métodos de encriptación de consultas DNS. DNSCrypt opera en el puerto 443 y funciona con los protocolos de transporte TCP o UDP. DNSCrypt nunca ha sido enviado al [Grupo de Trabajo de Ingeniería en Internet (IETF)](https://es.wikipedia.org/wiki/Grupo_de_Trabajo_de_Ingenier%C3%ADa_de_Internet) ni ha pasado por el proceso de ["Request for Comments" (RFC)](https://es.wikipedia.org/wiki/Request_for_Comments) por lo que no ha sido utilizado ampliamente fuera de unas pocas [implementaciones](https://dnscrypt.info/implementations). Como resultado, ha sido sustituido en gran medida por el más popular [DNS sobre HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) fue uno de los primeros métodos de encriptación de consultas DNS. DNSCrypt opera en el puerto 443 y funciona con los protocolos de transporte TCP o UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Como resultado, ha sido sustituido en gran medida por el más popular [DNS sobre HTTPS](#dns-over-https-doh).
### DNS sobre TLS (DoT)
@@ -118,7 +118,7 @@ En este ejemplo registraremos lo que sucede cuando hacemos una solicitud de DoH:
3. Después de hacer la solicitud, podemos detener la captura de paquetes con CTRL + C.
-4. Analiza los resultados en Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Cuando hacemos una búsqueda en el DNS, generalmente es porque queremos acceder
La forma más sencilla de determinar la actividad de navegación podría ser mirar las direcciones IP a las que acceden sus dispositivos. Por ejemplo, si el observador sabe que `privacyguides.org` está en `198.98.54.105`, y tu dispositivo solicita datos de `198.98.54.105`, es muy probable que estés visitando Privacy Guides.
-Este método sólo es útil cuando la dirección IP pertenece a un servidor que sólo aloja unos pocos sitios web. Tampoco es muy útil si el sitio está alojado en una plataforma compartida (por ejemplo, Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Tampoco es muy útil si el servidor está alojado detrás de un [proxy inverso](https://es.wikipedia.org/wiki/Proxy_inverso), lo cual es muy común en la Internet moderna.
+Este método sólo es útil cuando la dirección IP pertenece a un servidor que sólo aloja unos pocos sitios web. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Tampoco es muy útil si el servidor está alojado detrás de un [proxy inverso](https://es.wikipedia.org/wiki/Proxy_inverso), lo cual es muy común en la Internet moderna.
### Indicación del Nombre del Servidor (SNI)
-La Indicación del Nombre del Servidor se suele utilizar cuando una dirección IP aloja muchos sitios web. Esto podría ser un servicio como Cloudflare, o alguna otra protección de [ataque de denegación de servicio](https://es.wikipedia.org/wiki/Ataque_de_denegaci%C3%B3n_de_servicio).
+Server Name Indication is typically used when an IP address hosts many websites. Esto podría ser un servicio como Cloudflare, o alguna otra protección de [ataque de denegación de servicio](https://es.wikipedia.org/wiki/Ataque_de_denegaci%C3%B3n_de_servicio).
-1. Comienza a capturar de nuevo con `tshark`. Hemos añadido un filtro con nuestra dirección IP para que no captures muchos paquetes:
+1. Comienza a capturar de nuevo con `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(No hagas nada)
```
-El DNS cifrado con un tercero solo debe usarse para evitar redirecciones y el [bloqueo básico de DNS](https://en.wikipedia.org/wiki/DNS_blocking) cuando puedas estar seguro de que no habrá consecuencias o estés interesado en un proveedor que realice un filtrado rudimentario.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Lista de servidores DNS recomendados](../dns.md ""){.md-button}
diff --git a/i18n/es/advanced/tor-overview.md b/i18n/es/advanced/tor-overview.md
index 92441621..70f25411 100644
--- a/i18n/es/advanced/tor-overview.md
+++ b/i18n/es/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor funciona enrutando tu tráfico de Internet a través de servidores operados
Antes de conectarte a Tor, deberías considerar cuidadosamente lo que buscas lograr con Tor en primer lugar, además de quién estás intentando ocultar tu actividad en la red.
-Si vives en un país libre, accedes a contenido mundano a través de Tor, no te preocupa que tu ISP o los administradores de tu red local sepan que estás usando Tor, y quieres ayudar a [a desestigmatizar](https://2019.www.torproject.org/about/torusers.html.en) el uso de Tor, probablemente puedes conectarte a Tor directamente a través de medios estándar como [Tor Browser](../tor.md) sin preocuparte.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
Si tienes la posibilidad de acceder a un proveedor VPN de confianza y **cualquiera** de los siguientes es cierto, casi seguro que deberías conectarte a Tor a través de una VPN:
diff --git a/i18n/es/ai-chat.md b/i18n/es/ai-chat.md
index a25b4c33..949a7131 100644
--- a/i18n/es/ai-chat.md
+++ b/i18n/es/ai-chat.md
@@ -26,7 +26,7 @@ Alternativamente, puedes ejecutar modelos de IA localmente para que tus datos nu
### Hardware para Modelos Locales de IA
-Los modelos locales también son bastante accesibles. Es posible ejecutar modelos más pequeños a velocidades inferiores con tan solo 8 GB de RAM. Utilizar un hardware más potente, como una GPU dedicada con suficiente VRAM o un sistema moderno con memoria LPDDR5X rápida, ofrece la mejor experiencia.
+Los modelos locales también son bastante accesibles. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Utilizar un hardware más potente, como una GPU dedicada con suficiente VRAM o un sistema moderno con memoria LPDDR5X rápida, ofrece la mejor experiencia.
Los LLM suelen diferenciarse por el número de parámetros, que pueden variar entre 1,3B y 405B para los modelos de código abierto disponibles para los usuarios finales. Por ejemplo, los modelos con parámetros inferiores a 6,7B sólo son buenos para tareas básicas como resúmenes de texto, mientras que los modelos entre 7B y 13B son un gran compromiso entre calidad y velocidad. Los modelos con capacidades de razonamiento avanzadas suelen rondar los 70B.
@@ -34,9 +34,9 @@ Para el hardware de consumo personal, generalmente se recomienda utilizar [model
| Tamaño del Modelo (en Parámetros) | RAM Mínima | Procesador Mínimo |
| ---------------------------------------------------- | ---------- | ---------------------------------------------------- |
-| 7B | 8 GB | CPU Moderna (compatible con AVX2) |
-| 13B | 16 GB | CPU Moderna (compatible con AVX2) |
-| 70B | 72 GB | GPU con VRAM |
+| 7B | 8 GB | CPU Moderna (compatible con AVX2) |
+| 13B | 16 GB | CPU Moderna (compatible con AVX2) |
+| 70B | 72 GB | GPU con VRAM |
Para ejecutar IA localmente, se necesita tanto un modelo de IA como un cliente de IA.
@@ -144,7 +144,7 @@ Llamafile también es compatible con LLaVA. Sin embargo, no admite el reconocimi
-Mozilla ha puesto a disposición llamafiles solo para algunos modelos de Llama y Mistral, mientras que hay pocos llamafiles de terceros disponibles. Además, Windows limita los archivos `.exe` a 4 GB, y la mayoría de los modelos superan ese tamaño.
+Mozilla ha puesto a disposición llamafiles solo para algunos modelos de Llama y Mistral, mientras que hay pocos llamafiles de terceros disponibles. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
Para evitar estos problemas, puedes [cargar weights externos](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ Para comprobar la autenticidad y seguridad del modelo, busca:
- Checksums coincidentes[^1]
- En Hugging Face, puedes encontrar el hash haciendo clic en un archivo de modelo y buscando el botón **Copy SHA256** debajo de él. Debes comparar esta checksum con la del fichero modelo que has descargado.
-Por lo general, un modelo descargado es seguro si satisface todas las comprobaciones anteriores.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criterios
@@ -175,14 +175,14 @@ Por favor, ten en cuenta que no estamos afiliados a ninguno de los proyectos que
- No debe transmitir datos personales, incluidos los del chat.
- Debe ser multiplataforma.
- No debe requerir GPU.
-- Debe ser compatible con la inferencia rápida en la GPU.
+- Must support GPU-powered fast inference.
- No debe requerir conexión a Internet.
### Mejor Caso
Nuestros criterios para el mejor de los casos representan lo que nos _gustaría_ ver en el proyecto perfecto de esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página.
-- Debería ser fácil de descargar y configurar, por ejemplo, con un proceso de instalación de un solo clic.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Debería tener una opción de descarga de modelos integrada.
- El usuario debería poder modificar los parámetros de la LLM, como su prompt de sistema o su temperatura.
diff --git a/i18n/es/alternative-networks.md b/i18n/es/alternative-networks.md
index 6c82888d..2203bb79 100644
--- a/i18n/es/alternative-networks.md
+++ b/i18n/es/alternative-networks.md
@@ -68,7 +68,7 @@ Puedes activar Snowflake en tu navegador al abrirlo en otra pestaña y activar e
Snowflake no aumenta tu privacidad de ninguna manera, ni se utiliza para conectar con la red Tor desde tu navegador personal. Sin embargo, si tu conexión a Internet no está censurada, deberías considerar ejecutarlo para ayudar a mejorar la privacidad de las personas en redes censuradas. No es necesasrio preocuparte sobre cuales páginas acceden las personas a través de tu proxy—su dirección IP visible coincidirá con su nodo de salida de Tor, no el tuyo.
-Ejecutar un proxy Snowflake es de bajo riesgo, incluso más que ejecutar un relé Tor o un puente que ya no son esfuerzos particularmente arriesgados. Sin embargo, el tráfico de proxy pasa a través de tu red, lo que puede impactar de varias maneras, especialmente si el tráfico de tu red es limitado. Asegúrate de comprender [cómo funciona Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) antes de tomar la decisión de ejecutar un proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. Sin embargo, el tráfico de proxy pasa a través de tu red, lo que puede impactar de varias maneras, especialmente si el tráfico de tu red es limitado. Asegúrate de comprender [cómo funciona Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) antes de tomar la decisión de ejecutar un proxy.
### I2P (El Proyecto de Internet Invisible)
@@ -77,7 +77,7 @@ Ejecutar un proxy Snowflake es de bajo riesgo, incluso más que ejecutar un rel
{ align=right }
{ align=right }
-**I2P** es una capa de red que cifra tus conexiones y las enruta a través de una red de computadoras distribuidas alrededor del mundo. Está enfocada principalmente en crear una red alternativa que protege la privacidad, en vez de anonimizar las conexiones regulares a Internet.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. Está enfocada principalmente en crear una red alternativa que protege la privacidad, en vez de anonimizar las conexiones regulares a Internet.
[:octicons-home-16: Página principal](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentación }
@@ -106,7 +106,7 @@ Puedes tratar de conectarte a _Privacy Guides_ a través de I2P en [privacyguide
-Además, a diferencia de Tor, cada nodo de I2P retransmite el tráfico para otros usuarios por defecto, en vez de depender de voluntarios dedicados a la retransmisión para ejecutar los nodos. Hay aproximadamente [10,000](https://metrics.torproject.org/networksize.html) repetidores y puentes en la red Tor, comparador a los ~50,000 en I2P, significando que hay potenciamente más formas de enrutar tu tráfico para maximizar el anonimato. I2P también tiende a ser más eficiente que Tor, pero esto puede deberse a que Tor está más enfocado en el tráfico regular de Internet "limpio", por lo que usa más nodos de salida con cuellos de botella. El rendimiento del servicio oculto es, por lo general, considerado mucho mejor en I2P a comparación de Tor. Mientras la ejecución de aplicaciones como BitTorrent es complicado en Tor (y puede impactar masivamente el rendimiento de la red Tor), es muy fácil y eficiente en I2P.
+Además, a diferencia de Tor, cada nodo de I2P retransmite el tráfico para otros usuarios por defecto, en vez de depender de voluntarios dedicados a la retransmisión para ejecutar los nodos. Hay aproximadamente [10,000](https://metrics.torproject.org/networksize.html) repetidores y puentes en la red Tor, comparador a los ~50,000 en I2P, significando que hay potenciamente más formas de enrutar tu tráfico para maximizar el anonimato. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. El rendimiento del servicio oculto es, por lo general, considerado mucho mejor en I2P a comparación de Tor. Mientras la ejecución de aplicaciones como BitTorrent es complicado en Tor (y puede impactar masivamente el rendimiento de la red Tor), es muy fácil y eficiente en I2P.
Sin embargo, I2P presenta sus desventajas. La dependencia de Tor en nodos de salida dedicados significa que más personas en entornos menos seguros pueden usarlo, y los repetidores que existen en Tor son probablemente más eficientes y estables, porque generalmente no son ejecutados en conexiones residenciales. Tor también está más enfocado en la **privacidad del navegador** (ej: protección ante las huellas dactilares), con un [Navegador Tor](tor.md) dedicado para anonimizar la actividad de navegación lo máximo posible. I2P es usado a través de tu [navegador regular de Internet](desktop-browsers.md) y mientras puedes configurar tu navegador para que proteja mejor tu privacidad, probablemente tu navegador no tiene la misma huella dactilar que otros usuarios de I2P (no hay una "multitud" para camuflarte).
diff --git a/i18n/es/android/general-apps.md b/i18n/es/android/general-apps.md
index aa2daec7..46ebe9f8 100644
--- a/i18n/es/android/general-apps.md
+++ b/i18n/es/android/general-apps.md
@@ -95,7 +95,7 @@ Entre las principales características de privacidad se incluyen:
Nota
-Actualmente no se eliminan los metadatos de los archivos de vídeo, pero está previsto hacerlo.
+Metadata is not currently deleted from video files, but that is planned.
Los metadatos de orientación de la imagen no se borran. Si activas la localización (en Secure Camera) eso **tampoco** se borrará. Si quieres borrarlo más tarde tendrás que usar una aplicación externa como [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/es/basics/account-creation.md b/i18n/es/basics/account-creation.md
index c5012fc6..7ed6ccf9 100644
--- a/i18n/es/basics/account-creation.md
+++ b/i18n/es/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Crear cuentas en línea es prácticamente una necesidad en Internet, sigue estos pasos para asegurarte de mantener tu privacidad.
---
-A menudo la gente se inscribe en servicios sin pensar. Tal vez sea un servicio de streaming para que puedas ver ese nuevo show del que todo el mundo habla, o una cuenta que te da un descuento para tu lugar de comida rápida favorito. Sea cual sea el caso, debes tener en cuenta las implicaciones que tednrá para tus datos ahora y más adelante.
+A menudo la gente se inscribe en servicios sin pensar. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Sea cual sea el caso, debes tener en cuenta las implicaciones que tednrá para tus datos ahora y más adelante.
Hay riesgos asociados con cada nuevo servicio que utilices. Las filtraciones de datos, la revelación de información de clientes a terceros o el acceso a datos por parte de empleados deshonestos son posibilidades que deben tenerse en cuenta a la hora de facilitar tu información. Tienes que estar seguro de que puedes confiar en el servicio, por eso no recomendamos almacenar datos valiosos en nada, excepto en los productos más maduros y que han sido puestos profundamente a prueba. Por lo general, se trata de servicios que ofrecen E2EE y han sido sometidos a una auditoría criptográfica. Una auditoría aumenta las garantías de que el producto se diseñó sin problemas de seguridad notorios causados por un desarrollador inexperto.
@@ -13,11 +13,11 @@ También puede ser difícil eliminar las cuentas en algunos servicios. En ocasio
## Términos del servicio y Política de privacidad
-Los ToS (Términos del Servicio) son las normas que usted se compromete a respetar al utilizar el servicio. En los servicios más grandes, estas normas suelen aplicarse mediante sistemas automatizados. A veces, estos sistemas automatizados pueden cometer errores. Por ejemplo, pueden expulsarte o bloquearte la cuenta en algunos servicios por utilizar una VPN o un número VOIP. Recurrir estos bloqueos suele ser difícil, y además implica un proceso automatizado que no siempre funciona bien. Esta es una de las razones por las que no sugerimos utilizar Gmail para el correo electrónico, por ejemplo. El correo electrónico es crucial para acceder a otros servicios a los que estés inscrito.
+Los ToS (Términos del Servicio) son las normas que usted se compromete a respetar al utilizar el servicio. En los servicios más grandes, estas normas suelen aplicarse mediante sistemas automatizados. A veces, estos sistemas automatizados pueden cometer errores. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Recurrir estos bloqueos suele ser difícil, y además implica un proceso automatizado que no siempre funciona bien. Esta es una de las razones por las que no sugerimos utilizar Gmail para el correo electrónico, por ejemplo. El correo electrónico es crucial para acceder a otros servicios a los que estés inscrito.
-La Política de Privacidad es la forma en que el servicio dice que utilizará tus datos y vale la pena leerla para que entiendas cómo se utilizarán tus datos. Una empresa u organización puede no estar legalmente obligada a seguir todo lo que contiene la política (depende de la jurisdicción). Te recomendamos que tengas una idea de cuál es tu legislación local y qué le permite recopilar a un proveedor.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Una empresa u organización puede no estar legalmente obligada a seguir todo lo que contiene la política (depende de la jurisdicción). Te recomendamos que tengas una idea de cuál es tu legislación local y qué le permite recopilar a un proveedor.
-Te recomendamos que busques términos concretos como "recopilación de datos", "análisis de datos", "cookies", "anuncios" o servicios de "terceros". A veces podrás optar por no participar en la recopilación de datos o no compartirlos, pero lo mejor es elegir un servicio que respete tu privacidad desde el principio.
+Te recomendamos que busques términos concretos como "recopilación de datos", "análisis de datos", "cookies", "anuncios" o servicios de "terceros". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Ten en cuenta que también estás depositando tu confianza en la empresa u organización y en que cumplirán su propia política de privacidad.
@@ -42,7 +42,7 @@ Usted es responsable de gestionar sus credenciales de ingreso. Para mayor seguri
#### Alias de correo electrónico
-Si no se quiere utilizar una dirección real de correo electrónico en un servicio, se cuenta con la opción de utilizar un alias. Estos los describimos con mayores detalles en nuestra página con recomendaciones de servicios de correo electrónico. Básicamente, los servicios de alias permiten generar nuevas direcciones de correo que reenvían todos los correos a la dirección principal. Esto puede ayudar a prevenir el rastreo a través de múltiples servicios y ayudar a gestionar los correos de mercadeo que algunas veces vienen con el proceso de registro. Estos pueden ser filtrados automáticamente basándose en el alias al que son enviados.
+Si no se quiere utilizar una dirección real de correo electrónico en un servicio, se cuenta con la opción de utilizar un alias. Estos los describimos con mayores detalles en nuestra página con recomendaciones de servicios de correo electrónico. Básicamente, los servicios de alias permiten generar nuevas direcciones de correo que reenvían todos los correos a la dirección principal. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Estos pueden ser filtrados automáticamente basándose en el alias al que son enviados.
Si un servicio es hackeado, puede que usted comience a recibir correos engañosos o basura en la dirección que utilizó para registrarse. Al utilizar un único alias para cada servicio, se puede identificar cual servicio fue hackeado.
@@ -76,7 +76,7 @@ Las aplicaciones maliciosas, especialmente en dispositivos móviles en los que l
Recomendamos evitar los servicios que exigen un número de teléfono para darse de alta. Un número de teléfono puede identificarte a través de múltiples servicios y, dependiendo de los acuerdos de intercambio de datos, esto hará que tu uso sea más fácil de rastrear, especialmente si uno de esos servicios es violado, ya que el número de teléfono a menudo **no** está cifrado.
-Si puedes, evita dar tu número de teléfono real. Algunos servicios permiten el uso de números VOIP, pero a menudo activan los sistemas de detección de fraude y provocan el bloqueo de la cuenta, por lo que no lo recomendamos para cuentas importantes.
+Si puedes, evita dar tu número de teléfono real. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
En muchos casos, tendrás que facilitar un número desde el que puedas recibir SMS o llamadas, sobre todo cuando hagas compras internacionales, por si hay algún problema con tu pedido en el control fronterizo. Es habitual que los servicios utilicen tu número como método de verificación; ¡no dejes que te bloqueen una cuenta importante por haber querido pasarte de listo y dar un número falso!
diff --git a/i18n/es/basics/account-deletion.md b/i18n/es/basics/account-deletion.md
index e1518519..8f43f1f4 100644
--- a/i18n/es/basics/account-deletion.md
+++ b/i18n/es/basics/account-deletion.md
@@ -27,7 +27,7 @@ Los sistemas operativos también suelen tener un gestor de contraseñas que pued
### Correo Electrónico
-Si no utilizaste un gestor de contraseñas en el pasado o crees que tienes cuentas que nunca se añadieron a tu gestor de contraseñas, otra opción es buscar en la(s) cuenta(s) de correo electrónico en las que crees que te has registrado. En tu cliente de correo electrónico, busca palabras clave como "verificar" o "bienvenida" Casi siempre que se crea una cuenta en línea, el servicio envía un enlace de verificación o un mensaje introductorio a tu correo electrónico. Esta puede ser una buena manera de encontrar cuentas antiguas y olvidadas.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. En tu cliente de correo electrónico, busca palabras clave como "verificar" o "bienvenida" Casi siempre que se crea una cuenta en línea, el servicio envía un enlace de verificación o un mensaje introductorio a tu correo electrónico. Esta puede ser una buena manera de encontrar cuentas antiguas y olvidadas.
## Eliminando Cuentas Antiguas
@@ -39,7 +39,7 @@ Cuando intentes recuperar el acceso, si el sitio devuelve un mensaje de error di
### RGPD (solamente residentes del EEE)
-Los residentes del EEA tienen derechos adicionales sobre la eliminación de sus datos, especificados en el [Artículo 19](https://gdpr-info.eu/art-17-gdpr) de la GDPR. Si es aplicable para ti, lee la política de privacidad del servicio para encontrar información sobre cómo ejercer tu derecho de eliminación. Leer la política de privacidad puede ser importante, ya que algunos servicios tienen una opción de "Borrar Cuenta" que solamente desactiva tu cuenta y para la eliminación real tienes que tomar acción adicional. A veces, la eliminación real puede implicar llenar formularios, enviar un correo electrónico al responsable de la protección de datos del servicio, o incluso demostrar tu residencia en el EEE. Si planeas seguir este camino, **no** sobrescribas la información de tu cuenta; es posible que se requiera tu identidad como residente del EEE. Ten en cuenta que la ubicación del servicio no importa; el RGPD se aplica a cualquiera que preste servicios a usuarios europeos. Si el servicio no respeta tu derecho de supresión de datos, puedes ponerte en contacto con tu [Autoridad de Protección de Datos](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_es) y puedes tener derecho a una compensación monetaria.
+Los residentes del EEA tienen derechos adicionales sobre la eliminación de sus datos, especificados en el [Artículo 19](https://gdpr-info.eu/art-17-gdpr) de la GDPR. Si es aplicable para ti, lee la política de privacidad del servicio para encontrar información sobre cómo ejercer tu derecho de eliminación. Leer la política de privacidad puede ser importante, ya que algunos servicios tienen una opción de "Borrar Cuenta" que solamente desactiva tu cuenta y para la eliminación real tienes que tomar acción adicional. A veces, la eliminación real puede implicar llenar formularios, enviar un correo electrónico al responsable de la protección de datos del servicio, o incluso demostrar tu residencia en el EEE. Si planeas seguir este camino, **no** sobrescribas la información de tu cuenta; es posible que se requiera tu identidad como residente del EEE. Ten en cuenta que la ubicación del servicio no importa; el RGPD se aplica a cualquiera que preste servicios a usuarios europeos. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Sobrescribir la información de la cuenta
diff --git a/i18n/es/basics/common-misconceptions.md b/i18n/es/basics/common-misconceptions.md
index 633476e2..0272acb0 100644
--- a/i18n/es/basics/common-misconceptions.md
+++ b/i18n/es/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Las políticas de privacidad y las prácticas empresariales de los proveedores q
## "Lo complicado es mejor"
-A menudo vemos a gente que describe modelos de amenaza a la privacidad que son excesivamente complejos. A menudo, estas soluciones incluyen problemas como muchas cuentas de correo electrónico diferentes o configuraciones complicadas con muchas partes móviles y condiciones. Las respuestas suelen responder a "¿Cuál es la mejor manera de hacer *X*?"
+A menudo vemos a gente que describe modelos de amenaza a la privacidad que son excesivamente complejos. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Las respuestas suelen responder a "¿Cuál es la mejor manera de hacer *X*?"
Encontrar la "mejor" solución para uno mismo no significa necesariamente que se busque una solución infalible con docenas de condiciones: suele ser difícil trabajar con estas soluciones de forma realista. Como hemos comentado anteriormente, la seguridad a menudo viene a expensas de la comodidad. A continuación, te ofrecemos algunos consejos:
1. ==Las acciones tienen que servir a un propósito concreto:== piensa en cómo hacer lo que quieres con el menor número de acciones.
2. ==Eliminar los puntos de fallo humanos:== Fallamos, nos cansamos y olvidamos cosas. Para mantener la seguridad, evita depender de condiciones y procesos manuales que tengas que recordar.
-3. ==Utiliza el nivel adecuado de protección para lo que pretendes.== A menudo vemos recomendaciones de las llamadas soluciones de aplicación de la ley o a prueba de citaciones. Estas a menudo requieren conocimientos especializados y generalmente no es lo que la gente quiere. No tiene sentido construir un intrincado modelo de amenaza para el anonimato si puede ser fácilmente desanonimizado por un simple descuido.
+3. ==Utiliza el nivel adecuado de protección para lo que pretendes.== A menudo vemos recomendaciones de las llamadas soluciones de aplicación de la ley o a prueba de citaciones. Estas a menudo requieren conocimientos especializados y generalmente no es lo que la gente quiere. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Así que, ¿cómo podría verse esto?
@@ -94,4 +94,4 @@ Uno de los modelos de amenaza más claros es aquel en el que la gente *sabe qui
Usar Tor puede ayudar con esto. También cabe destacar que es posible un mayor anonimato mediante la comunicación asíncrona: la comunicación en tiempo real es vulnerable al análisis de los patrones de escritura (es decir, más de un párrafo de texto, distribuido en un foro, por correo electrónico, etc.)
-[^1]: En marzo de 2024 se produjo un notable ataque a la cadena de suministro, cuando un mantenedor malintencionado añadió una puerta trasera ofuscada en `xz`, una popular biblioteca de compresión. La puerta trasera ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) pretendía dar a un desconocido acceso remoto a la mayoría de los servidores Linux a través de SSH, pero se descubrió antes de que se hubiera desplegado ampliamente.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. La puerta trasera ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) pretendía dar a un desconocido acceso remoto a la mayoría de los servidores Linux a través de SSH, pero se descubrió antes de que se hubiera desplegado ampliamente.
diff --git a/i18n/es/basics/common-threats.md b/i18n/es/basics/common-threats.md
index 50373c01..0744643c 100644
--- a/i18n/es/basics/common-threats.md
+++ b/i18n/es/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Tu modelo de amenaza es personal, pero éstas son algunas de las cosas que preocupan a muchos visitantes de este sitio.
---
-En términos generales, clasificamos nuestras recomendaciones en las [amenazas](threat-modeling.md) u objetivos que se aplican a la mayoría de las personas. ==Puede que no te preocupe ninguna, una, varias o todas estas posibilidades==, y las herramientas y servicios que utilices dependerán de cuáles sean tus objetivos. Es posible que también tengas amenazas específicas fuera de estas categorías, ¡lo cual está perfectamente bien! Lo importante es desarrollar una comprensión de los beneficios y las deficiencias de las herramientas que elijas utilizar, porque prácticamente ninguna de ellas te protegerá de todas las amenazas.
+En términos generales, clasificamos nuestras recomendaciones en las [amenazas](threat-modeling.md) u objetivos que se aplican a la mayoría de las personas. ==Puede que no te preocupe ninguna, una, varias o todas estas posibilidades==, y las herramientas y servicios que utilices dependerán de cuáles sean tus objetivos. You may have specific threats outside these categories as well, which is perfectly fine! Lo importante es desarrollar una comprensión de los beneficios y las deficiencias de las herramientas que elijas utilizar, porque prácticamente ninguna de ellas te protegerá de todas las amenazas.
:material-incognito: **Anonimato**
:
@@ -19,7 +19,7 @@ Estar protegido de hackers u otros actores maliciosos que intentan acceder a *tu
:material-package-variant-closed-remove: **Ataques a la Cadena de Suministro**
:
-Normalmente una forma de
:material-target-account: Ataque Dirigido que se centra en una vulnerabilidad o exploit introducido en un software por lo demás bueno, ya sea directamente o a través de una dependencia de un tercero.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Ataques Pasivos**
:
@@ -44,7 +44,7 @@ Protegerte de las grandes redes publicitarias, como Google y Facebook, así como
:material-account-search: **Exposición Pública**
:
-Limitar la información sobre ti a la que pueden acceder en línea los motores de búsqueda o el público en general.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censura**
:
@@ -76,7 +76,7 @@ Para minimizar el daño que una pieza maliciosa de software *podría hacer*, deb
Los sistemas operativos móviles suelen tener un mejor aislamiento de aplicaciones que los sistemas operativos de escritorio: Las aplicaciones no pueden obtener acceso a la raíz y requieren permiso para acceder a los recursos del sistema.
-Los sistemas operativos de escritorio generalmente se retrasan en el aislamiento adecuado. ChromeOS tiene capacidades de aislamiento similares a las de Android, y macOS tiene un control total de los permisos del sistema (y los desarrolladores pueden optar por el aislamiento para las aplicaciones). Sin embargo, estos sistemas operativos transmiten información de identificación a sus respectivos OEM. Linux tiende a no enviar información a los proveedores de sistemas, pero tiene poca protección contra los exploits y las aplicaciones maliciosas. Esto puede mitigarse un poco con distribuciones especializadas que hagan un uso significativo de máquinas virtuales o contenedores, como [Qubes OS](../desktop.md#qubes-os).
+Los sistemas operativos de escritorio generalmente se retrasan en el aislamiento adecuado. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Sin embargo, estos sistemas operativos transmiten información de identificación a sus respectivos OEM. Linux tiende a no enviar información a los proveedores de sistemas, pero tiene poca protección contra los exploits y las aplicaciones maliciosas. Esto puede mitigarse un poco con distribuciones especializadas que hagan un uso significativo de máquinas virtuales o contenedores, como [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Por lo tanto, siempre que sea posible, hay que utilizar aplicaciones nativas en
-Incluso con E2EE, los proveedores de servicios aún pueden hacerte un perfil basado en **metadatos**, que generalmente no están protegidos. Aunque el proveedor de servicios no puede leer tus mensajes, sí puede observar cosas importantes, como con quién hablas, la frecuencia con la que les envías mensajes y cuándo sueles estar activo. La protección de los metadatos es bastante infrecuente, y -si está dentro de tu [modelo de amenazas](threat-modeling.md)- deberías prestar mucha atención a la documentación técnica del software que estás utilizando para ver si hay alguna minimización o protección de los metadatos.
+Incluso con E2EE, los proveedores de servicios aún pueden hacerte un perfil basado en **metadatos**, que generalmente no están protegidos. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. La protección de los metadatos es bastante infrecuente, y -si está dentro de tu [modelo de amenazas](threat-modeling.md)- deberías prestar mucha atención a la documentación técnica del software que estás utilizando para ver si hay alguna minimización o protección de los metadatos.
## Programas de vigilancia masiva
@@ -156,7 +156,7 @@ La vigilancia masiva es el intrincado esfuerzo por controlar el "comportamiento,
Si quieres saber más sobre los métodos de vigilancia y cómo se aplican en tu ciudad, también puedes echar un vistazo al [Atlas de la Vigilancia](https://atlasofsurveillance.org) de la [Electronic Frontier Foundation](https://eff.org).
-En Francia puedes consultar el [sitio web de Technopolice](https://technopolice.fr/villes), mantenido por la asociación sin ánimo de lucro La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ Si estás preocupado sobre los programas de vigilancia masiva, puedes usar estra
Para muchas personas, el seguimiento y la vigilancia por parte de empresas privadas es una preocupación creciente. Las redes publicitarias omnipresentes, como las operadas por Google y Facebook, se extienden por Internet mucho más allá de los sitios que controlan, rastreando tus acciones a lo largo del camino. El uso de herramientas como los bloqueadores de contenido para limitar las solicitudes de red a sus servidores y la lectura de las políticas de privacidad de los servicios que utiliza pueden ayudarte a evitar a muchos adversarios básicos (aunque no puede evitar por completo el rastreo).[^4]
-Además, incluso empresas ajenas a la industria de *AdTech* o de seguimiento pueden compartir tu información con los [corredores de datos](https://es.wikipedia.org/wiki/Broker_de_informaci%C3%B3n) (como Cambridge Analytica, Experian o Datalogix) u otras partes. No puedes asumir automáticamente que tus datos están seguros sólo porque el servicio que utilizas no entra dentro del típico modelo de negocio de AdTech o de seguimiento. La mayor protección contra la recopilación de datos por parte de las empresas es encriptar u ofuscar tus datos siempre que sea posible, dificultando que los diferentes proveedores puedan correlacionar los datos entre sí y construir un perfil sobre ti.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. No puedes asumir automáticamente que tus datos están seguros sólo porque el servicio que utilizas no entra dentro del típico modelo de negocio de AdTech o de seguimiento. La mayor protección contra la recopilación de datos por parte de las empresas es encriptar u ofuscar tus datos siempre que sea posible, dificultando que los diferentes proveedores puedan correlacionar los datos entre sí y construir un perfil sobre ti.
## Limitación de la información pública
diff --git a/i18n/es/basics/email-security.md b/i18n/es/basics/email-security.md
index be8e6cf7..7cb42812 100644
--- a/i18n/es/basics/email-security.md
+++ b/i18n/es/basics/email-security.md
@@ -29,13 +29,13 @@ Si utilizar un dominio compartido desde un proveedor no compatible con WKD, como
### ¿Qué clientes de correo electrónico admiten E2EE?
-Los proveedores de correo electrónico que permiten utilizar protocolos de acceso estándar como IMAP y SMTP pueden utilizarse con cualquiera de los clientes de correo electrónico [que recomendamos](../email-clients.md). Dependiendo del método de autenticación, esto puede conducir a la disminución de la seguridad si el proveedor o el cliente de correo electrónico no soporta OATH o una aplicación puente debido a que la [autenticación multifactor](multi-factor-authentication.md) no es posible con la autenticación de contraseña simple.
+Los proveedores de correo electrónico que permiten utilizar protocolos de acceso estándar como IMAP y SMTP pueden utilizarse con cualquiera de los clientes de correo electrónico [que recomendamos](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### ¿Cómo puedo proteger mis claves privadas?
-Una tarjeta inteligente (como una [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) o [Nitrokey](../security-keys.md#nitrokey)) funciona recibiendo un mensaje de correo electrónico cifrado desde un dispositivo (teléfono, tableta, ordenador, etc.) que ejecute un cliente de correo electrónico/correo web. El mensaje es entonces descifrado por la tarjeta inteligente y el contenido descifrado es enviado de vuelta al dispositivo.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Es ventajoso para el descifrado que suceda en la tarjeta inteligente para evitar la posible exposición de tu clave privada en un dispositivo comprometido.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Descripción general de los metadatos de correo electrónico
@@ -49,4 +49,4 @@ Los metadatos del correo electrónico están protegidos de observadores externos
### ¿Por qué los metadatos no pueden ser E2EE?
-Los metadatos del correo electrónico son cruciales para la funcionalidad más básica del correo electrónico (de dónde viene y a dónde tiene que ir). E2EE no estaba integrado originalmente en los protocolos de correo electrónico, sino que requería un software adicional como OpenPGP. Dado que los mensajes OpenPGP todavía tienen que funcionar con los proveedores de correo electrónico tradicionales, no puede cifrar los metadatos del correo electrónico, sino sólo el cuerpo del mensaje. Esto significa que, incluso cuando se utiliza OpenPGP, los observadores externos pueden ver mucha información sobre tus mensajes, como a quién estás enviando correos electrónicos, las líneas de asunto, cuándo estás enviando correos, etc.
+Los metadatos del correo electrónico son cruciales para la funcionalidad más básica del correo electrónico (de dónde viene y a dónde tiene que ir). E2EE no estaba integrado originalmente en los protocolos de correo electrónico, sino que requería un software adicional como OpenPGP. Dado que los mensajes OpenPGP todavía tienen que funcionar con los proveedores de correo electrónico tradicionales, no puede cifrar los metadatos del correo electrónico, sino sólo el cuerpo del mensaje. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/es/basics/hardware.md b/i18n/es/basics/hardware.md
index 99546a70..bd990923 100644
--- a/i18n/es/basics/hardware.md
+++ b/i18n/es/basics/hardware.md
@@ -55,7 +55,7 @@ La mayoría de las implementaciones de autenticación facial requieren que esté
Advertencia
-Algunos dispositivos no disponen del hardware adecuado para la autenticación facial segura. Hay dos tipos principales de autenticación facial: 2D y 3D. La autenticación facial 3D utiliza un proyector de puntos que permite al dispositivo crear un mapa de profundidad 3D de tu cara. Asegúrate de que tu dispositivo dispone de esta capacidad.
+Algunos dispositivos no disponen del hardware adecuado para la autenticación facial segura. There are two main types of face authentication: 2D and 3D. La autenticación facial 3D utiliza un proyector de puntos que permite al dispositivo crear un mapa de profundidad 3D de tu cara. Asegúrate de que tu dispositivo dispone de esta capacidad.
@@ -102,7 +102,7 @@ Un dispositivo de hombre muerto impide que una máquina funcione sin la presenci
Algunos portátiles son capaces de [detectar](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) cuándo estás presente y pueden bloquearse automáticamente cuando no estás sentado frente a la pantalla. Deberías comprobar la configuración de tu sistema operativo para ver si tu ordenador admite esta función.
-También puedes conseguir cables, como [Buskill](https://buskill.in), que bloquean o borran el ordenador cuando se desconecta el cable.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdicción/Ataque Evil Maid
diff --git a/i18n/es/basics/multi-factor-authentication.md b/i18n/es/basics/multi-factor-authentication.md
index 320b0b84..b2dbde29 100644
--- a/i18n/es/basics/multi-factor-authentication.md
+++ b/i18n/es/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Autenticación de Múltiples Factores"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: La MFA es un mecanismo de seguridad fundamental para proteger sus cuentas en línea, pero algunos métodos son más eficaces que otros.
---
-**La autenticación multifactorial** (**MFA**) es un mecanismo de seguridad que requiere pasos adicionales a la introducción del nombre de usuario (o correo electrónico) y la contraseña. El método más común son los códigos de tiempo limitado que puedes recibir de un SMS o una aplicación.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. El método más común son los códigos de tiempo limitado que puedes recibir de un SMS o una aplicación.
Normalmente, si un hacker (o adversario) es capaz de averiguar tu contraseña, entonces obtendrá acceso a la cuenta a la que pertenece esa contraseña. Una cuenta con MFA obliga al hacker a tener tanto la contraseña (algo que *conoces*) como un dispositivo de tu propiedad (algo que *tienes*), como tu teléfono.
@@ -26,7 +26,7 @@ La seguridad de las notificaciones push MFA depende tanto de la calidad de la ap
### Contraseñas de un solo uso basado en tiempo (TOTP)
-El TOTP es una de las formas más comunes de MFA disponibles. Cuando se configura el TOTP, generalmente se requiere escanear un [código QR](https://es.wikipedia.org/wiki/C%C3%B3digo_QR) que establece un "[secreto compartido](https://es.wikipedia.org/wiki/Secreto_compartido)" con el servicio que se pretende utilizar. El secreto compartido está asegurado dentro de los datos de la aplicación de autenticación, y a veces está protegido por una contraseña.
+El TOTP es una de las formas más comunes de MFA disponibles. Cuando se configura el TOTP, generalmente se requiere escanear un [código QR](https://es.wikipedia.org/wiki/C%C3%B3digo_QR) que establece un "[secreto compartido](https://es.wikipedia.org/wiki/Secreto_compartido)" con el servicio que se pretende utilizar. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
El código de tiempo limitado se deriva entonces del secreto compartido y de la hora actual. Como el código sólo es válido durante un corto periodo de tiempo, sin acceso al secreto compartido, un adversario no puede generar nuevos códigos.
@@ -82,7 +82,7 @@ Esta presentación habla de la historia de la autenticación de contraseñas, lo
FIDO2 y WebAuthn tienen propiedades de seguridad y privacidad superiores en comparación con cualquier método MFA.
-Por lo general, para los servicios web se utiliza con WebAuthn, que es una parte de las [recomendaciones W3C](https://es.wikipedia.org/wiki/World_Wide_Web_Consortium#Recomendaci%C3%B3n_de_W3C_(REC)). Utiliza autenticación de clave pública y es más segura que los secretos compartidos utilizados en los métodos OTP y TOTP de Yubico, ya que incluye el nombre de origen (normalmente, el nombre del dominio) durante la autenticación. La certificación se proporciona para protegerte del phishing, ya que te ayuda a determinar que estás utilizando el servicio auténtico y no una copia falsa.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Utiliza autenticación de clave pública y es más segura que los secretos compartidos utilizados en los métodos OTP y TOTP de Yubico, ya que incluye el nombre de origen (normalmente, el nombre del dominio) durante la autenticación. La certificación se proporciona para protegerte del phishing, ya que te ayuda a determinar que estás utilizando el servicio auténtico y no una copia falsa.
A diferencia de Yubico OTP, WebAuthn no utiliza ningún ID público, entonces la clave **no** es identificable a través de diferentes sitios web. Tampoco utiliza ningún servidor de nube de terceros para la autenticación. Toda la comunicación se completa entre la clave y el sitio web en el que estás iniciando sesión. FIDO también utiliza un contador que se incrementa cuando se utiliza para evitar la reutilización de la sesión y llaves clonadas.
@@ -116,15 +116,15 @@ Si usas MFA de SMS, utiliza un operador que no cambie tu número de teléfono a
## Más lugares para configurar MFA
-Además de proteger tus inicios de sesión del sitio web, la autenticación de múltiples factores también se puede utilizar para proteger tus inicios de sesión locales, claves SSH o incluso bases de datos de contraseñas.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS tiene [soporte nativo](https://support.apple.com/es-es/guide/deployment/depd0b888248/web) para la autenticación con tarjetas inteligentes (PIV). Si tienes una tarjeta inteligente o una llave de seguridad de hardware compatible con la interfaz PIV como la YubiKey, te recomendamos que sigas la documentación de tu tarjeta inteligente/vendedor de seguridad de hardware y configures la autenticación de segundo factor para tu ordenador macOS.
+macOS tiene [soporte nativo](https://support.apple.com/es-es/guide/deployment/depd0b888248/web) para la autenticación con tarjetas inteligentes (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico tiene una guía [Uso de tu YubiKey como una Tarjeta Inteligente en macOS](https://support.yubico.com/hc/articles/360016649059) que puede ayudarte a configurar tu YubiKey en macOS.
-Después de configurar tu tarjeta inteligente/clave de seguridad, te recomendamos que ejecutes este comando en el Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ MFA de SSH también se puede configurar utilizando TOTP. DigitalOcean ha proporc
### KeePass (y KeePassXC)
-Las bases de datos de KeePass y KeePassXC pueden ser aseguradas utilizando Challenge-Response o HOTP como segundo factor de autenticación. Yubico ha proporcionado un documento para KeePass [Usando Tu YubiKey con KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) y también hay uno en el sitio web de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico ha proporcionado un documento para KeePass [Usando Tu YubiKey con KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) y también hay uno en el sitio web de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
diff --git a/i18n/es/basics/passwords-overview.md b/i18n/es/basics/passwords-overview.md
index 5db722fa..a12df1e7 100644
--- a/i18n/es/basics/passwords-overview.md
+++ b/i18n/es/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Todos nuestros [gestores recomendados de contraseñas](../passwords.md) incluyen
Debes evitar cambiar frecuentemente las contraseñas que debes recordar (como la contraseña maestra de tu gestor de contraseñas), a menos que tengas alguna razón para creer que ha sido comprometida, porque cambiarla con mucha frecuencia te expone al riesgo de olvidarla.
-Cuando se trata de contraseñas que no tienes que recordar (como las contraseñas almacenadas en tu gestor de contraseñas), si tu [modelo de amenazas](threat-modeling.md) lo requiere, recomendamos revisar las cuentas importantes (especialmente las cuentas que no utilizan autenticación multifactor) y cambiar tu contraseña cada dos meses, en caso de que se hayan visto comprometidas en una filtración de datos que aún no se haya hecho pública. La mayoría de los gestores de contraseñas permiten fijar una fecha de caducidad para facilitar su gestión.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. La mayoría de los gestores de contraseñas permiten fijar una fecha de caducidad para facilitar su gestión.
Comprobación de las violaciones de datos
@@ -54,13 +54,13 @@ Para generar una frase de contraseña diceware utilizando dados reales, sigue es
Nota
-Estas instrucciones asumen que estás usando [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) para generar la frase de contraseña, que requiere cinco tiradas de dados por palabra. Otras listas de palabras pueden requerir más o menos tiradas por palabra, y pueden necesitar una cantidad diferente de palabras para alcanzar la misma entropía.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Tira un dado de seis caras cinco veces y anota el número después de cada tirada.
-2. Por ejemplo, digamos que sacas `2-5-2-6-6`. Busca en la [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) la palabra que corresponde a `25266`.
+2. Por ejemplo, digamos que sacas `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Encontrarás la palabra `encriptar`. Escribe esa palabra.
@@ -75,25 +75,25 @@ Estas instrucciones asumen que estás usando [EFF large wordlist](https://eff.or
Si no tienes acceso a dados reales o prefieres no utilizarlos, puedes utilizar el generador de contraseñas integrado en tu gestor de contraseñas, ya que la mayoría de ellos tienen la opción de generar frases de contraseña diceware además de contraseñas normales.
-Te recomendamos que utilices la [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) para generar tus frases de contraseña diceware, ya que ofrece exactamente la misma seguridad que la lista original, a la vez que contiene palabras más fáciles de memorizar. También hay [otras listas de palabras en diferentes idiomas](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), si no quieres que tu frase de contraseña esté en inglés.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explicación de la entropía y la fuerza de las frases de contraseña diceware
-Para demostrar lo fuertes que son las frases de contraseña diceware, utilizaremos la frase de contraseña de siete palabras antes mencionada (`viewable fastness reluctant squishy seventeen shown pencil`) y [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) como ejemplo.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
Una métrica para determinar la fuerza de una frase de contraseña diceware es cuánta entropía tiene. La entropía por palabra en una frase de contraseña diceware se calcula como y la entropía global de la frase de contraseña se calcula como:
Por tanto, cada palabra de la lista mencionada genera ~12,9 bits de entropía (), y una frase de contraseña de siete palabras derivada de ella tiene ~90,47 bits de entropía ().
-La [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contiene 7776 palabras únicas. Para calcular la cantidad de posibles frases de contraseña, todo lo que tenemos que hacer es o en nuestro caso, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. Para calcular la cantidad de posibles frases de contraseña, todo lo que tenemos que hacer es o en nuestro caso, .
-Pongamos todo esto en perspectiva: Una frase de siete palabras utilizando la [EFF large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) es una de las ~1.719.070.799.748.422.500.000.000.000 frases posibles.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
Por término medio, se necesita probar el 50% de todas las combinaciones posibles para adivinar su frase. Teniendo esto en cuenta, incluso si tu adversario es capaz de realizar ~1.000.000.000.000 de intentos por segundo, aún tardaría ~27.255.689 años en adivinar tu frase de contraseña. Esto es así incluso si las siguientes cosas son ciertas:
- Tu adversario sabe que has utilizado el método diceware.
-- Tu adversario conoce la lista de palabras específica que utilizaste.
+- Your adversary knows the specific word list that you used.
- Tu adversario sabe cuántas palabras contiene tu frase de contraseña.
@@ -113,7 +113,7 @@ Hay muchas buenas opciones para elegir, tanto basadas en la nube como locales. E
No coloques tus contraseñas y tokens TOTP en el mismo gestor de contraseñas
-Cuando utilices [códigos TOTP como autenticación multifactor](multi-factor-authentication.md#time-based-one-time-password-totp), la mejor práctica de seguridad es mantener tus códigos TOTP en una [app separada](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Almacenar tus tokens TOTP en el mismo lugar que tus contraseñas, aunque cómodo, reduce las cuentas a un único factor en caso de que un adversario acceda a tu gestor de contraseñas.
diff --git a/i18n/es/basics/threat-modeling.md b/i18n/es/basics/threat-modeling.md
index cb1711fe..3890c77f 100644
--- a/i18n/es/basics/threat-modeling.md
+++ b/i18n/es/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Un "activo" es algo que valoras y quieres proteger. En el contexto de la segurid
Para responder a esta pregunta, es importante identificar quién podría querer suponer una amenaza para usted o su información. ==Una persona o entidad que supone una amenaza para sus activos es un "adversario".== Ejemplos de adversarios potenciales son tu jefe, tu ex pareja, tu competencia empresarial, tu gobierno o un hacker en una red pública.
-*Haz una lista de tus adversarios o de aquellos que podrían querer apoderarse de tus activos. Su lista puede incluir individuos, una agencia gubernamental o empresas.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Su lista puede incluir individuos, una agencia gubernamental o empresas.*
Dependiendo de quiénes sean sus adversarios, esta lista puede ser algo que quieras destruir después de haber terminado de desarrollar tu modelo de amenazas.
diff --git a/i18n/es/browser-extensions.md b/i18n/es/browser-extensions.md
index dc2a041e..42092068 100644
--- a/i18n/es/browser-extensions.md
+++ b/i18n/es/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite solo recibe actualizaciones de la lista de bloqueos cada vez
### AdGuard
-Recomendamos [Safari](mobile-browsers.md#safari-ios) para los usuarios de iOS, que lamentablemente no es compatible con uBlock Origin. Por suerte, Adguard ofrece una alternativa adecuada:
+Recomendamos [Safari](mobile-browsers.md#safari-ios) para los usuarios de iOS, que lamentablemente no es compatible con uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/es/calendar.md b/i18n/es/calendar.md
index 9106aa8b..88cf4be8 100644
--- a/i18n/es/calendar.md
+++ b/i18n/es/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** ofrece un calendario gratuito y cifrado en todas sus plataformas. Entre sus características se incluyen: E2EE automático de todos los datos, funciones para compartir, funcionalidad de importación/exportación, autenticación multifactor y [más](https://tuta.com/calendar-app-comparison).
+**Tuta** ofrece un calendario gratuito y cifrado en todas sus plataformas. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Las funciones de calendarios múltiples y uso compartido ampliado están limitadas a los suscriptores de pago.
diff --git a/i18n/es/cloud.md b/i18n/es/cloud.md
index ad5b06a0..a3a1f87d 100644
--- a/i18n/es/cloud.md
+++ b/i18n/es/cloud.md
@@ -28,7 +28,7 @@ Nextcloud [sigue siendo una herramienta recomendada](document-collaboration.md#n
{ align=right }
-**Proton Drive** es un proveedor de almacenamiento cifrado en la nube del popular proveedor de correo electrónico cifrado [Proton Mail](email.md#proton-mail). El almacenamiento gratuito inicial está limitado a 2 GB, pero al completar [ciertos pasos](https://proton.me/support/more-free-storage-existing-users), se puede obtener almacenamiento adicional de hasta 5 GB.
+**Proton Drive** es un proveedor de almacenamiento cifrado en la nube del popular proveedor de correo electrónico cifrado [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Página Principal](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Política de Privacidad" }
@@ -119,7 +119,7 @@ Ejecutar una versión local de Peergos junto con una cuenta registrada en su ser
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-No hay disponible una aplicación para Android, pero está [en preparación](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). La solución actual consiste en utilizar [la PWA](https://peergos.net) móvil en su lugar.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). La solución actual consiste en utilizar [la PWA](https://peergos.net) móvil en su lugar.
## Criterios
@@ -129,7 +129,7 @@ No hay disponible una aplicación para Android, pero está [en preparación](htt
- Debe aplicar el cifrado de extremo a extremo.
- Debe ofrecer un plan gratuito o un periodo de prueba.
-- Debe ser compatible con la autenticación multifactor TOTP o FIDO2, o con los inicios de sesión con llave de acceso.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Debe ofrecer una interfaz web que admita funciones básicas de gestión de archivos.
- Debe permitir exportar fácilmente todos los archivos/documentos.
diff --git a/i18n/es/cryptocurrency.md b/i18n/es/cryptocurrency.md
index 8b680ed2..923595a9 100644
--- a/i18n/es/cryptocurrency.md
+++ b/i18n/es/cryptocurrency.md
@@ -75,7 +75,7 @@ Existen numerosos intercambios centralizados (CEX), así como mercados P2P donde
- [Kraken](https://kraken.com): Un conocido CEX. El registro y el KYC son obligatorios. Se aceptan pagos con tarjeta y transferencias bancarias. Asegúrese de no dejar sus Monero recién adquiridos en la plataforma de Kraken tras la compra; retírelos a un monedero de autocustodia. Monero no está disponible en todas las jurisdicciones en las que opera Kraken.[^1]
- [Cake Wallet](https://cakewallet.com): Un monedero multiplataforma de autocustodia para Monero y otras criptodivisas. Puede comprar Monero directamente en la aplicación mediante pagos con tarjeta o transferencias bancarias (a través de proveedores externos como [Guardarian](https://guardarian.com) o [DFX](https://dfx.swiss)).[^2] Normalmente no se requiere KYC, pero depende de su país y de la cantidad que vaya a comprar. En los países donde no es posible comprar Monero directamente, también puede utilizar un proveedor dentro de Cake Wallet para comprar primero otra criptomoneda como Bitcoin, Bitcoin Cash o Litecoin y luego cambiarla por Monero en la aplicación.
- [Monero.com](https://monero.com) es un sitio web asociado en el que puede comprar Monero y otras criptomonedas sin tener que descargar una aplicación. Los fondos se enviarán simplemente a la dirección del monedero que elija.
-- [RetoSwap](https://retoswap.com) (antes conocido como Haveno-Reto) es una plataforma de intercambio P2P descentralizada y de autocustodia basada en el proyecto [Haveno](https://haveno.exchange) que está disponible para Linux, Windows y macOS. Monero se puede comprar y vender con la máxima privacidad, ya que la mayoría de las contrapartes comerciales no requieren KYC, las operaciones se realizan directamente entre los usuarios (P2P), y todas las conexiones se ejecutan a través de la red Tor. Es posible comprar Monero mediante transferencia bancaria, Paypal, o incluso pagando en efectivo (reuniéndose en persona o enviando por correo). Los árbitros pueden intervenir para resolver disputas entre comprador y vendedor, pero tenga cuidado al compartir su cuenta bancaria u otra información sensible con su contraparte comercial. Operar con algunas cuentas puede ir en contra de las condiciones de servicio de dichas cuentas.
+- [RetoSwap](https://retoswap.com) (antes conocido como Haveno-Reto) es una plataforma de intercambio P2P descentralizada y de autocustodia basada en el proyecto [Haveno](https://haveno.exchange) que está disponible para Linux, Windows y macOS. Monero se puede comprar y vender con la máxima privacidad, ya que la mayoría de las contrapartes comerciales no requieren KYC, las operaciones se realizan directamente entre los usuarios (P2P), y todas las conexiones se ejecutan a través de la red Tor. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Los árbitros pueden intervenir para resolver disputas entre comprador y vendedor, pero tenga cuidado al compartir su cuenta bancaria u otra información sensible con su contraparte comercial. Operar con algunas cuentas puede ir en contra de las condiciones de servicio de dichas cuentas.
## Criterios
diff --git a/i18n/es/data-broker-removals.md b/i18n/es/data-broker-removals.md
index ee1ddc47..9af8eddf 100644
--- a/i18n/es/data-broker-removals.md
+++ b/i18n/es/data-broker-removals.md
@@ -56,11 +56,11 @@ De este modo se establece un horario para volver a revisar cada sitio web aproxi
Una vez que te hayas dado de baja de todos estos sitios por primera vez, lo mejor es esperar una o dos semanas para que las solicitudes se propaguen a todos sus sitios. A continuación, puedes empezar a buscar y darte de baja de los sitios restantes que encuentres. Puede ser una buena idea utilizar un rastreador web como la herramienta [Google's _Results about you_](#google-results-about-you-free) para ayudar a encontrar cualquier dato que permanezca en Internet.
-Por lo demás, la periodista especializada en privacidad Yael Grauer ha elaborado una excelente lista de sitios de comerciantes de datos con enlaces directos a sus herramientas de búsqueda y páginas de exclusión voluntaria. Puedes dedicar algún tiempo a revisar cada sitio para determinar si tienen tu información y eliminarla:
+Por lo demás, la periodista especializada en privacidad Yael Grauer ha elaborado una excelente lista de sitios de comerciantes de datos con enlaces directos a sus herramientas de búsqueda y páginas de exclusión voluntaria. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Enorme Lista de Exclusión de Comerciantes de Datos](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-Si no utilizas un escáner automático para encontrar resultados sobre ti, considera la posibilidad de establecer un recordatorio para volver a realizar este proceso cada 3, 6 o 12 meses, en función de tu nivel de riesgo y de la cantidad de datos personales que tengas ahí fuera. Desafortunadamente, es habitual que tus datos reaparezcan con el tiempo o aparezcan en nuevos sitios de búsqueda de personas incluso después de haberte dado de baja.
+Si no utilizas un escáner automático para encontrar resultados sobre ti, considera la posibilidad de establecer un recordatorio para volver a realizar este proceso cada 3, 6 o 12 meses, en función de tu nivel de riesgo y de la cantidad de datos personales que tengas ahí fuera. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts de Pago
@@ -125,7 +125,7 @@ En nuestras pruebas, esta herramienta funcionó para eliminar de forma fiable lo
Nuestras selecciones de servicios de eliminación se basan principalmente en pruebas profesionales independientes realizadas por terceros, como se indica en las secciones anteriores, en nuestras propias pruebas internas y en los comentarios agregados de nuestra comunidad.
-- No debe ser un servicio con etiqueta blanca ni un revendedor de otro proveedor.
+- Must not be a white labeled service or reseller of another provider.
- No debe estar afiliado a la industria de la comercialización de datos ni comprar publicidad en sitios de búsqueda de personas.
- Solo debe utilizar tus datos personales para excluirte de bases de datos de comerciantes y sitios de búsqueda de personas.
diff --git a/i18n/es/desktop-browsers.md b/i18n/es/desktop-browsers.md
index 63e87cb1..a97af1c4 100644
--- a/i18n/es/desktop-browsers.md
+++ b/i18n/es/desktop-browsers.md
@@ -109,7 +109,7 @@ Esto es necesario para evitar formas avanzadas de rastreo, pero a costa de la co
### Mullvad Leta
-Mullvad Browser viene con DuckDuckGo configurado como [motor de búsqueda](search-engines.md) por defecto, pero también viene preinstalado con **Mullvad Leta**, un motor de búsqueda que requiere una suscripción activa a Mullvad VPN para poder acceder. Mullvad Leta consulta directamente la API de búsqueda de pago de Google, que se encuentra limitada a los suscriptores de pago. Sin embargo, para Mullvad es posible correlacionar las consultas de búsqueda y las cuentas de Mullvad VPN debido a esta limitación. Por este motivo, desaconsejamos el uso de Mullvad Leta, a pesar de que Mullvad recopila muy poca información sobre sus suscriptores de VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta consulta directamente la API de búsqueda de pago de Google, que se encuentra limitada a los suscriptores de pago. Sin embargo, para Mullvad es posible correlacionar las consultas de búsqueda y las cuentas de Mullvad VPN debido a esta limitación. Por este motivo, desaconsejamos el uso de Mullvad Leta, a pesar de que Mullvad recopila muy poca información sobre sus suscriptores de VPN.
## Firefox
@@ -189,7 +189,7 @@ Según la política de privacidad de Mozilla para Firefox,
> Firefox envía datos sobre tu versión e idioma de Firefox; sistema operativo del dispositivo y configuración del hardware; memoria, información básica sobre fallos y errores; resultado de procesos automatizados como actualizaciones, navegación segura y activación. Cuando Firefox envía datos, tu dirección IP se recoge temporalmente como parte de los registros de nuestro servidor.
-Además, el servicio de Cuentas de Mozilla recopila [algunos datos técnicos](https://mozilla.org/privacy/mozilla-accounts). Si usas una cuenta de Mozilla, puedes optar por salir:
+Además, el servicio de Cuentas de Mozilla recopila [algunos datos técnicos](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Abre la [configuración de tu perfil en accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Desmarca **Recopilación y uso de datos** > **Ayuda a mejorar Cuentas de Firefox**
@@ -204,7 +204,7 @@ Con el lanzamiento de Firefox 128, un nuevo ajuste para la [atribución de respe
- [x] Selecciona **Activar el modo solo-HTTPS en todas las ventanas**
-Esto evita que te conectes involuntariamente a un sitio web en texto plano HTTP. Los sitios sin HTTPS son poco comunes hoy en día, por lo que esto debería tener poco o ningún impacto en tu navegación diaria.
+Esto evita que te conectes involuntariamente a un sitio web en texto plano HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS sobre HTTPS
@@ -297,7 +297,7 @@ Brave te permite seleccionar filtros de contenido adicionales en la página inte
-1. Esta opción desactiva JavaScript, lo que romperá muchos sitios. Para no romperlos, puedes establecer excepciones por sitio haciendo clic en el icono del Escudo en la barra de direcciones y desmarcando esta opción en *Controles avanzados*.
+1. Esta opción desactiva JavaScript, lo que romperá muchos sitios. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. Si deseas permanecer conectado a un sitio concreto que visitas a menudo, puedes establecer excepciones por sitio haciendo clic en el icono del Escudo de la barra de direcciones y desmarcando esta opción en *Controles avanzados*.
#### Privacidad y seguridad
diff --git a/i18n/es/desktop.md b/i18n/es/desktop.md
index b6084bf5..bdff81a8 100644
--- a/i18n/es/desktop.md
+++ b/i18n/es/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
Una vez finalizada la actualización, reiniciará el sistema en la nueva implantación. `rpm-ostree` mantiene dos despliegues del sistema para que usted pueda fácilmente volver atrás si algo se rompe en el nuevo despliegue. También existe la opción de anclar más implementaciones según sea necesario.
-[Flatpak](https://flatpak.org) es el método principal de instalación de paquetes en estas distribuciones, ya que `rpm-ostree` solo está pensado para superponer paquetes que no pueden permanecer dentro de un contenedor sobre la imagen base.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
Como alternativa a Flatpaks, existe la opción de [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) para crear contenedores [Podman](https://podman.io) que imitan un entorno Fedora tradicional, una [característica útil](https://containertoolbx.org) para el desarrollador exigente. Estos contenedores comparten un directorio de inicio con el sistema operativo anfitrión.
@@ -123,7 +123,7 @@ NixOS es una distribución independiente basada en el gestor de paquetes Nix y c
El gestor de paquetes de NixOS guarda cada versión de cada paquete en una carpeta diferente del almacén **Nix**. Debido a esto, puedes tener diferentes versiones del mismo paquete instalado en tu sistema. Después de escribir el contenido del paquete en la carpeta, esta pasa a ser de solo lectura.
-NixOS también proporciona actualizaciones atómicas. Primero descarga (o construye) los paquetes y archivos para la nueva generación de sistemas y luego cambia a ella. Hay diferentes maneras de cambiar a una nueva generación: puedes decirle a NixOS que la active después de reiniciar o puedes cambiar a ella en el tiempo de ejecución. También puedes *probar* la nueva generación cambiando a ella durante el tiempo de ejecución, pero sin establecerla como la generación actual del sistema. Si algo en el proceso de actualización se rompe, puedes simplemente reiniciar y automáticamente volver a una versión de trabajo de tu sistema.
+NixOS también proporciona actualizaciones atómicas. Primero descarga (o construye) los paquetes y archivos para la nueva generación de sistemas y luego cambia a ella. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. También puedes *probar* la nueva generación cambiando a ella durante el tiempo de ejecución, pero sin establecerla como la generación actual del sistema. Si algo en el proceso de actualización se rompe, puedes simplemente reiniciar y automáticamente volver a una versión de trabajo de tu sistema.
El gestor de paquetes Nix utiliza un lenguaje puramente funcional -que también se llama Nix- para definir paquetes.
diff --git a/i18n/es/device-integrity.md b/i18n/es/device-integrity.md
index c9071e97..da017640 100644
--- a/i18n/es/device-integrity.md
+++ b/i18n/es/device-integrity.md
@@ -28,7 +28,7 @@ Esto significa que un atacante deberá volver a infectar tu dispositivo con regu
Si cualquiera de las siguientes herramientas indican un potencial compromiso de parte de programas espías como Pegasus, Predator o KingsPawn, te recomendamos contactar:
- Si eres un defensor de los derechos humanos, periodista o perteneces a una organización de la sociedad civil: [Laboratorio de Seguridad de Amnistía Internacional](https://securitylab.amnesty.org/contact-us)
-- Si un dispositivo empresarial o gubernamental se ve comprometido: el intermediario de seguridad apropiado en tu empresa, departamento o agencia
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Cuerpos locales de seguridad
**No somos capaces de ayudarte directamente más allá de esto.** Estamos encantados de discutir tu situación o circunstancia en específico y revisar tus resultados en nuestros espacios [comunitarios](https://discuss.privacyguides.net), pero es poco probable que podamos ayudarte más allá de lo escrito en esta página.
@@ -129,7 +129,7 @@ MVT te permite realizar escaneos/análisis más profundos si tu dispositivo tien
-iMazing automatiza y te guía de forma interactiva a través del proceso de uso de [MVT](#mobile-verification-toolkit) para escanear tu dispositivo en busca de indicadores de compromiso de acceso público publicados por varios investigadores de amenazas. Toda la información y advertencias que se aplican a MVT se aplican también a esta herramienta, por lo que te sugerimos que te familiarices también con las notas sobre MVT de las secciones anteriores.
+iMazing automatiza y te guía de forma interactiva a través del proceso de uso de [MVT](#mobile-verification-toolkit) para escanear tu dispositivo en busca de indicadores de compromiso de acceso público publicados por varios investigadores de amenazas. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## Verificación en el Dispositivo
diff --git a/i18n/es/dns.md b/i18n/es/dns.md
index 275b421b..82071017 100644
--- a/i18n/es/dns.md
+++ b/i18n/es/dns.md
@@ -75,7 +75,7 @@ AdGuard Home cuenta con una interfaz web pulida para ver información y gestiona
## Filtrado DNS basado en la nube
-Estas soluciones de filtrado DNS ofrecen un panel web en el que puede personalizar las listas de bloqueo según sus necesidades exactas, de forma similar a un Pi-hole. Estos servicios suelen ser más fáciles de instalar y configurar que los autoalojados, como los anterioriores, y pueden utilizarse más fácilmente en múltiples redes (las soluciones autoalojadas suelen estar restringidas a su red doméstica/local, a menos que se establezca una configuración más avanzada).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. Estos servicios suelen ser más fáciles de instalar y configurar que los autoalojados, como los anterioriores, y pueden utilizarse más fácilmente en múltiples redes (las soluciones autoalojadas suelen estar restringidas a su red doméstica/local, a menos que se establezca una configuración más avanzada).
### Control D
@@ -164,7 +164,7 @@ El software de proxy de DNS cifrado proporciona un proxy local para que el servi
-Aunque RethinkDNS ocupa el espacio VPN de Android, puedes seguir utilizando una VPN u Orbot con la aplicación [añadiendo una configuración de Wireguard](https://docs.rethinkdns.com/proxy/wireguard) o [configurando manualmente Orbot como servidor Proxy](https://docs.rethinkdns.com/firewall/orbot), respectivamente.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/es/document-collaboration.md b/i18n/es/document-collaboration.md
index eccd8f6e..5323789f 100644
--- a/i18n/es/document-collaboration.md
+++ b/i18n/es/document-collaboration.md
@@ -86,4 +86,4 @@ En general, definimos las plataformas de colaboración como paquetes completos q
Nuestro criterio del mejor caso representa lo que nos gustaría ver del proyecto perfecto en esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página.
- Debe almacenar los archivos en un sistema de archivos convencional.
-- Debe ser compatible con la autenticación multifactor TOTP o FIDO2, o con los inicios de sesión con llave de acceso.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/es/email-aliasing.md b/i18n/es/email-aliasing.md
index 84fc07cf..aaeb57e1 100644
--- a/i18n/es/email-aliasing.md
+++ b/i18n/es/email-aliasing.md
@@ -80,7 +80,7 @@ Si cancelas tu suscripción, disfrutarás de las características de tu plan de
-{ align=right }
+{ align=right }
**SimpleLogin** es un servicio gratuito que proporciona alias de correo electrónico en una variedad de nombres de dominio compartidos y, opcionalmente, ofrece funciones de pago como alias ilimitados y dominios personalizados.
diff --git a/i18n/es/email.md b/i18n/es/email.md
index 73cce851..864f598c 100644
--- a/i18n/es/email.md
+++ b/i18n/es/email.md
@@ -58,7 +58,7 @@ OpenPGP tampoco soporta Forward secrecy, lo que significa que si tu clave privad
{ align=right }
-**Proton Mail** es un servicio de correo electrónico con un enfoque en privacidad, encriptación, seguridad, y la facilidad de uso. Ha estado en operación desde 2013. Proton AG tiene su sede en Ginebra, Suiza. El plan gratuito de Proton Mail incluye 500MB de almacenamiento, que puede ser aumentado hasta 1GB sin costo.
+**Proton Mail** es un servicio de correo electrónico con un enfoque en privacidad, encriptación, seguridad, y la facilidad de uso. Ha estado en operación desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Página Principal](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Servicio Onion" }
@@ -97,7 +97,7 @@ Proton Mail [acepta](https://proton.me/support/payment-options) dinero en efecti
#### :material-check:{ .pg-green } Seguridad de Cuenta
-Proton Mail es compatible con TOTP [autenticación de dos factores](https://proton.me/support/two-factor-authentication-2fa) y [ llaves de seguridad de hardware](https://proton.me/support/2fa-security-key) que utilizan los estándares FIDO2 o U2F. El uso de una llave de seguridad de hardware requiere configurar primero la autenticación TOTP de dos factores.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Seguridad de Datos
@@ -117,7 +117,7 @@ Si tienes una cuenta de pago y tu factura [no esta paga](https://proton.me/suppo
#### :material-information-outline:{ .pg-blue }: Funcionalidad Adicional
-El plan [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) de Proton Mail también activa el acceso a otros servicios de Proton, además de proporcionar múltiples dominios personalizados, alias hide-my-email ilimitados y 500GB de almacenamiento.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail no ofrece la función de legado digital.
@@ -127,7 +127,7 @@ Proton Mail no ofrece la función de legado digital.
{ align=right }
-**Mailbox.org** es un servicio de correo electrónico centrado en ser seguro, sin publicidad, y alimentado de forma privada con energía 100% ecológica. Han estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Las cuentas inician con hasta 2GB de almacenamiento, que pueden ser ampliados cuando sea necesario.
+**Mailbox.org** es un servicio de correo electrónico centrado en ser seguro, sin publicidad, y alimentado de forma privada con energía 100% ecológica. Han estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Página Principal](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Política de Privacidad" }
@@ -148,11 +148,11 @@ Mailbox.org te permite utilizar tu propio dominio y admite direcciones [catch-al
#### :material-check:{ .pg-green } Métodos Privados de Pago
-Mailbox.org no acepta criptomonedas debido a que su procesador de pagos BitPay suspendió sus operaciones en Alemania. Sin embargo, aceptan los pagos por correo, pagos a una cuenta bancaria, transferencias bancarias, tarjetas de crédito, PayPal y algunos procesadores de pago alemanes: paydirekt y Sofortüberweisung.
+Mailbox.org no acepta criptomonedas debido a que su procesador de pagos BitPay suspendió sus operaciones en Alemania. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Seguridad de Cuenta
-Mailbox.org solo admite la [autenticación de dos factores](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) para su correo web. Puedes utilizar TOTP o una [YubiKey](https://en.wikipedia.org/wiki/YubiKey) a través de [YubiCloud](https://yubico.com/products/services-software/yubicloud). Estándares web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) aún no son soportados.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. Puedes utilizar TOTP o una [YubiKey](https://en.wikipedia.org/wiki/YubiKey) a través de [YubiCloud](https://yubico.com/products/services-software/yubicloud). Estándares web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) aún no son soportados.
#### :material-information-outline:{ .pg-blue } Seguridad de Datos
@@ -172,7 +172,7 @@ Tu cuenta se convertirá en una cuenta de usuario restringida cuando tu contrato
#### :material-information-outline:{ .pg-blue } Funcionalidad Adicional
-Puedes acceder a tu cuenta de Mailbox.org a través de IMAP/SMTP utilizando su [servicio.onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Sin embargo, no se puede acceder a su interfaz de correo web a través de su servicio .onion y es posible que se produzcan errores de certificado TLS.
+Puedes acceder a tu cuenta de Mailbox.org a través de IMAP/SMTP utilizando su [servicio.onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Todas las cuentas incluyen almacenamiento limitado en la nube que [puede cifrarse](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org también ofrece el alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), que impone el cifrado TLS en la conexión entre servidores de correo; de lo contrario, el mensaje no se enviará en absoluto. Mailbox.org también admite [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) además de protocolos de acceso estándar como IMAP y POP3.
@@ -195,7 +195,7 @@ Estos proveedores almacenan tus correos electrónicos con cifrado de cero-conoci
{ align=right }
{ align=right }
-**Tuta** (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Las cuentas gratuitas inician con 1GB de almacenamiento.
+**Tuta** (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Free accounts start with 1 GB of storage.
[:octicons-home-16: Página Principal](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Política de Privacidad" }
@@ -226,11 +226,11 @@ Las cuentas de pago de Tuta cuentan con 15 o 30 alias dependiendo del plan y ali
#### :material-information-outline:{ .pg-blue } Métodos de pago privados
-Tuta únicamente acepta el pago con tarjetas de crédito y PayPal. Sin embargo, se pueden utilizar [criptomonedas](cryptocurrency.md) para comprar tarjetas de regalo gracias a la [asociación](https://tuta.com/support/#cryptocurrency) con Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Seguridad de Cuenta
-Tuta soporta la [autenticación de dos factores](https://tuta.com/support#2fa) ya sea con TOTP o U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Seguridad de los datos
@@ -297,7 +297,7 @@ Consideramos que estas características son importantes para ofrecer un servicio
**Mínimo para calificar:**
- Cifra los datos de las cuentas de correo electrónico en reposo con cifrado de acceso cero.
-- Capacidad de exportación como [Mbox](https://en.wikipedia.org/wiki/Mbox) o .eml individual con el estándar [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Permitir a los usuarios utilizar su propio [nombre de dominio](https://en.wikipedia.org/wiki/Domain_name). Los nombres de dominio personalizados son importantes para los usuarios porque les permiten mantener su agencia del servicio, en caso de que éste se estropee o sea adquirido por otra empresa que no dé prioridad a la privacidad.
- Operaciones en infraestructura propia, es decir, no construidas sobre proveedores de servicios de correo electrónico de terceros.
diff --git a/i18n/es/encryption.md b/i18n/es/encryption.md
index 0265010a..bf3f7edc 100644
--- a/i18n/es/encryption.md
+++ b/i18n/es/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt es una bifurcación del proyecto TrueCrypt ya descontinuado. Según su
Al cifrar con VeraCrypt, tiene la opción de seleccionar entre diferentes [funciones hash](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Le sugerimos **únicamente** seleccionar [SHA-512](https://en.wikipedia.org/wiki/SHA-512) y seleccionar el [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) como cifrado de bloque.
-Truecrypt ha sido [auditado un buen número de veces](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), y VeraCrypt también ha sido [auditado de manera separada](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Cifrado del Sistema Operativo
@@ -189,7 +189,7 @@ Para habilitar BitLocker en las ediciones "Home" de Windows, debe tener particio
{ align=right }
-**FileVault** es la solución de cifrado de volúmenes sobre la marcha integrada en macOS. FileVault aprovecha las [capacidades de seguridad de hardware](os/macos-overview.md#hardware-security) presentes en un Soc de Apple silicon o T2 Security Chip.
+**FileVault** es la solución de cifrado de volúmenes sobre la marcha integrada en macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentación" }
diff --git a/i18n/es/file-sharing.md b/i18n/es/file-sharing.md
index fcd1337c..18b1a678 100644
--- a/i18n/es/file-sharing.md
+++ b/i18n/es/file-sharing.md
@@ -13,7 +13,7 @@ Descubra cómo puede compartir de manera privada sus archivos entre sus disposit
## Programas para compartir archivos
-Si ya ha utilizado [Proton Drive](cloud.md#proton-drive)[^1] o tiene una suscripción de [Bitwarden](passwords.md#bitwarden) Premium[^2] considere la posibilidad de utilizar las funciones de compartición de archivos que cada uno de ellos ofrece, ambos de los cuales utilizan el cifrado de extremo a extremo. De lo contrario, las opciones independientes enumeradas aquí garantizan que los archivos compartidos no sean leídos por un servidor remoto.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. De lo contrario, las opciones independientes enumeradas aquí garantizan que los archivos compartidos no sean leídos por un servidor remoto.
### Send
diff --git a/i18n/es/frontends.md b/i18n/es/frontends.md
index 850b84e0..b2abab5a 100644
--- a/i18n/es/frontends.md
+++ b/i18n/es/frontends.md
@@ -251,9 +251,9 @@ Por defecto, LibreTube bloquea todos los anuncios de YouTube. Además, LibreTube
-{ align=right }
+{ align=right }
-**NewPipe** es una aplicación Android gratuita y de código abierto para [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com) y [PeerTube](https://joinpeertube.org) (1).
+**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
Tu lista de suscripciones y tus listas de reproducción se guardan localmente en tu dispositivo Android.
diff --git a/i18n/es/index.md b/i18n/es/index.md
index 4761b16a..b54c42a9 100644
--- a/i18n/es/index.md
+++ b/i18n/es/index.md
@@ -92,7 +92,7 @@ La seguridad no consiste solo en las *herramientas de privacidad* que utilices o
---
- Proton Mail es un servicio de correo electrónico centrado en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ha estado en operación desde 2013. Proton AG tiene su sede en Ginebra, Suiza. El plan gratuito de Proton Mail incluye 500MB de almacenamiento, que puede ser aumentado hasta 1GB sin costo.
+ Proton Mail es un servicio de correo electrónico centrado en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ha estado en operación desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -100,7 +100,7 @@ La seguridad no consiste solo en las *herramientas de privacidad* que utilices o
---
- Mailbox.org es un servicio de correo electrónico seguro, sin publicidad y alimentado de forma privada con energía 100% ecológica. Ha estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Las cuentas inician con hasta 2GB de almacenamiento, que pueden ser ampliados cuando sea necesario.
+ Mailbox.org es un servicio de correo electrónico seguro, sin publicidad y alimentado de forma privada con energía 100% ecológica. Ha estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -108,7 +108,7 @@ La seguridad no consiste solo en las *herramientas de privacidad* que utilices o
---
- Tuta (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Las cuentas gratuitas inician con 1GB de almacenamiento.
+ Tuta (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Leer Reseña Completa](email.md#tuta)
@@ -173,7 +173,7 @@ Privacy Guides aparece en **WIRED**, **Tweakers.net**, **The New York Times** y
## ¿Qué son las herramientas de privacidad?
-Recomendamos una amplia variedad de **herramientas de privacidad** (también conocidas como *aplicaciones de privacidad*, *utilidades de privacidad*, *software de privacidad*) que abarcan software y hardware que puedes adoptar para mejorar tu privacidad. Muchas de las herramientas recomendadas son completamente gratuitas y de código abierto, mientras algunas son servicios comerciales disponibles para ser adquiridos. Cambiar de programas hambrientos de datos como Google Chrome y Windows a herramientas enfocadas en la privacidad como [Brave](desktop-browsers.md#brave) y [Linux](desktop.md), puede ayudarte mucho a controlar la información que compartes con las compañías y terceros.
+Recomendamos una amplia variedad de **herramientas de privacidad** (también conocidas como *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Muchas de las herramientas recomendadas son completamente gratuitas y de código abierto, mientras algunas son servicios comerciales disponibles para ser adquiridos. Cambiar de programas hambrientos de datos como Google Chrome y Windows a herramientas enfocadas en la privacidad como [Brave](desktop-browsers.md#brave) y [Linux](desktop.md), puede ayudarte mucho a controlar la información que compartes con las compañías y terceros.
[:material-check-all: Nuestros criterios generales](about/criteria.md){ class="md-button" }
diff --git a/i18n/es/meta/brand.md b/i18n/es/meta/brand.md
index 165abbc6..0fee8c78 100644
--- a/i18n/es/meta/brand.md
+++ b/i18n/es/meta/brand.md
@@ -12,7 +12,7 @@ El nombre de la página es **Privacy Guides** y **no** debe ser cambiado a:
- PG.org
-El nombre del subreddit es **r/PrivacyGuides** o **el subreddit de Privacy Guides**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Lineamientos adicionales de marca pueden encontrarse en [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/es/meta/translations.md b/i18n/es/meta/translations.md
index 92fe48ce..9dc54606 100644
--- a/i18n/es/meta/translations.md
+++ b/i18n/es/meta/translations.md
@@ -27,8 +27,8 @@ Para ejemplos como el anterior de los avisos, las comillas (por ejemplo, `" "`)
## Alternativas de ancho completo y sintaxis de Markdown
-Los sistemas de escritura CJK tienden a utilizar variantes alternativas de "ancho completo" de símbolos comunes. Estos son caracteres diferentes y no pueden ser utilizados para la sintaxis de Markdown.
+Los sistemas de escritura CJK tienden a utilizar variantes alternativas de "ancho completo" de símbolos comunes. These are different characters and cannot be used for Markdown syntax.
-- Los enlaces deben usar paréntesis regulares como `(` (paréntesis izquierdo U+0028) y `)` (paréntesis derecho U+0029) y no ` (` (paréntesis izquierdo de ancho completo U+FF08) o `) ` (paréntesis derecho de ancho completo U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- El texto indentado debe utilizar `:` (dos puntos U+003A) y no `:` (dos puntos de ancho completo U+FF1A)
- Las imágenes deben utilizar `!` (signo de exclamación U+0021) y no `! ` (signo de exclamación de ancho completoU+FF01)
diff --git a/i18n/es/meta/uploading-images.md b/i18n/es/meta/uploading-images.md
index e0cfb80d..41ef975a 100644
--- a/i18n/es/meta/uploading-images.md
+++ b/i18n/es/meta/uploading-images.md
@@ -48,7 +48,7 @@ En la pestaña **Salida SVG** bajo **Opciones de documento**:
- [ ] Desactivar **Eliminar la declaración XML**
- [x] Activar **Eliminar metadatos**
- [x] Activar **Eliminar comentarios**
-- [x] Activar **Imágenes rasterizadas incrustadas**
+- [x] Turn on **Embedded raster images**
- [x] Activar **Activar viewboxing**
En la **salida SVG** bajo **Pretty-printing**:
diff --git a/i18n/es/meta/writing-style.md b/i18n/es/meta/writing-style.md
index 1fcc4b47..bffb3ada 100644
--- a/i18n/es/meta/writing-style.md
+++ b/i18n/es/meta/writing-style.md
@@ -64,7 +64,7 @@ Deberíamos intentar evitar las abreviaturas en la medida de lo posible, pero la
## Sé conciso
-> Las palabras innecesarias hacen perder el tiempo al público. Escribir bien es como conversar. Omita la información que el público no necesita saber. Esto puede resultar difícil como experto en la materia, por lo que es importante que alguien vea la información desde la perspectiva de la audiencia.
+> Las palabras innecesarias hacen perder el tiempo al público. Escribir bien es como conversar. Omita la información que el público no necesita saber. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Fuente: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/es/mobile-browsers.md b/i18n/es/mobile-browsers.md
index fc583a1e..7d970def 100644
--- a/i18n/es/mobile-browsers.md
+++ b/i18n/es/mobile-browsers.md
@@ -247,7 +247,7 @@ Esto evita que te conectes involuntariamente a un sitio web en texto plano HTTP.
Estas opciones se encuentran en :material-menu: → :gear: **Configuración** → **Adblock Plus settings**.
-Cromite contiene una versión personalizada de Adblock Plus con EasyList activado por defecto, así como opciones para seleccionar más listas de filtros dentro del menú **Filter lists**.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Usar listas adicionales te hará destacar de otros usuarios de Cromite y también puede aumentar la superficie de ataque si una regla maliciosa es añadida a una de las listas que usas.
@@ -271,7 +271,7 @@ En iOS, cualquier aplicación que pueda navegar por la web está [restringida](h
{ align=right }
-**Safari** es el navegador predeterminado en iOS. Incluye [funciones de privacidad](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) como [Prevención Inteligente de Rastreo](https://webkit.org/blog/7675/intelligent-tracking-prevention), pestañas aisladas y efímeras de Navegación Privada, protección de huellas digitales (presentando una versión simplificada de la configuración del sistema a los sitios web para que más dispositivos parezcan idénticos) y aleatorización de huellas digitales, así como Relay Privado para quienes tengan una suscripción de pago a iCloud+.
+**Safari** es el navegador predeterminado en iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Página Principal](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Política de Privacidad" }
@@ -372,7 +372,7 @@ Abre Safari y pulsa el botón Pestañas, situado en la parte inferior derecha. A
- [x] Selecciona **Privado**
-El modo de Navegación Privada de Safari ofrece protecciones de privacidad adicionales. La Navegación Privada utiliza una nueva sesión [efímera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) para cada pestaña, lo que significa que las pestañas están aisladas unas de otras. La Navegación Privada también ofrece otras pequeñas ventajas de privacidad, como no enviar la dirección de una página web a Apple cuando se utiliza la función de traducción de Safari.
+El modo de Navegación Privada de Safari ofrece protecciones de privacidad adicionales. La Navegación Privada utiliza una nueva sesión [efímera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) para cada pestaña, lo que significa que las pestañas están aisladas unas de otras. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Ten en cuenta que la Navegación Privada no guarda cookies ni datos de sitios web, por lo que no podrás seguir conectado a ellos. Esto puede ser un inconveniente.
diff --git a/i18n/es/multi-factor-authentication.md b/i18n/es/multi-factor-authentication.md
index 652fbacb..c09d119e 100644
--- a/i18n/es/multi-factor-authentication.md
+++ b/i18n/es/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Autenticación de Múltiples Factores"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: Estas herramientas te ayudan a proteger tus cuentas de Internet con la autenticación multifactor sin enviar tus secretos a terceros.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ Las [recomendaciones sobre llaves de seguridad físicas](security-keys.md) se ha
Ejemplo
-Sustituya `[SUBREDDIT]` por el subreddit al que desea suscribirse.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/es/notebooks.md b/i18n/es/notebooks.md
index 95fd7783..5fdd826c 100644
--- a/i18n/es/notebooks.md
+++ b/i18n/es/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Proveedores de servicios](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Mantén el control de tus notas y diarios sin darlos a un tercero.
+Keep track of your notes and journals without giving them to a third party.
Si actualmente utilizas una aplicación como Evernote, Google Keep o Microsoft OneNote, te sugerimos que elijas aquí una alternativa que soporte [Cifrado de extremo a extremo (E2EE)](https://es.wikipedia.org/wiki/Cifrado_de_extremo_a_extremo).
@@ -82,9 +82,9 @@ Standard Notes [se ha unido a Proton AG](https://standardnotes.com/blog/joining-
-{ align=right }
+{ align=right }
-**Joplin** es una aplicación gratuita, de código abierto y con todas las funciones para tomar notas y hacer tareas, que puede manejar un gran número de notas markdown organizadas en cuadernos y etiquetas. Ofrece encriptación de extremo a extremo y puede sincronizar a través de Nextcloud, Dropbox y más. También ofrece una fácil importación desde Evernote y notas en texto plano.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Ofrece encriptación de extremo a extremo y puede sincronizar a través de Nextcloud, Dropbox y más. También ofrece una fácil importación desde Evernote y notas en texto plano.
[:octicons-home-16: Página Principal](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Política de Privacidad" }
@@ -133,7 +133,7 @@ Joplin no [admite](https://github.com/laurent22/joplin/issues/289) protección p
-Cryptee ofrece 100MB de almacenamiento gratuito, con opciones de pago si necesitas más. La inscripción no requiere correo electrónico ni otros datos personales.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. La inscripción no requiere correo electrónico ni otros datos personales.
## Blocs de Notas Locales
diff --git a/i18n/es/os/android-overview.md b/i18n/es/os/android-overview.md
index 1b8857e5..f0097f98 100644
--- a/i18n/es/os/android-overview.md
+++ b/i18n/es/os/android-overview.md
@@ -84,7 +84,7 @@ Si una aplicación es principalmente un servicio basado en web, el seguimiento p
Nota
-Las aplicaciones que respetan la privacidad como [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) pueden mostrar algunos rastreadores como [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Esta biblioteca incluye [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) que puede proporcionar [notificaciones push](https://es.wikipedia.org/wiki/Tecnología_push) en las aplicaciones. Este [es el caso](https://fosstodon.org/@bitwarden/109636825700482007) con Bitwarden. Esto no significa que Bitwarden utilice todas las funciones analíticas que ofrece Google Firebase Analytics.
+Las aplicaciones que respetan la privacidad como [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) pueden mostrar algunos rastreadores como [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Esta biblioteca incluye [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) que puede proporcionar [notificaciones push](https://es.wikipedia.org/wiki/Tecnología_push) en las aplicaciones. Este [es el caso](https://fosstodon.org/@bitwarden/109636825700482007) con Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Al igual que los perfiles de usuario, un espacio privado se cifra utilizando su
A diferencia de los perfiles de trabajo, el Espacio Privado es una función nativa de Android que no requiere una aplicación de terceros para gestionarlo. Por esta razón, generalmente recomendamos utilizar un espacio privado en lugar de un perfil de trabajo, aunque puedes utilizar un perfil de trabajo junto con un espacio privado.
-### "Killswitch" de un VPN
+### VPN kill switch
Android 7 y superiores admiten un interruptor de corte de VPN (VPN kill switch), y está disponible sin necesidad de instalar aplicaciones de terceros. Esta función puede evitar fugas si la VPN está desconectada. Se puede encontrar en :gear: **Ajustes** → **Red e internet** → **VPN** → :gear: → **Bloquear conexiones sin VPN**.
@@ -124,7 +124,7 @@ Los dispositivos Android modernos tienen interruptores globales para desactivar
## Servicios de Google
-Si estás utilizando un dispositivo con servicios de Google, ya sea con el sistema operativo original o con un sistema operativo que aísla de forma segura los servicios de Google Play, como GrapheneOS, puedes realizar una serie de cambios adicionales para mejorar tu privacidad. Seguimos recomendando evitar los servicios de Google por completo, o limitar los servicios de Google Play a un perfil específico de usuario/trabajo combinando un controlador de dispositivo como *Shelter* con Google Play aislado de GrapheneOS.
+Si estás utilizando un dispositivo con servicios de Google, ya sea con el sistema operativo original o con un sistema operativo que aísla de forma segura los servicios de Google Play, como GrapheneOS, puedes realizar una serie de cambios adicionales para mejorar tu privacidad. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Programa de Protección Avanzada
diff --git a/i18n/es/os/ios-overview.md b/i18n/es/os/ios-overview.md
index 31341cfc..23f5fd5a 100644
--- a/i18n/es/os/ios-overview.md
+++ b/i18n/es/os/ios-overview.md
@@ -125,7 +125,7 @@ Si no quieres que nadie pueda controlar tu teléfono con Siri cuando está bloqu
#### Face ID/Touch ID y Código
-Establecer una contraseña segura en tu teléfono es el paso más importante que puedes dar para la seguridad física del dispositivo. Tendrás que elegir entre seguridad y comodidad: Una contraseña más larga será molesta de escribir cada vez, pero una contraseña más corta o un PIN serán más fáciles de adivinar. Configurar Face ID o Touch ID junto con una contraseña segura puede ser un buen compromiso entre usabilidad y seguridad.
+Establecer una contraseña segura en tu teléfono es el paso más importante que puedes dar para la seguridad física del dispositivo. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Configurar Face ID o Touch ID junto con una contraseña segura puede ser un buen compromiso entre usabilidad y seguridad.
Selecciona **Activar Código** o **Cambiar Código**→ **Opciones de Código**→ **Código Alfanumérico Personalizado**. Asegúrate de crear una [contraseña segura](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ Si deseas utilizar Face ID o Touch ID, puedes seguir adelante y configurarlo aho
Si utilizas datos biométricos, debes saber cómo desactivarlos rápidamente en caso de emergencia. Si mantienes pulsado el botón lateral o de encendido y *o* el botón de volumen hasta que veas el control deslizante para Apagar, se desactivará la biometría y tendrás que introducir el código para desbloquear. El código también será necesario después de reiniciar el dispositivo.
-En algunos dispositivos antiguos, puede que tengas que pulsar el botón de encendido cinco veces para desactivar la biometría en su lugar, o para los dispositivos con Touch ID, puede que solo tengas que mantener pulsado el botón de encendido y nada más. Asegúrate de probarlo con antelación para saber qué método funciona con tu dispositivo.
+En algunos dispositivos antiguos, puede que tengas que pulsar el botón de encendido cinco veces para desactivar la biometría en su lugar, o para los dispositivos con Touch ID, puede que solo tengas que mantener pulsado el botón de encendido y nada más. Make sure you try this in advance, so you know which method works for your device.
**Protección en Caso de Robo** añade seguridad adicional destinada a proteger tus datos personales si te roban el dispositivo mientras está desbloqueado. Si utilizas la biometría y la función Buscar Mi Dispositivo en la configuración de tu Cuenta de Apple, te recomendamos que actives esta nueva protección:
@@ -247,7 +247,7 @@ Del mismo modo, en lugar de permitir que una aplicación acceda a todos los cont
iOS ofrece la posibilidad de bloquear la mayoría de las aplicaciones con Touch ID/Face ID o tu código, lo que puede ser útil para proteger contenido sensible en aplicaciones que no ofrecen esta opción. Puedes bloquear una aplicación pulsando prolongadamente sobre ella y seleccionando **Requerir Face ID/Touch ID**. Cualquier aplicación bloqueada de este modo requiere autenticación biométrica cada vez que se abre o se accede a su contenido en otras aplicaciones. Además, no se mostrarán las vistas previas de las notificaciones de las aplicaciones bloqueadas.
-Además de bloquear las aplicaciones tras los datos biométricos, también puedes ocultarlas para que no aparezcan en la pantalla de inicio, la biblioteca de aplicaciones, la lista de aplicaciones en **Ajustes**, etc. Aunque ocultar aplicaciones puede ser útil en situaciones en las que tienes que entregar tu teléfono desbloqueado a otra persona, la ocultación que proporciona la función no es absoluta, ya que una aplicación oculta sigue siendo visible en algunos lugares, como la lista de uso de la batería. Además, una contrapartida notable de ocultar una aplicación es que no recibirás ninguna de sus notificaciones.
+Además de bloquear las aplicaciones tras los datos biométricos, también puedes ocultarlas para que no aparezcan en la pantalla de inicio, la biblioteca de aplicaciones, la lista de aplicaciones en **Ajustes**, etc. Aunque ocultar aplicaciones puede ser útil en situaciones en las que tienes que entregar tu teléfono desbloqueado a otra persona, la ocultación que proporciona la función no es absoluta, ya que una aplicación oculta sigue siendo visible en algunos lugares, como la lista de uso de la batería. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
Puedes ocultar una aplicación pulsando prolongadamente sobre ella y seleccionando **Requerir Face ID/Touch**→**Ocultar y Requerir Face ID/Touch ID**. Ten en cuenta que las aplicaciones de Apple preinstaladas, así como el navegador web y la aplicación de correo electrónico predeterminados, no se pueden ocultar. Las aplicaciones ocultas residen en una carpeta **Oculta** en la parte inferior de la biblioteca de aplicaciones, que puede desbloquearse utilizando datos biométricos. Esta carpeta aparece en la Biblioteca de Aplicaciones tanto si has ocultado aplicaciones como si no, lo que te proporciona un grado de negación plausible.
@@ -260,7 +260,7 @@ Si tu dispositivo lo admite, puedes utilizar la función [Limpiar](https://suppo
- Abre la aplicación **Fotos** y toca la foto que hayas seleccionado para editarla
- Pulsa :material-tune: (en la parte inferior de la pantalla)
- Pulsa el botón **Limpiar**
-- Dibuja un círculo alrededor de lo que quieras ocultar. Las caras se pixelarán y se intentará borrar todo lo demás.
+- Dibuja un círculo alrededor de lo que quieras ocultar. Faces will be pixelated, and it will attempt to delete anything else.
Nuestra advertencia [en contra de difuminar el texto](../data-redaction.md) también se aplica aquí, por lo que recomendamos en su lugar añadir una forma negra con una opacidad del 100% sobre ello. Además de ocultar texto, también puedes tachar cualquier cara u objeto con la aplicación **Fotos**.
diff --git a/i18n/es/os/linux-overview.md b/i18n/es/os/linux-overview.md
index d7608ff8..c6f6de7b 100644
--- a/i18n/es/os/linux-overview.md
+++ b/i18n/es/os/linux-overview.md
@@ -10,9 +10,9 @@ En general, nuestro sitio web utiliza el término "Linux" para describir las dis
[Nuestras recomendaciones de Linux: :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Notas de Privacidad
+## Security Notes
-Linux plantea algunos problemas de privacidad importantes que debes tener en cuenta. A pesar de estos inconvenientes, las distribuciones Linux de escritorio siguen siendo estupendas para la mayoría de la gente que desea:
+There are some notable security concerns with Linux which you should be aware of. A pesar de estos inconvenientes, las distribuciones Linux de escritorio siguen siendo estupendas para la mayoría de la gente que desea:
- Evitar la telemetría que, regularmente, viene con los sistemas operativos propietarios
- Mantener la [libertad de software](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ No creemos que retener paquetes y aplicar parches provisionales sea una buena id
Tradicionalmente, las distribuciones Linux se actualizan mediante la actualización secuencial de los paquetes deseados. Las actualizaciones tradicionales, como las utilizadas en las distribuciones basadas en Fedora, Arch Linux y Debian, pueden ser menos fiables si se produce un error durante la actualización.
-En cambio, las distribuciones de actualización atómica aplican las actualizaciones en su totalidad o no las aplican en absoluto. En una distribución atómica, si se produce un error durante la actualización (tal vez debido a un fallo de alimentación), no se modifica nada en el sistema.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. En una distribución atómica, si se produce un error durante la actualización (tal vez debido a un fallo de alimentación), no se modifica nada en el sistema.
El método de actualización atómica puede lograr la fiabilidad con este modelo y se utiliza para [distribuciones](../desktop.md#atomic-distributions) como Silverblue y NixOS. [Adam Šamalik](https://twitter.com/adsamalik) brinda una presentación sobre cómo `rpm-ostree` funciona con Silverblue:
-- [Probemos Fedora Silverblue: ¡un sistema operativo de escritorio inmutable! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Probemos Fedora Silverblue: ¡un sistema operativo de escritorio inmutable! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### Distribuciones "enfocadas en la seguridad"
@@ -85,7 +85,7 @@ Recomendamos **no** utilizar el kernel Linux-libre, ya que [elimina las mitigaci
### Control de acceso obligatorio
-El control de acceso obligatorio es un conjunto de controles de seguridad adicionales que ayudan a confinar partes del sistema como aplicaciones y servicios del sistema. Las dos formas comunes de control de acceso obligatorio que se encuentran en las distribuciones de Linux son [SELinux](https://github.com/SELinuxProject) y [AppArmor](https://apparmor.net). Mientras que Fedora utiliza SELinux por defecto, Tumbleweed utiliza AppArmor [por defecto](https://en.opensuse.org/Portal:SELinux) en el instalador, con una opción para [elegir](https://en.opensuse.org/Portal:SELinux/Setup) SELinux en su lugar.
+El control de acceso obligatorio es un conjunto de controles de seguridad adicionales que ayudan a confinar partes del sistema como aplicaciones y servicios del sistema. Las dos formas comunes de control de acceso obligatorio que se encuentran en las distribuciones de Linux son [SELinux](https://github.com/SELinuxProject) y [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux en [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) limita los contenedores Linux, las máquinas virtuales y los demonios de servicio de forma predeterminada. AppArmor es utilizado por el demonio snap para los snaps de[aislamiento](https://snapcraft.io/docs/security-sandboxing) que tienen confinamiento [estricto](https://snapcraft.io/docs/snap-confinement) como [Firefox](https://snapcraft.io/firefox). Existe un esfuerzo de la comunidad para confinar más partes del sistema en Fedora con el grupo de interés especial [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers).
@@ -93,7 +93,7 @@ SELinux en [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Cifrado de Unidad
-La mayoría de las distribuciones de Linux tienen una opción dentro de su instalador para habilitar [LUKS](../encryption.md#linux-unified-key-setup) FDE. Si esta opción no se configura en el momento de la instalación, tendrás que hacer una copia de seguridad de tus datos y volver a instalarla, ya que el cifrado se aplica después de [particionar el disco](https://en.wikipedia.org/wiki/Disk_partitioning), pero antes de formatear [el sistema de archivos](https://en.wikipedia.org/wiki/File_system). También te sugerimos que borres de forma segura tu dispositivo de almacenamiento:
+La mayoría de las distribuciones de Linux tienen una opción dentro de su instalador para habilitar [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. También te sugerimos que borres de forma segura tu dispositivo de almacenamiento:
- [Borrado Seguro de Datos :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ Hay otros identificadores del sistema con los que conviene tener cuidado. Deber
El Proyecto Fedora [cuenta](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) cuántos sistemas únicos acceden a sus réplicas utilizando una variable [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) en lugar de un ID único. Fedora hace esto para determinar la carga y aprovisionar mejores servidores para las actualizaciones cuando sea necesario.
-Esta [opción](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) está actualmente desactivada por defecto. Recomendamos añadir `countme=false` en `/etc/dnf/dnf.conf` por si se habilita en el futuro. En sistemas que utilizan `rpm-ostree`, como Silverblue, la opción countme se desactiva enmascarando el temporizador [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems).
+Esta [opción](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) está actualmente desactivada por defecto. Recomendamos añadir `countme=false` en `/etc/dnf/dnf.conf` por si se habilita en el futuro. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE también utiliza un [ID único](https://en.opensuse.org/openSUSE:Statistics) para contar los sistemas, que puede desactivarse vaciando el archivo `/var/lib/zypp/AnonymousUniqueId`.
diff --git a/i18n/es/os/macos-overview.md b/i18n/es/os/macos-overview.md
index f07633c6..f8c9b8fd 100644
--- a/i18n/es/os/macos-overview.md
+++ b/i18n/es/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS es el sistema operativo de escritorio de Apple que trabaja co
**macOS** es un sistema operativo Unix desarrollado por Apple para sus ordenadores Mac. Para mejorar la privacidad en macOS, puedes desactivar las funciones de telemetría y reforzar los ajustes de privacidad y seguridad existentes.
-Los Mac basados en Intel más antiguos y los Hackintosh no son compatibles con todas las funciones de seguridad que ofrece macOS. Para mejorar la seguridad de los datos, recomendamos utilizar un Mac más reciente con [Apple Silicon](https://support.apple.com/HT211814).
+Los Mac basados en Intel más antiguos y los Hackintosh no son compatibles con todas las funciones de seguridad que ofrece macOS. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Notas de Privacidad
@@ -14,7 +14,7 @@ Hay algunos problemas de privacidad importantes con macOS que deberías tener en
### Bloqueo de Activación
-Los nuevos dispositivos de Apple Silicon pueden configurarse sin una conexión a Internet. Sin embargo, recuperar o restablecer tu Mac **requerirá ** una conexión a Internet a los servidores de Apple para comprobar la base de datos del Bloqueo de Activación de dispositivos perdidos o robados.
+Brand-new Apple Silicon devices can be set up without an internet connection. Sin embargo, recuperar o restablecer tu Mac **requerirá ** una conexión a Internet a los servidores de Apple para comprobar la base de datos del Bloqueo de Activación de dispositivos perdidos o robados.
### Comprobaciones de Revocación de Aplicaciones
@@ -122,7 +122,7 @@ Decide si quieres anuncios personalizados en función de tu uso.
##### FileVault
-En dispositivos modernos con un Secure Enclave (Chip de Seguridad T2 de Apple, Apple Silicon), tus datos siempre están cifrados, pero son descifrados automáticamente por una clave de hardware si tu dispositivo no detecta que ha sido manipulado. Activar [FileVault](../encryption.md#filevault) requiere además tu contraseña para descifrar tus datos, lo que mejora enormemente la seguridad, especialmente cuando está apagado o antes del primer inicio de sesión después de encenderlo.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Activar [FileVault](../encryption.md#filevault) requiere además tu contraseña para descifrar tus datos, lo que mejora enormemente la seguridad, especialmente cuando está apagado o antes del primer inicio de sesión después de encenderlo.
En los ordenadores Mac basados en Intel más antiguos, FileVault es la única forma de cifrado de disco disponible por defecto, y debería estar siempre activada.
@@ -207,7 +207,7 @@ Si una aplicación está aislada, deberías ver el siguiente resultado:
[Bool] true
```
-Si descubres que la aplicación que deseas ejecutar no está aislada, puedes emplear métodos de [compartimentación](../basics/common-threats.md#security-and-privacy) como máquinas virtuales o dispositivos separados, utilizar una aplicación similar que sí esté aislada o decidir no utilizar la aplicación no aislada.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS incluye dos formas de defensa ante el malware:
1. La protección ante la ejecución del malware es proporcionada por el proceso de revisión de aplicaciones de la App Store, o la *Notarización* (parte de *Gatekeeper*), proceso donde las aplicaciones de terceros son escaneadas por Apple para buscar algún malware conocido, antes de que se le permita ser ejecutada. Las aplicaciones deben ser firmadas por los desarrolladores con una clave que les da Apple. Esto asegura que estás ejecutando software de los desarrolladores reales. La notarización también requiere que los desarrolladores habiliten el Hardened Runtime para sus aplicaciones, lo que limita los métodos de explotación.
2. La protección contra otros malware y la remediación contra malware existente en el sistema, es proporcionada por *XProtect*, un antivirus tradicional incluido en macOS.
-Recomendamos evitar la instalación de antivirus desarrollados por terceras personas porque, generalmente, estos no cuentan con acceso al nivel del sistema, requerido para funcionar correctamente. Esto se debe a las limitaciones de Apple en las aplicaciones de terceros, además de que garantizar altos niveles de acceso puede afectar la seguridad y la privacidad de la computadora.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Copias de seguridad
@@ -238,7 +238,7 @@ macOS incluye un software de copia de seguridad automática llamado [Time Machin
### Seguridad del hardware
-Muchas de las funciones modernas de seguridad en macOS—como el moderno Arranque Seguro, la mitigación de vulnerabilidades a nivel del hardware, la verificación de integridad del sistema operativo, y la encriptación basada en archivos—dependen de Apple Silicon, y el nuevo hardware de Apple siempre tiene una [mejor seguridad](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). Recomendamos el uso de Apple Silicon y no de computadoras antiguas basadas en Intel o Hackintosh.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Algunas de estas funciones modernas de seguridad están disponibles en las viejas computadoras Mac basadas en Intel, con el chip de seguridad Apple T2, pero este chip es susceptible a la vulnerabilidad de *checkm8*, que puede comprometer la seguridad.
@@ -256,7 +256,7 @@ Las computadoras Mac se pueden configurar para iniciar en tres modos de segurida
#### Enclave seguro
-El enclave seguro es un chip de seguridad incluido en los dispositivos con Apple Silicon y es responsable de almacenar y generar las claves de cifrado para los datos en reposo, así comolos datos de Face ID y Touch ID. Este contiene su propia ROM de arranque.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. Este contiene su propia ROM de arranque.
Puedes pensar en el enclave seguro como el centro de seguridad de tu dispositivo: este tiene un motor de cifrado AES y un mecanismo para almacenar de manera segura tus claves de cifrado, y se encuentra separado del resto del sistema, por lo que, si el procesador principal se encuentra comprometido, este debe estar seguro.
@@ -268,7 +268,7 @@ Tus datos biométricos nunca abandonan tu dispositivo; es almacenado únicamente
#### Desconexión del micrófono por hardware
-Todas las computadoras con Apple Silicon o el chip T2 cuentan con una característica para la desconexión del hardware del micrófono cuando se cierra la tapa. Esto significa que no hay alguna manera para los atacantes de escuchar el micrófono de tu Mac, incluso cuando el sistema operativo está comprometido.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. Esto significa que no hay alguna manera para los atacantes de escuchar el micrófono de tu Mac, incluso cuando el sistema operativo está comprometido.
Tome en cuenta que la cámara no cuenta con una desconexión del hardware, porque su vista se encuentra oscurecida cuando la tapa se encuentra cerrada.
@@ -287,7 +287,7 @@ Cuando es necesario utilizar alguno de estos procesadores, Apple trabaja con el
#### Protecciones de Acceso Directo a la Memoria
-Apple Silicon separa cada componente que requiere acceso directo a la memoria. Por ejemplo, un puerto Thunderbolt no puede acceder a la memoria designada para el kernel.
+Apple Silicon separates each component that requires direct memory access. Por ejemplo, un puerto Thunderbolt no puede acceder a la memoria designada para el kernel.
## Fuentes
diff --git a/i18n/es/os/windows/group-policies.md b/i18n/es/os/windows/group-policies.md
index 031f9a4d..dcbb71d2 100644
--- a/i18n/es/os/windows/group-policies.md
+++ b/i18n/es/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Configuración de las Directivas de Grupo
description: Una guía rápida para configurar las Directivas de Grupo para que Windows respete un poco más la privacidad.
---
-Aparte de modificar el propio registro, el **Editor de Directivas de Grupo Local** es la forma más potente de cambiar muchos aspectos del sistema sin instalar herramientas de terceros. Para cambiar estos ajustes se requiere la [Edición Pro](index.md#windows-editions) o superior.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Para cambiar estos ajustes se requiere la [Edición Pro](index.md#windows-editions) o superior.
-Estos ajustes deben establecerse en una nueva instalación de Windows. Configurarlos en tu instalación existente debería funcionar, pero puede introducir un comportamiento impredecible y lo haces bajo tu propio riesgo.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
Todas estas configuraciones tienen una explicación adjunta en el Editor de Directivas de Grupo que explica exactamente lo que hacen, normalmente con gran detalle. Por favor, presta atención a esas descripciones cuando hagas cambios, para que sepas exactamente lo que estamos recomendando aquí. También hemos explicado algunas de nuestras opciones aquí siempre que la explicación incluida con Windows sea inadecuada.
@@ -68,7 +68,7 @@ Establecer la intensidad de cifrado para la política de Windows 7 todavía apli
- Requiere Autenticación Adicional al Iniciar: **Habilitada**
- Permitir los PIN Mejorados para el Inicio: **Habilitada**
-A pesar de los nombres de estas directivas, esto no _requiere_ que hagas nada por defecto, pero desbloqueará la _opción_ de tener una configuración más compleja (como requerir un PIN al inicio además del TPM) en el asistente de configuración de Bitlocker.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Contenido de la Nube
diff --git a/i18n/es/os/windows/index.md b/i18n/es/os/windows/index.md
index 25e13dea..4639c7ed 100644
--- a/i18n/es/os/windows/index.md
+++ b/i18n/es/os/windows/index.md
@@ -21,13 +21,13 @@ Puede mejorar tu privacidad y seguridad en Windows sin descargar ninguna herrami
Esta sección es nueva
-Esta sección es un trabajo en curso, porque lleva bastante más tiempo y esfuerzo hacer que una instalación de Windows sea más respetuosa con la privacidad que otros sistemas operativos.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Notas de Privacidad
-Microsoft Windows, especialmente las versiones dirigidas a los consumidores, como la versión **Home**, no suelen dar prioridad a las funciones de privacidad por [defecto](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). Como resultado, a menudo vemos más [recopilación de datos](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) de lo necesario, sin ninguna advertencia real de que este es el comportamiento por defecto. En un intento de competir con Google en el espacio publicitario, [Cortana](https://es.wikipedia.org/wiki/Microsoft_Cortana) ha incluido identificadores únicos como un "ID de publicidad" para correlacionar el uso y ayudar a los anunciantes en la publicidad dirigida. En el momento del lanzamiento, la telemetría no se podía desactivar en las ediciones no empresariales de Windows 10. Sigue sin poder desactivarse, pero Microsoft ha añadido la posibilidad de [reducir](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) los datos que se les envían.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). Como resultado, a menudo vemos más [recopilación de datos](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) de lo necesario, sin ninguna advertencia real de que este es el comportamiento por defecto. En un intento de competir con Google en el espacio publicitario, [Cortana](https://es.wikipedia.org/wiki/Microsoft_Cortana) ha incluido identificadores únicos como un "ID de publicidad" para correlacionar el uso y ayudar a los anunciantes en la publicidad dirigida. En el momento del lanzamiento, la telemetría no se podía desactivar en las ediciones no empresariales de Windows 10. Sigue sin poder desactivarse, pero Microsoft ha añadido la posibilidad de [reducir](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) los datos que se les envían.
Con Windows 11 hay una serie de restricciones o valores predeterminados tales como:
@@ -43,11 +43,11 @@ Microsoft suele utilizar la función de actualizaciones automáticas para añadi
## Ediciones de Windows
-Desgraciadamente, muchas funciones críticas de privacidad y seguridad están solo disponibles en ediciones más caras de Windows, en lugar de estar disponibles en Windows **Home**. Algunas características que faltan en **Home** incluyen Bitlocker Drive Encryption, Hyper-V, y Windows Sandbox. En nuestras guías de Windows cubriremos cómo utilizar todas estas funciones adecuadamente, por lo que será necesario disponer de una edición premium de Windows.
+Desgraciadamente, muchas funciones críticas de privacidad y seguridad están solo disponibles en ediciones más caras de Windows, en lugar de estar disponibles en Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. En nuestras guías de Windows cubriremos cómo utilizar todas estas funciones adecuadamente, por lo que será necesario disponer de una edición premium de Windows.
Windows **Enterprise** ofrece la mayor flexibilidad a la hora de configurar los parámetros de privacidad y seguridad integrados en Windows. Por ejemplo, son las únicas ediciones que permiten activar el máximo nivel de restricciones en los datos enviados a Microsoft a través de herramientas de telemetría. Lamentablemente, Enterprise no está disponible para la venta al por menor, por lo que es posible que no esté disponible para ti.
-La mejor versión disponible para la compra _al por menor_ es Windows **Pro**, ya que tiene casi todas las funciones que querrás utilizar para proteger tu dispositivo, como Bitlocker, Hyper-V, etc. Lo único que falta son algunas de las limitaciones más restrictivas de la telemetría de Microsoft, por desgracia.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Los estudiantes y profesores pueden obtener una licencia de Windows **Education** (equivalente a Enterprise) o **Pro Education** (equivalente a Pro) de forma gratuita, incluso en dispositivos personales, a través de su institución educativa. Muchas escuelas colaboran con Microsoft a través de OnTheHub o Microsoft Azure for Education, así que puedes consultar esos sitios o la página de beneficios de tu escuela para ver si cumples los requisitos. La obtención de estas licencias depende enteramente de su institución. Esta puede ser la mejor forma de obtener una edición Enterprise de Windows para uso personal. No existen riesgos adicionales para la privacidad o la seguridad asociados al uso de una licencia educativa en comparación con las versiones comerciales.
@@ -59,6 +59,6 @@ Actualmente, solo están disponibles para su compra las claves de licencia de Wi
La herramienta oficial [Media Creation Tool](https://microsoft.com/software-download/windows11) es la mejor forma de poner un instalador de Windows en una unidad flash USB. Herramientas de terceros como Rufus o Etcher pueden modificar inesperadamente los archivos, lo que podría provocar problemas de arranque u otros problemas durante la instalación.
-Esta herramienta solo permite realizar una instalación **Home** o **Pro**, ya que no hay descargas disponibles públicamente para la edición **Enterprise** de Windows. Si dispones de una clave de licencia **Enterpise**, puedes mejorar fácilmente una instalación **Pro**. Para ello, instala Windows **Pro** sin introducir una clave de licencia durante la instalación y, a continuación, introduce tu clave **Enterprise** en la aplicación Configuración una vez completada la instalación. Tu instalación **Pro** se actualizará a **Enterprise** automáticamente tras introducir una clave de licencia válida.
+Esta herramienta solo permite realizar una instalación **Home** o **Pro**, ya que no hay descargas disponibles públicamente para la edición **Enterprise** de Windows. Si dispones de una clave de licencia **Enterpise**, puedes mejorar fácilmente una instalación **Pro**. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Tu instalación **Pro** se actualizará a **Enterprise** automáticamente tras introducir una clave de licencia válida.
Si estás instalando una licencia **Education**, normalmente dispondrás de un enlace de descarga privado que se te proporcionará junto con tu clave de licencia cuando la obtengas del portal de beneficios de tu institución.
diff --git a/i18n/es/passwords.md b/i18n/es/passwords.md
index 8919ac31..0cf050ec 100644
--- a/i18n/es/passwords.md
+++ b/i18n/es/passwords.md
@@ -228,7 +228,7 @@ El código del lado del servidor de Bitwarden es de [código abierto](https://gi
Con la adquisición de SimpleLogin en abril de 2022, Proton ha ofrecido una función de "ocultar mi correo electrónico" que permite crear 10 alias (plan gratuito) o alias ilimitados (planes de pago).
-Las aplicaciones móviles y la extensión de navegador de Proton Pass se sometieron a una auditoría realizada por Cure53 durante los meses de mayo y junio de 2023. La empresa de análisis de seguridad concluyó:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. La empresa de análisis de seguridad concluyó:
> Las aplicaciones y componentes de Proton Pass dejan una impresión bastante positiva en términos de seguridad.
@@ -327,7 +327,7 @@ Estas opciones le permiten administrar una base de datos de contraseñas cifrada
{ align=right }
-**KeePassXC** es una bifurcación comunitaria de KeePassX, un port nativo multiplataforma de KeePass Password Safe, con el objetivo de extenderlo y mejorarlo con nuevas características y correcciones de errores para proporcionar un gestor de contraseñas de código abierto rico en características, multiplataforma y moderno.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Página Principal](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Politica de Privacidad" }
@@ -357,7 +357,7 @@ KeePassXC almacena sus datos de exportación como archivos [CSV](https://es.wiki
{ align=right }
-**KeePassDX** es un administrador de contraseñas ligero para Android; permite editar datos cifrados en un único archivo en formato KeePass y rellenar formularios de forma segura. La [versión pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) de la aplicación permite desbloquear contenidos cosméticos y funciones de protocolo no estándar, pero lo más importante es que ayuda y fomenta el desarrollo.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. La [versión pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) de la aplicación permite desbloquear contenidos cosméticos y funciones de protocolo no estándar, pero lo más importante es que ayuda y fomenta el desarrollo.
[:octicons-home-16: Página Principal](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentación" }
diff --git a/i18n/es/photo-management.md b/i18n/es/photo-management.md
index 2a49fd86..cfe27bf4 100644
--- a/i18n/es/photo-management.md
+++ b/i18n/es/photo-management.md
@@ -19,7 +19,7 @@ La mayoría de las soluciones de **gestión de fotografías en la nube**, como G
{ align=right }
{ align=right }
-**Ente Photos** es un servicio de copia de seguridad cifrada de fotos de extremo a extremo que admite copias de seguridad automáticas en iOS y Android. Su código es totalmente abierto, tanto en el lado del cliente como en el del servidor. También es [autoalojable](https://github.com/ente-io/ente/tree/main/server#self-hosting). El plan gratuito ofrece 5GB de almacenamiento siempre que utilices el servicio al menos una vez al año.
+**Ente Photos** es un servicio de copia de seguridad cifrada de fotos de extremo a extremo que admite copias de seguridad automáticas en iOS y Android. Su código es totalmente abierto, tanto en el lado del cliente como en el del servidor. También es [autoalojable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Página Principal](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Política de Privacidad" }
@@ -51,7 +51,7 @@ Ente Photos se sometió a una [auditoría por Cure53](https://ente.io/blog/crypt
{ align=right }
{ align=right }
-**Stingle** es una aplicación de galería y cámara con funciones integradas de copia de seguridad cifrada de extremo a extremo y de sincronización para tus fotos y vídeos. El almacenamiento comienza en 1GB para cuentas gratuitas en su nube, o puedes alojar tu propio servidor API Stingle para una independencia total.
+**Stingle** es una aplicación de galería y cámara con funciones integradas de copia de seguridad cifrada de extremo a extremo y de sincronización para tus fotos y vídeos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Página Principal](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Política de Privacidad" }
@@ -100,7 +100,7 @@ Ente Photos se sometió a una [auditoría por Cure53](https://ente.io/blog/crypt
- Los proveedores alojados en la nube deben aplicar cifrado de extremo a extremo.
- Debe ofrecer un plan gratuito o un periodo de prueba.
-- Debe ser compatible con la autenticación multifactor TOTP o FIDO2, o con los inicios de sesión con llave de acceso.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Debe ofrecer una interfaz web que admita funciones básicas de gestión de archivos.
- Debe permitir exportar fácilmente todos los archivos/documentos.
- Debe ser de código abierto.
diff --git a/i18n/es/real-time-communication.md b/i18n/es/real-time-communication.md
index ad7ac9aa..938ebea9 100644
--- a/i18n/es/real-time-communication.md
+++ b/i18n/es/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen solicitó una auditoría independiente para Session en marzo de 2020. La au
> El nivel general de seguridad de esta aplicación es bueno y la hace utilizable para personas preocupadas por su privacidad.
-Session tiene un [informe oficial](https://arxiv.org/pdf/2002.04609.pdf) que describe los aspectos técnicos de la aplicación y el protocolo.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criterios
diff --git a/i18n/es/router.md b/i18n/es/router.md
index d02dce50..e7fa735d 100644
--- a/i18n/es/router.md
+++ b/i18n/es/router.md
@@ -19,7 +19,7 @@ A continuación se indican algunos sistemas operativos alternativos que pueden u
{ align=right }
{ align=right }
-**OpenWrt** es un sistema operativo basado en Linux; se utiliza principalmente en dispositivos integrados para enrutar el tráfico de red. Incluye util-linux, uClibc, y BusyBox. Todos los componentes han sido optimizados para routers domésticos.
+**OpenWrt** es un sistema operativo basado en Linux; se utiliza principalmente en dispositivos integrados para enrutar el tráfico de red. Incluye util-linux, uClibc, y BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Página Principal](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentación}
diff --git a/i18n/es/security-keys.md b/i18n/es/security-keys.md
index 67efc5f5..1aa427ca 100644
--- a/i18n/es/security-keys.md
+++ b/i18n/es/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Ataques dirigidos](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Ataques pasivos](basics/common-threats.md#security-and-privacy){ .pg-orange }
-Una **llave de seguridad** física añade una capa fuerte de protección a tus cuentas en línea. A comparación con las [aplicaciones de autenticación](multi-factor-authentication.md), el protocolo de llave de seguridad FIDO2 es innume al phishing y no puede ser comprometido sin tener la llave física. Muchos servicios son compatibles con FIDO2/WebAuthn como una opción de autenticación multifactor para asegurar tu cuenta, y algunos servicios te permiten usar una llave de seguridad como un autenticador fuerte de factor único con autenticación sin contraseña.
+Una **llave de seguridad** física añade una capa fuerte de protección a tus cuentas en línea. A comparación con las [aplicaciones de autenticación](multi-factor-authentication.md), el protocolo de llave de seguridad FIDO2 es innume al phishing y no puede ser comprometido sin tener la llave física. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Llave de seguridad Yubico
@@ -63,7 +63,7 @@ La serie **YubiKey** de Yubico es una de las más populares. La serie YubiKey 5
La [tabla comparativa](https://yubico.com/store/compare) muestra las características y cómo las YubiKeys se comparan entre sí y con otras series de [llave de seguridad](#yubico-security-key) de Yubico. Uno de los beneficios de la serie YubiKey es que una llave puede realizar casi todo lo que puedes esperar de una llave de seguridad física. Te recomendamos realizar la [encuesta](https://yubico.com/quiz) antes de realizar la compra, para asegurarte de que tomas la decisión correcta.
-La serie YubiKey 2 tiene la certificación FIDO Nivel 1, que es la más común. Sin embargo, algunos gobiernos u organizaciones pueden requerir una llave con la certificación de Nivel 2, en cuyo caso se debe adquirir una llave de la [serie Yubikey 5 **FIPS**](https://yubico.com/products/yubikey-fips) o una [llave de seguridad Yubico](#yubico-security-key). La mayoría de las personas no deben preocuparse por esta distinción.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). La mayoría de las personas no deben preocuparse por esta distinción.
Las YubiKeys pueden ser programadas utilizando [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) o [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). Para gestionar los códigos TOTP, puedes utilizar el [Autenticador Yubico](https://yubico.com/products/yubico-authenticator). Todos los clientes de Yubico son de código abierto.
diff --git a/i18n/es/tools.md b/i18n/es/tools.md
index 4afa63ef..9a33290e 100644
--- a/i18n/es/tools.md
+++ b/i18n/es/tools.md
@@ -180,7 +180,7 @@ Si busca más **seguridad**, asegúrese siempre de conectarse a sitios web que u
---
- Proton Mail es un servicio de correo electrónico centrado en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ha estado en operación desde 2013. Proton AG tiene su sede en Ginebra, Suiza. El plan gratuito de Proton Mail incluye 500MB de almacenamiento, que puede ser aumentado hasta 1GB sin costo.
+ Proton Mail es un servicio de correo electrónico centrado en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ha estado en operación desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Lea la Reseña Completa :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -189,7 +189,7 @@ Si busca más **seguridad**, asegúrese siempre de conectarse a sitios web que u
---
Mailbox.org es un servicio de correo electrónico centrado en la seguridad, sin publicidad y alimentado de forma privada con energía 100% ecológica.
-. Han estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Las cuentas inician con hasta 2GB de almacenamiento, que pueden ser ampliados cuando sea necesario.
+. Han estado en operación desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Lea la Reseña Completa :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -197,7 +197,7 @@ Si busca más **seguridad**, asegúrese siempre de conectarse a sitios web que u
---
- Tuta (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Las cuentas gratuitas inician con 1GB de almacenamiento.
+ Tuta (antes *Tutanota*) es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tuta lleva funcionando desde 2011 y tiene su sede en Hannover, Alemania. Free accounts start with 1 GB of storage.
[Lea la Reseña Completa :material-arrow-right-drop-circle:](email.md#tuta)
@@ -221,8 +221,8 @@ Si busca más **seguridad**, asegúrese siempre de conectarse a sitios web que u
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
-- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -645,15 +645,15 @@ Para cifrar su unidad de SO, normalmente recomendamos utilizar la herramienta de
-- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
-- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
-- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
-- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
-- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
-- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
-- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
+- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
+- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
+- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
+- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
+- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/es/tor.md b/i18n/es/tor.md
index 5a52d9aa..30932be0 100644
--- a/i18n/es/tor.md
+++ b/i18n/es/tor.md
@@ -44,7 +44,7 @@ Hay varias formas de conectarse a la red Tor desde tu dispositivo, la más utili
Algunas de estas aplicaciones son mejores que otras y, una vez más, la decisión depende de tu modelo de amenazas. Si eres un usuario ocasional de Tor que no está preocupado porque tu ISP recopile pruebas contra ti, usar aplicaciones como [Orbot](#orbot) o aplicaciones de navegador móvil para acceder a la red Tor probablemente esté bien. Aumentar el número de personas que usan Tor a diario ayuda a reducir el mal estigma de Tor, y disminuye la calidad de las "listas de usuarios de Tor" que los ISP y los gobiernos pueden compilar.
-Si un anonimato más completo es primordial para tu situación, deberías **solo** usar el cliente de escritorio de Tor Browser, idealmente en una configuración [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Los navegadores móviles son menos comunes en Tor (y más susceptibles a huellas digitales como resultado), y otras configuraciones no son tan rigurosamente probadas contra la desanonimización.
+Si un anonimato más completo es primordial para tu situación, deberías **solo** usar el cliente de escritorio de Tor Browser, idealmente en una configuración [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ Anteriormente recomendamos activar la preferencia *Aislar direcciones de destino
Consejos para Android
-Orbot puede hacer de proxy de aplicaciones individuales si soportan SOCKS o proxy HTTP. También puede hacer de proxy de todas tus conexiones de red utilizando [VpnService](https://developer.android.com/reference/android/net/VpnService) y se puede utilizar con el killswitch VPN en :gear: **Ajustes** → **Red e internet** → **VPN** → :gear: → **Bloquear conexiones sin VPN**.
+Orbot puede hacer de proxy de aplicaciones individuales si soportan SOCKS o proxy HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot suele estar desactualizado en el [repositorio F-Droid](https://guardianproject.info/fdroid) de Guardian Project y en [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), así que considera descargarlo directamente desde el [repositorio GitHub](https://github.com/guardianproject/orbot/releases).
-Todas las versiones están firmadas con la misma firma, por lo que deberían ser compatibles entre sí.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/es/vpn.md b/i18n/es/vpn.md
index 061f6e67..b8a7e8cf 100644
--- a/i18n/es/vpn.md
+++ b/i18n/es/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Recomendaciones y Comparación de Servicios VPN Privados, Sin Patrocinadores Ni Anuncios - Privacy Guides"
title: "Servicios de VPN"
icon: material/vpn
-description: Los mejores servicios VPN para proteger tu privacidad y seguridad en Internet. Encuentra un proveedor aquí que no esté para espiarte.
+description: Los mejores servicios VPN para proteger tu privacidad y seguridad en Internet. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -101,11 +101,11 @@ Proton [ya admite IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks) en
#### :material-information-outline:{ .pg-info } Reenvío remoto de puertos
-Actualmente, Proton VPN solo admite el [ reenvío del puerto](https://protonvpn.com/support/port-forwarding) remoto y efímero a través de NAT-PMP, con tiempos de arrendamiento de 60 segundos. La aplicación de Windows ofrece una opción de fácil acceso para ello, mientras que en otros sistemas operativos tendrás que ejecutar tu propio cliente [NAT-PMP](https://protonvpn.com/support/port-forwarding-manual-setup). Las aplicaciones de torrents suelen soportar NAT-PMP de forma nativa.
+Actualmente, Proton VPN solo admite el [ reenvío del puerto](https://protonvpn.com/support/port-forwarding) remoto y efímero a través de NAT-PMP, con tiempos de arrendamiento de 60 segundos. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Las aplicaciones de torrents suelen soportar NAT-PMP de forma nativa.
#### :material-information-outline:{ .pg-blue } Anti censura
-Proton VPN tiene su protocolo [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) que *puede* ayudar en situaciones en las que los protocolos VPN como OpenVPN o Wireguard son bloqueados con varias técnicas rudimentarias. Stealth encapsula el túnel VPN en una sesión TLS para que parezca tráfico de Internet más genérico.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsula el túnel VPN en una sesión TLS para que parezca tráfico de Internet más genérico.
Desafortunadamente, no funciona muy bien en países donde se despliegan sofisticados filtros que analizan todo el tráfico saliente en un intento de descubrir túneles cifrados. Stealth está disponible en Android, iOS, Windows y macOS, pero aún no en Linux.
@@ -115,11 +115,11 @@ Además de proporcionar archivos de configuración OpenVPN estándar, Proton VPN
#### :material-information-outline:{ .pg-blue } Notas adicionales
-Los clientes de ProtonVPN soportan la autenticación de dos factores en todas las plataformas. El cliente móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). Ofrecen bloqueo de contenidos y bloqueo de malware conocido con su servicio DNS. Además, Proton VPN también ofrece servidores de "Tor" que te permiten conectarte con facilidad a los sitios onion, pero recomendamos encarecidamente usar [el navegador oficial de Tor](tor.md#tor-browser) para este propósito.
+Proton VPN clients support two-factor authentication on all platforms. El cliente móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). Ofrecen bloqueo de contenidos y bloqueo de malware conocido con su servicio DNS. Además, Proton VPN también ofrece servidores de "Tor" que te permiten conectarte con facilidad a los sitios onion, pero recomendamos encarecidamente usar [el navegador oficial de Tor](tor.md#tor-browser) para este propósito.
-##### :material-alert-outline:{ .pg-orange } La función Killswitch no funciona en los Macs basados en Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-Los fallos del sistema [pueden ocurrir](https://protonvpn.com/support/macos-t2-chip-kill-switch) en Macs basados en Intel cuando se utiliza el killswitch de VPN. Utilizan \[ShadowSocks\](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con \[Inspección profunda de paquete\](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Utilizan \[ShadowSocks\](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con \[Inspección profunda de paquete\](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN.
### IVPN
@@ -185,7 +185,7 @@ Anteriormente, IVPN admitía el reenvío de puertos, pero eliminó la opción en
#### :material-check:{ .pg-green } Anti censura
-IVPN tiene modos de ofuscación usando [v2ray](https://v2ray.com/en/index.html) que ayuda en situaciones donde los protocolos VPN como OpenVPN o Wireguard están bloqueados. Actualmente, esta característica solo está disponible en la versión para escritorio e [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Este cuenta con dos modos donde puede usar [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) sobre QUIC o conexiones TCP. QUIC es un moderno protocolo con mejor control de la congestión y puede ser más rápido con menor latencia. El modo TCP ayuda para que tus datos aparezcan como tráfico HTTP regular.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Este cuenta con dos modos donde puede usar [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) sobre QUIC o conexiones TCP. QUIC es un moderno protocolo con mejor control de la congestión y puede ser más rápido con menor latencia. El modo TCP ayuda para que tus datos aparezcan como tráfico HTTP regular.
#### :material-check:{ .pg-green } Clientes Móviles
@@ -193,7 +193,7 @@ Además de proporcionar archivos de configuración OpenVPN estándar, IVPN cuent
#### :material-information-outline:{ .pg-blue } Notas adicionales
-Los clientes de IVPN soportan la autenticación de dos factores. IVPN también ofrece la función "[AntiTracker](https://ivpn.net/antitracker)", que bloquea las redes publicitarias y los rastreadores a nivel de red.
+IVPN clients support two-factor authentication. IVPN también ofrece la función "[AntiTracker](https://ivpn.net/antitracker)", que bloquea las redes publicitarias y los rastreadores a nivel de red.
### Mullvad
@@ -201,7 +201,7 @@ Los clientes de IVPN soportan la autenticación de dos factores. IVPN también o
{ align=right }
-**Mullvad** es una VPN rápida y económica que se centra en la transparencia y la seguridad. Ha estado en operación desde 2009. Mullvad tiene su sede en Suecia y ofrece una garantía de devolución del dinero de 30 días para los métodos de pago que lo permitan.
+**Mullvad** es una VPN rápida y económica que se centra en la transparencia y la seguridad. Ha estado en operación desde 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Página Principal](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Servicio Onion" }
@@ -262,7 +262,7 @@ Anteriormente, Mullvad admitía el reenvío de puertos, pero eliminó esta opci
Mullvad ofrece varias funciones para ayudar a eludir la censura y acceder libremente a Internet:
-- **Modos de ofuscación**: Mullvad tiene dos modos de ofuscación incorporados: "UDP sobre TCP" y ["Wireguard sobre Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). Estos modos disfrazan su tráfico VPN como tráfico web normal, lo que dificulta su detección y bloqueo por parte de los censores. Supuestamente, China tiene que utilizar un [nuevo método para interrumpir el tráfico enrutado por Shadowsocks](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). Estos modos disfrazan su tráfico VPN como tráfico web normal, lo que dificulta su detección y bloqueo por parte de los censores. Supuestamente, China tiene que utilizar un [nuevo método para interrumpir el tráfico enrutado por Shadowsocks](https://gfw.report/publications/usenixsecurity23/en).
- **Ofuscación avanzada con Shadowsocks y v2ray**: Para usuarios más avanzados, Mullvad proporciona una guía sobre cómo utilizar el plugin [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) con clientes Mullvad. Esta configuración proporciona una capa adicional de ofuscación y cifrado.
- **IPs de servidor personalizadas**: Para contrarrestar el bloqueo de IPs, puedes solicitar IPs de servidor personalizadas al equipo de soporte de Mullvad. Una vez que recibas las IPs personalizadas, puedes introducir el archivo de texto en la configuración de "Anulación de IPs del servidor", que anulará las direcciones IPs del servidor elegidas con otras que el censor no conozca.
- **Puentes y proxies**: Mullvad también permite utilizar puentes o proxies para llegar a su API (necesario para la autenticación), lo que puede ayudar a eludir los intentos de censura que bloquean el acceso a la propia API.
@@ -288,19 +288,19 @@ Es importante tener en cuenta que el uso de un proveedor de VPN no le hará anó
### Tecnología
-Requerimos que todos nuestros proveedores de VPN recomendados proporcionen archivos de configuración OpenVPN para ser usados en cualquier cliente. **Si** una VPN proporciona su propio cliente personalizado, requerimos un killswitch para bloquear las fugas de datos de la red cuando se desconecta.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Mínimo para Calificar:**
-- Soporte para protocolos fuertes como WireGuard & OpenVPN.
-- Killswitch integrado en los clientes.
-- Soporte de multisaltos. El multihopping es importante para mantener la privacidad de los datos en caso de que un solo nodo se vea comprometido.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- Si se proporcionan clientes VPN, deben ser de [código abierto](https://en.wikipedia.org/wiki/Open_source), como el software VPN que generalmente llevan incorporado. Creemos que la disponibilidad del [código fuente](https://en.wikipedia.org/wiki/Source_code) proporciona una mayor transparencia sobre lo que hace realmente el programa.
- Funciones de resistencia a la censura diseñadas para eludir cortafuegos sin DPI.
**Mejor Caso:**
-- Killswitch con opciones altamente configurables (activar/desactivar en determinadas redes, en el arranque, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Clientes VPN fáciles de usar
- Soporte de [IPv6](https://en.wikipedia.org/wiki/IPv6). Esperamos que los servidores permitan las conexiones entrantes a través de IPv6 y le permitan acceder a los servicios alojados en direcciones IPv6.
- La capacidad de [redirección de puertos](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) ayuda a crear conexiones cuando se utiliza software de intercambio de archivos P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)), Freenet, o se aloja un servidor (por ejemplo, Mumble).
@@ -318,11 +318,11 @@ Preferimos que nuestros proveedores recomendados recojan la menor cantidad de da
**Mejor Caso:**
- Acepte múltiples [opciones de pago anónimo](advanced/payments.md).
-- No se acepten datos personales (nombre de usuario autogenerado, no se requiere correo electrónico, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Seguridad
-Una VPN no tiene sentido si ni siquiera puede proporcionar una seguridad adecuada. Requerimos que todos nuestros proveedores recomendados que se atengan a las normas de seguridad vigentes para sus conexiones OpenVPN. Lo ideal sería que utilizaran por defecto esquemas de encriptación más resistentes al futuro. También requerimos que un tercero independiente audite la seguridad del proveedor, idealmente de una manera muy completa y sobre una base repetida (anual).
+Una VPN no tiene sentido si ni siquiera puede proporcionar una seguridad adecuada. We require all our recommended providers to abide by current security standards. Lo ideal sería que utilizaran por defecto esquemas de encriptación más resistentes al futuro. También requerimos que un tercero independiente audite la seguridad del proveedor, idealmente de una manera muy completa y sobre una base repetida (anual).
**Mínimo para Calificar:**
@@ -360,7 +360,7 @@ Con los proveedores de VPN que recomendamos nos gusta ver un marketing responsab
**Mínimo para Calificar:**
-- Debe tener análisis propios (no Google Analytics, etc.). El sitio del proveedor también debe cumplir con [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) para las personas que quieran excluirse.
+- Debe tener análisis propios (no Google Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
No debe tener ningún mercadeo que sea irresponsable:
diff --git a/i18n/fa/about.md b/i18n/fa/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/fa/about.md
+++ b/i18n/fa/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/fa/about/contributors.md b/i18n/fa/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/fa/about/contributors.md
+++ b/i18n/fa/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/fa/about/criteria.md b/i18n/fa/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/fa/about/criteria.md
+++ b/i18n/fa/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/fa/about/executive-policy.md b/i18n/fa/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/fa/about/executive-policy.md
+++ b/i18n/fa/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/fa/about/notices.md b/i18n/fa/about/notices.md
index c2934514..590e767d 100644
--- a/i18n/fa/about/notices.md
+++ b/i18n/fa/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-ما اعتقاد داریم که لوگوها و تصاویر دیگر موجود در `assets` که از تامینکنندگان شخص ثالث به دست میآیند، یا در دامنه عمومی هستند یا تحت استفاده عادلانه **fair use** قرار میگیرند. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. با این حال، این لوگوها و تصاویر دیگر ممکن است همچنان تحت قوانین علامت تجاری در یک یا چند حقوق امتیاز موجود باشند. قبل از استفاده از این محتوا، لطفاً اطمینان حاصل کنید که از آن برای شناسایی شرکت یا سازمانی که علامت تجاری را دارد، استفاده میشود و شما در قوانینی که در شرایط استفاده مورد نظر شما اعمال میشود، حق استفاده از آن را دارید. *هنگام کپی محتوا از این وب سایت، شما به تنهایی مسئولیت اطمینان از عدم نقض حقوق تجاری یا حقوق تکثیر شخص دیگر را دارید.*
+ما اعتقاد داریم که لوگوها و تصاویر دیگر موجود در `assets` که از تامینکنندگان شخص ثالث به دست میآیند، یا در دامنه عمومی هستند یا تحت استفاده عادلانه **fair use** قرار میگیرند. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. با این حال، این لوگوها و تصاویر دیگر ممکن است همچنان تحت قوانین علامت تجاری در یک یا چند حقوق امتیاز موجود باشند. قبل از استفاده از این محتوا، لطفاً اطمینان حاصل کنید که از آن برای شناسایی شرکت یا سازمانی که علامت تجاری را دارد، استفاده میشود و شما در قوانینی که در شرایط استفاده مورد نظر شما اعمال میشود، حق استفاده از آن را دارید. *هنگام کپی محتوا از این وب سایت، شما به تنهایی مسئولیت اطمینان از عدم نقض حقوق تجاری یا حقوق تکثیر شخص دیگر را دارید.*
هنگامی که شما به وب سایت ما مشارکت میکنید، این کار را به موجب مجوزهای فوق انجام میدهید و به Privacy Guides یک مجوز دائمی، جهانی، غیر انحصاری، قابل انتقال، بدون نیاز به پرداخت حق کپی، بدون امکان لغو صدور میدهید. این مجوز حق دارد که از طریق زیرلیسانسدهندگان چندگانه، حقوقی را که بدین وسیله اعطا میکنید، تکثیر، اصلاح، نمایش، اجرا و توزیع مشارکت شما را به عنوان بخشی از پروژه ما، بهرهبرداری نماید.
diff --git a/i18n/fa/about/privacytools.md b/i18n/fa/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/fa/about/privacytools.md
+++ b/i18n/fa/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/fa/about/statistics.md b/i18n/fa/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/fa/about/statistics.md
+++ b/i18n/fa/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/fa/advanced/communication-network-types.md b/i18n/fa/advanced/communication-network-types.md
index 5d26d13e..cff5424d 100644
--- a/i18n/fa/advanced/communication-network-types.md
+++ b/i18n/fa/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/fa/advanced/dns-overview.md b/i18n/fa/advanced/dns-overview.md
index db4f94f4..6d04baa8 100644
--- a/i18n/fa/advanced/dns-overview.md
+++ b/i18n/fa/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-[سیستم نام دامنه (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) 'دفترچه تلفن اینترنت' است. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## دی ان اس DNS چیست؟
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/fa/advanced/tor-overview.md b/i18n/fa/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/fa/advanced/tor-overview.md
+++ b/i18n/fa/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/fa/ai-chat.md b/i18n/fa/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/fa/ai-chat.md
+++ b/i18n/fa/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/fa/alternative-networks.md b/i18n/fa/alternative-networks.md
index 719ba6f7..48a2d0ec 100644
--- a/i18n/fa/alternative-networks.md
+++ b/i18n/fa/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/fa/android/general-apps.md b/i18n/fa/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/fa/android/general-apps.md
+++ b/i18n/fa/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/fa/basics/account-creation.md b/i18n/fa/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/fa/basics/account-creation.md
+++ b/i18n/fa/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/fa/basics/account-deletion.md b/i18n/fa/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/fa/basics/account-deletion.md
+++ b/i18n/fa/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/fa/basics/common-misconceptions.md b/i18n/fa/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/fa/basics/common-misconceptions.md
+++ b/i18n/fa/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/fa/basics/common-threats.md b/i18n/fa/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/fa/basics/common-threats.md
+++ b/i18n/fa/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/fa/basics/email-security.md b/i18n/fa/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/fa/basics/email-security.md
+++ b/i18n/fa/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/fa/basics/hardware.md b/i18n/fa/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/fa/basics/hardware.md
+++ b/i18n/fa/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/fa/basics/multi-factor-authentication.md b/i18n/fa/basics/multi-factor-authentication.md
index 23dc44c5..947f3b7e 100644
--- a/i18n/fa/basics/multi-factor-authentication.md
+++ b/i18n/fa/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/fa/basics/passwords-overview.md b/i18n/fa/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/fa/basics/passwords-overview.md
+++ b/i18n/fa/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/fa/basics/threat-modeling.md b/i18n/fa/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/fa/basics/threat-modeling.md
+++ b/i18n/fa/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/fa/browser-extensions.md b/i18n/fa/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/fa/browser-extensions.md
+++ b/i18n/fa/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/fa/calendar.md b/i18n/fa/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/fa/calendar.md
+++ b/i18n/fa/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/fa/cloud.md b/i18n/fa/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/fa/cloud.md
+++ b/i18n/fa/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/fa/cryptocurrency.md b/i18n/fa/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/fa/cryptocurrency.md
+++ b/i18n/fa/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/fa/data-broker-removals.md b/i18n/fa/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/fa/data-broker-removals.md
+++ b/i18n/fa/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/fa/desktop-browsers.md b/i18n/fa/desktop-browsers.md
index 3c6cac08..e5fdb362 100644
--- a/i18n/fa/desktop-browsers.md
+++ b/i18n/fa/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions
### مولواد (Mullvad)
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## فایرفاکس (Firefox)
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS بر روی HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/fa/desktop.md b/i18n/fa/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/fa/desktop.md
+++ b/i18n/fa/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/fa/device-integrity.md b/i18n/fa/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/fa/device-integrity.md
+++ b/i18n/fa/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/fa/dns.md b/i18n/fa/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/fa/dns.md
+++ b/i18n/fa/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/fa/document-collaboration.md b/i18n/fa/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/fa/document-collaboration.md
+++ b/i18n/fa/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/fa/email-aliasing.md b/i18n/fa/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/fa/email-aliasing.md
+++ b/i18n/fa/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/fa/email.md b/i18n/fa/email.md
index 304be08b..b80f065a 100644
--- a/i18n/fa/email.md
+++ b/i18n/fa/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** یک سرویس ایمیل با تمرکز بر حریم خصوصی، رمزگذاری، امنیت و سهولت استفاده است. They have been in operation since 2013. شرکت Proton AG در ژنو سوئیس قرار دارد. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** یک سرویس ایمیل با تمرکز بر حریم خصوصی، رمزگذاری، امنیت و سهولت استفاده است. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail پول نقد از طریق پست، کارت اعتباری/دبی
#### :material-check:{ .pg-green } امنیت حساب
-Proton Mail از TOTP [احراز هویت دو عاملی](https://proton.me/support/two-factor-authentication-2fa) و [کلیدهای امنیتی سخت افزاری](https://proton.me/support TOTP/2fa-security-key) با استفاده از استانداردهای FIDO2 یا U2F پشتیبانی میکند. استفاده از کلید امنیتی سخت افزاری نیازمند راهاندازی احراز هویت دو عاملی TOTP است.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } امنیت داده
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } عملکردهای دیگر
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail امکان به ارث بردن اطلاعات برای وراث را ندارد.
@@ -127,7 +127,7 @@ Proton Mail امکان به ارث بردن اطلاعات برای وراث ر
{ align=right }
-**Mailbox.org** یک سرویس ایمیل با تمرکز بر ایمن بودن، بدون آگهی و خصوصی بودن با مصرف انرژی 100% سازگار با محیط زیست است. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** یک سرویس ایمیل با تمرکز بر ایمن بودن، بدون آگهی و خصوصی بودن با مصرف انرژی 100% سازگار با محیط زیست است. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } روش های پرداخت خصوصی
-به دلیل تعلیق پرداختیار BitPay در آلمان، Mailbox.org هیچ ارز دیجیتالی را نمیپذیرد. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+به دلیل تعلیق پرداختیار BitPay در آلمان، Mailbox.org هیچ ارز دیجیتالی را نمیپذیرد. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } امنیت حساب
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). استانداردهای وب مانند [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) هنوز پشتیبانی نمیشوند.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). استانداردهای وب مانند [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) هنوز پشتیبانی نمیشوند.
#### :material-information-outline:{ .pg-blue } امنیت داده
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } عملکردهای دیگر
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). با این حال، رابط وب ایمیل از طریق سرویس .onion آنها قابل دسترسی نیست و ممکن است با خطاهای گواهی TLS مواجه شوید.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org همچنین از [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) علاوه بر پروتکلهای دسترسی استاندارد مانند IMAP و POP3 پشتیبانی میکند.
@@ -195,7 +195,7 @@ Mailbox.org امکان به ارث بردن اطلاعات برای همه طر
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } روش های پرداخت خصوصی
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } امنیت حساب
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } امنیت داده
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**حداقل شرایط صلاحیت:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/fa/encryption.md b/i18n/fa/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/fa/encryption.md
+++ b/i18n/fa/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/fa/file-sharing.md b/i18n/fa/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/fa/file-sharing.md
+++ b/i18n/fa/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/fa/frontends.md b/i18n/fa/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/fa/frontends.md
+++ b/i18n/fa/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/fa/index.md b/i18n/fa/index.md
index 11a03869..3419f8d0 100644
--- a/i18n/fa/index.md
+++ b/i18n/fa/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. شرکت Proton AG در ژنو سوئیس قرار دارد. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/fa/meta/brand.md b/i18n/fa/meta/brand.md
index dbf003bf..fe8dcec1 100644
--- a/i18n/fa/meta/brand.md
+++ b/i18n/fa/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-نام انجمن در ردیت این هست **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
دستورالعملهای برندسازی اضافی را میتوانید در اینجا پیدا کنید [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/fa/meta/translations.md b/i18n/fa/meta/translations.md
index e37a6a17..1a780b4e 100644
--- a/i18n/fa/meta/translations.md
+++ b/i18n/fa/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## تبدیل کامل عرض و نحوهٔ استفاده از Markdown
-سیستمهای نگارش CJK (چینی، ژاپنی، کرهای) به طور معمول از نسخههای جایگزین "عرض کامل" نمادهای متداول استفاده میکنند. تبدیلهای تمامعرض و نحوهٔ استفاده از نشانهها در Markdown.
+سیستمهای نگارش CJK (چینی، ژاپنی، کرهای) به طور معمول از نسخههای جایگزین "عرض کامل" نمادهای متداول استفاده میکنند. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/fa/meta/uploading-images.md b/i18n/fa/meta/uploading-images.md
index c9c35a1f..c95fdcee 100644
--- a/i18n/fa/meta/uploading-images.md
+++ b/i18n/fa/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/fa/meta/writing-style.md b/i18n/fa/meta/writing-style.md
index 97b9b354..d03f2c3d 100644
--- a/i18n/fa/meta/writing-style.md
+++ b/i18n/fa/meta/writing-style.md
@@ -64,7 +64,7 @@ Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a
## مختصر باشد
-> کلمات غیر ضروری وقت مخاطب شما را تلف می کند. یک نوشته خوب مثل یک مکالمه است. اطلاعاتی را که مخاطب نیازی به دانستن آنها ندارد حذف کنید. این می تواند به عنوان یک متخصص در موضوع دشوار باشد، بنابراین مهم است که به اطلاعات از دیدگاه مخاطب نگاه کنید.
+> کلمات غیر ضروری وقت مخاطب شما را تلف می کند. یک نوشته خوب مثل یک مکالمه است. اطلاعاتی را که مخاطب نیازی به دانستن آنها ندارد حذف کنید. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/fa/mobile-browsers.md b/i18n/fa/mobile-browsers.md
index ee477994..36534c5a 100644
--- a/i18n/fa/mobile-browsers.md
+++ b/i18n/fa/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/fa/multi-factor-authentication.md b/i18n/fa/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/fa/multi-factor-authentication.md
+++ b/i18n/fa/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/fa/notebooks.md b/i18n/fa/notebooks.md
index 20eb0eca..3ce1d785 100644
--- a/i18n/fa/notebooks.md
+++ b/i18n/fa/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-یادداشت ها و ژورنال های خود را بدون دادن به شخص ثالث پیگیری کنید.
+Keep track of your notes and journals without giving them to a third party.
اگر در حال حاضر از برنامهای مانند Evernote، Google Keep یا Microsoft OneNote استفاده میکنید، پیشنهاد میکنیم یک جایگزین را در اینجا انتخاب کنید که از E2EE پشتیبانی میکند.
@@ -82,7 +82,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -131,7 +131,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/fa/os/android-overview.md b/i18n/fa/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/fa/os/android-overview.md
+++ b/i18n/fa/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/fa/os/ios-overview.md b/i18n/fa/os/ios-overview.md
index 3149d122..d3dcb8ae 100644
--- a/i18n/fa/os/ios-overview.md
+++ b/i18n/fa/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/fa/os/linux-overview.md b/i18n/fa/os/linux-overview.md
index da9af28b..412f213e 100644
--- a/i18n/fa/os/linux-overview.md
+++ b/i18n/fa/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/fa/os/macos-overview.md b/i18n/fa/os/macos-overview.md
index 838ab515..b01d6855 100644
--- a/i18n/fa/os/macos-overview.md
+++ b/i18n/fa/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/fa/os/windows/group-policies.md b/i18n/fa/os/windows/group-policies.md
index 633b947e..deb408a0 100644
--- a/i18n/fa/os/windows/group-policies.md
+++ b/i18n/fa/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/fa/os/windows/index.md b/i18n/fa/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/fa/os/windows/index.md
+++ b/i18n/fa/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/fa/passwords.md b/i18n/fa/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/fa/passwords.md
+++ b/i18n/fa/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/fa/photo-management.md b/i18n/fa/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/fa/photo-management.md
+++ b/i18n/fa/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/fa/real-time-communication.md b/i18n/fa/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/fa/real-time-communication.md
+++ b/i18n/fa/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/fa/router.md b/i18n/fa/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/fa/router.md
+++ b/i18n/fa/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/fa/security-keys.md b/i18n/fa/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/fa/security-keys.md
+++ b/i18n/fa/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/fa/tools.md b/i18n/fa/tools.md
index 534e2822..f4b6f4c1 100644
--- a/i18n/fa/tools.md
+++ b/i18n/fa/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. شرکت Proton AG در ژنو سوئیس قرار دارد. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. آنها از سال 2014 شروع به کار کردهاند. Mailbox.org در برلین آلمان مستقر است. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/fa/tor.md b/i18n/fa/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/fa/tor.md
+++ b/i18n/fa/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/fa/vpn.md b/i18n/fa/vpn.md
index e2a60275..f49df5fe 100644
--- a/i18n/fa/vpn.md
+++ b/i18n/fa/vpn.md
@@ -2,7 +2,7 @@
meta_title: "توصیه ها و مقایسه سرویس VPN خصوصی، بدون اسپانسر یا تبلیغات - Privacy Guides"
title: "سرویسهای VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. ارائه دهنده ای را در اینجا پیدا کنید که قصد جاسوسی از شما را نداشته باشد.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/fr/about.md b/i18n/fr/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/fr/about.md
+++ b/i18n/fr/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/fr/about/contributors.md b/i18n/fr/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/fr/about/contributors.md
+++ b/i18n/fr/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/fr/about/criteria.md b/i18n/fr/about/criteria.md
index 23fb214c..918929a2 100644
--- a/i18n/fr/about/criteria.md
+++ b/i18n/fr/about/criteria.md
@@ -24,7 +24,7 @@ Nous avons ces exigences à l'égard des développeurs qui souhaitent soumettre
- Vous devez indiquer votre affiliation, c'est-à-dire votre position au sein du projet soumis.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Si possible, veuillez mentionner qui mènera l'audit.
- Vous devez expliquer ce que le projet apporte en matière de respect de la vie privée.
diff --git a/i18n/fr/about/executive-policy.md b/i18n/fr/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/fr/about/executive-policy.md
+++ b/i18n/fr/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/fr/about/notices.md b/i18n/fr/about/notices.md
index dad5f865..aab18753 100644
--- a/i18n/fr/about/notices.md
+++ b/i18n/fr/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Nous estimons que les logos et autres images des `actifs` obtenus auprès de fournisseurs tiers sont soit du domaine public, soit **d'un usage raisonnable**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Toutefois, ces logos et autres images peuvent encore être soumis aux lois sur les marques commerciales dans une ou plusieurs juridictions. Avant d'utiliser ce contenu, veuillez vous assurer qu'il est utilisé pour identifier l'entité ou l'organisation propriétaire de la marque et que vous avez le droit de l'utiliser en vertu des lois applicables dans les circonstances de votre utilisation prévue. *Lorsque vous copiez le contenu de ce site web, vous êtes seul responsable de vous assurer que vous ne violez pas la marque ou le droit d'auteur de quelqu'un d'autre.*
+Nous estimons que les logos et autres images des `actifs` obtenus auprès de fournisseurs tiers sont soit du domaine public, soit **d'un usage raisonnable**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Toutefois, ces logos et autres images peuvent encore être soumis aux lois sur les marques commerciales dans une ou plusieurs juridictions. Avant d'utiliser ce contenu, veuillez vous assurer qu'il est utilisé pour identifier l'entité ou l'organisation propriétaire de la marque et que vous avez le droit de l'utiliser en vertu des lois applicables dans les circonstances de votre utilisation prévue. *Lorsque vous copiez le contenu de ce site web, vous êtes seul responsable de vous assurer que vous ne violez pas la marque ou le droit d'auteur de quelqu'un d'autre.*
Lorsque vous contribuez à notre site web, vous le faites dans le cadre des licences susmentionnées et vous accordez à Privacy Guides une licence perpétuelle, mondiale, non exclusive, transférable, libre de redevances et irrévocable, avec le droit d'accorder une sous-licence à plusieurs niveaux de sous-licenciés, pour reproduire, modifier, afficher, exécuter et distribuer votre contribution dans le cadre de notre projet.
diff --git a/i18n/fr/about/privacytools.md b/i18n/fr/about/privacytools.md
index 516690cb..65672897 100644
--- a/i18n/fr/about/privacytools.md
+++ b/i18n/fr/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Contrôle de r/privacytoolsIO
-En même temps que les problèmes du site privacytools.io, l'équipe de modération de r/privacytoolsIO était confrontée à des difficultés pour gérer le subreddit. Le subreddit a toujours été géré de manière indépendante du développement du site Web, mais BurungHantu en était également le principal modérateur, et il était le seul modérateur à bénéficier des privilèges de "contrôle total". u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit exige que les subreddits aient des modérateurs actifs. Si le modérateur principal est inactif pendant une longue période (par exemple un an), le poste de modérateur principal peut être réattribué au modérateur suivant. Pour que cette demande ait été accordée, BurungHantu devait avoir été complètement absent de toute activité Reddit pendant une longue période, ce qui était cohérent avec ses comportements sur d'autres plateformes.
+Reddit requires that Subreddits have active moderators. Si le modérateur principal est inactif pendant une longue période (par exemple un an), le poste de modérateur principal peut être réattribué au modérateur suivant. Pour que cette demande ait été accordée, BurungHantu devait avoir été complètement absent de toute activité Reddit pendant une longue période, ce qui était cohérent avec ses comportements sur d'autres plateformes.
> Si vous avez été retiré en tant que modérateur d'un sous-rédit via la demande Reddit, c'est parce que votre manque de réponse et votre manque d'activité ont qualifié le sous-rédit pour un transfert de r/redditrequest.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiver le code source sur GitHub pour préserver notre travail passé et le suivi de tickets, que nous avons continué à utiliser pendant des mois de développement futur de ce site.
-- Publier des annonces dans notre sous-reddit et dans diverses autres communautés pour informer les gens du changement officiel.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Fermer formellement les services privacytools.io, comme Matrix et Mastodon, et encourager les utilisateurs existants à migrer dès que possible.
Les choses semblaient se dérouler sans problème, et la plupart de notre communauté active a fait le passage à notre nouveau projet exactement comme nous l'espérions.
@@ -66,11 +66,11 @@ Environ une semaine après la transition, BurungHantu est revenu en ligne pour l
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Nous avons accepté et lui avons demandé de garder les sous-domaines de Matrix, Mastodon et PeerTube actifs pour que nous les gérions comme un service public pour notre communauté pendant au moins quelques mois, afin de permettre aux utilisateurs de ces plateformes de migrer facilement vers d'autres comptes. En raison de la nature fédérée des services que nous fournissions, ils étaient liés à des noms de domaine spécifiques, ce qui rendait la migration très difficile (et dans certains cas impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Suite à cela, BurungHantu a lancé de fausses accusations selon lesquelles Jonah aurait volé les dons du projet. BurungHantu avait plus d'un an depuis l'incident présumé pour informer la communauté, et pourtant, il n'en a informé personne avant la migration vers Privacy Guides. L'équipe [et la communauté](https://twitter.com/TommyTran732/status/1526153536962281474)ont demandé à plusieurs reprises à BurungHantu de fournir des preuves et de s'expliquer sur la raison de son silence, mais il ne l'a pas fait.
-BurungHantu a également publié [un message sur Twitter](https://twitter.com/privacytoolsIO/status/1510560676967710728) prétendant qu'un "avocat" l'avait contacté sur Twitter et lui donnait des conseils, dans une autre tentative de nous intimider pour que nous lui donnions le contrôle de notre subreddit, et dans le cadre de sa campagne de diffamation visant à brouiller les pistes concernant le lancement de Privacy Guides tout en prétendant être une victime.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io maintenant
@@ -80,7 +80,7 @@ Depuis le 25 septembre 2022, nous voyons les plans de BurungHantu se dessiner su
## r/privacytoolsIO maintenant
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] La croissance de ce sous-reddit a été le résultat de grands efforts, sur plusieurs années, par l'équipe PrivacyGuides.org. Et par chacun d'entre vous.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Les sous-reddits n'appartiennent à personne, et ils n'appartiennent surtout pas aux détenteurs de marques. Ils appartiennent à leurs communautés, et la communauté et ses modérateurs ont pris la décision de soutenir le déplacement vers r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Les représailles d'un modérateur à l'égard des demandes de suppression sont interdites.
-Pour une communauté qui compte encore plusieurs milliers d'abonnés, nous estimons qu'il serait incroyablement irrespectueux de rendre le contrôle de cette énorme plateforme à la personne qui l'a abandonnée pendant plus d'un an et qui gère désormais un site web qui, selon nous, fournit des informations de très mauvaise qualité. Préserver les années de discussions passées dans cette communauté est plus important pour nous, et donc u/trai_dep et le reste de l'équipe de modération du subreddit a pris la décision de garder r/privacytoolsIO tel quel.
+Pour une communauté qui compte encore plusieurs milliers d'abonnés, nous estimons qu'il serait incroyablement irrespectueux de rendre le contrôle de cette énorme plateforme à la personne qui l'a abandonnée pendant plus d'un an et qui gère désormais un site web qui, selon nous, fournit des informations de très mauvaise qualité. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective maintenant
diff --git a/i18n/fr/about/statistics.md b/i18n/fr/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/fr/about/statistics.md
+++ b/i18n/fr/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/fr/advanced/communication-network-types.md b/i18n/fr/advanced/communication-network-types.md
index e6f6494b..ab099106 100644
--- a/i18n/fr/advanced/communication-network-types.md
+++ b/i18n/fr/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Lorsqu'ils sont auto-hébergés, les membres d'un serveur fédéré peuvent déc
- Permet un meilleur contrôle de vos propres données lorsque vous utilisez votre propre serveur.
- Vous permet de choisir à qui confier vos données en choisissant entre plusieurs serveurs "publics".
- Permet souvent l'utilisation de clients tiers qui peuvent fournir une expérience plus naturelle, personnalisée ou accessible.
-- Il est possible de vérifier que le logiciel du serveur correspond au code source public, en supposant que vous avez accès au serveur ou que vous faites confiance à la personne qui y a accès (par exemple, un membre de la famille).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Inconvénients :**
@@ -60,7 +60,7 @@ Lorsqu'ils sont auto-hébergés, les membres d'un serveur fédéré peuvent déc
Les messageries P2P se connectent à un [réseau distribué](https://fr.wikipedia.org/wiki/Réseau_distribué) de nœuds pour relayer un message au destinataire sans serveur tiers.
-Les clients (les pairs) se trouvent généralement les uns les autres grâce à l'utilisation d'un réseau de [calcul distribué](https://fr.wikipedia.org/wiki/Calcul_distribué). Citons par exemple les [Tables de Hachages Distribuées](https://fr.wikipedia.org/wiki/Table_de_hachage_distribuée) (THD), utilisées par les [Torrents](https://fr.wikipedia.org/wiki/BitTorrent) et [l'IPFS](https://fr.wikipedia.org/wiki/InterPlanetary_File_System). Une autre approche est celle des réseaux basés sur la proximité, où une connexion est établie par WiFi ou Bluetooth (par exemple, Briar ou le protocole de réseau social [Scuttlebutt](https://scuttlebutt.nz) ).
+Les clients (les pairs) se trouvent généralement les uns les autres grâce à l'utilisation d'un réseau de [calcul distribué](https://fr.wikipedia.org/wiki/Calcul_distribué). Citons par exemple les [Tables de Hachages Distribuées](https://fr.wikipedia.org/wiki/Table_de_hachage_distribuée) (THD), utilisées par les [Torrents](https://fr.wikipedia.org/wiki/BitTorrent) et [l'IPFS](https://fr.wikipedia.org/wiki/InterPlanetary_File_System). Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Lorsqu'un pair a trouvé une route vers son contact par l'une de ces méthodes, une connexion directe est établie entre eux. Bien que les messages soient généralement chiffrés, un observateur peut toujours déduire l'emplacement et l'identité de l'expéditeur et du destinataire.
@@ -85,9 +85,9 @@ Les réseaux P2P n'utilisent pas de serveurs, car les pairs communiquent directe
Une messagerie utilisant le [routage anonyme](https://doi.org/10.1007/978-1-4419-5906-5_628) cache soit l'identité de l'expéditeur, celle du destinataire, ou la preuve qu'ils aient communiqué. Idéalement, une messagerie devrait cacher les trois.
-Il existe de [nombreuses](https://doi.org/10.1145/3182658) façons différentes de mettre en œuvre le routage anonyme. L'une des plus célèbres est le [routage en oignon](https://en.wikipedia.org/wiki/Onion_routing) comme [Tor](https://fr.wikipedia.org/wiki/Tor_(réseau)), qui communique des messages chiffrés par le biais d'un [réseau superposé](https://fr.wikipedia.org/wiki/Réseau_superposé) qui masque l'emplacement de chaque nœud ainsi que le destinataire et l'expéditeur de chaque message. L'expéditeur et le destinataire n'interagissent jamais directement et ne se rencontrent que par l'intermédiaire d'un nœud de rendez-vous secret, de sorte qu'il n'y ait aucune fuite d'adresses IP ni de localisation physique. Les nœuds ne peuvent pas déchiffrer les messages ni la destination finale, seul le destinataire le peut. Chaque nœud intermédiaire ne peut déchiffrer qu'une partie qui indique où envoyer ensuite le message encore chiffré, jusqu'à ce qu'il arrive au destinataire qui peut le déchiffrer entièrement, d'où les "couches d'oignon."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. L'une des plus célèbres est le [routage en oignon](https://en.wikipedia.org/wiki/Onion_routing) comme [Tor](https://fr.wikipedia.org/wiki/Tor_(réseau)), qui communique des messages chiffrés par le biais d'un [réseau superposé](https://fr.wikipedia.org/wiki/Réseau_superposé) qui masque l'emplacement de chaque nœud ainsi que le destinataire et l'expéditeur de chaque message. L'expéditeur et le destinataire n'interagissent jamais directement et ne se rencontrent que par l'intermédiaire d'un nœud de rendez-vous secret, de sorte qu'il n'y ait aucune fuite d'adresses IP ni de localisation physique. Les nœuds ne peuvent pas déchiffrer les messages ni la destination finale, seul le destinataire le peut. Chaque nœud intermédiaire ne peut déchiffrer qu'une partie qui indique où envoyer ensuite le message encore chiffré, jusqu'à ce qu'il arrive au destinataire qui peut le déchiffrer entièrement, d'où les "couches d'oignon."
-L'auto-hébergement d'un nœud dans un réseau de routage anonyme ne procure pas à l'hébergeur des avantages supplémentaires en matière de confidentialité, mais contribue plutôt à la résilience de l'ensemble du réseau contre les attaques d'identification pour le bénéfice de tous.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Avantages :**
diff --git a/i18n/fr/advanced/dns-overview.md b/i18n/fr/advanced/dns-overview.md
index ae93f0c3..598ef356 100644
--- a/i18n/fr/advanced/dns-overview.md
+++ b/i18n/fr/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Le Système de Nom de Domaine est le "répertoire téléphonique de l'internet", qui aide votre navigateur à trouver le site web qu'il recherche.
---
-Le [système de nom de domaine](https://fr.wikipedia.org/wiki/Domain_Name_System) est "l'annuaire de l'internet". Le DNS traduit les noms de domaine en adresses IP afin que les navigateurs et autres services puissent charger les ressources de l'internet, grâce à un réseau décentralisé de serveurs.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. Le DNS traduit les noms de domaine en adresses IP afin que les navigateurs et autres services puissent charger les ressources de l'internet, grâce à un réseau décentralisé de serveurs.
## Qu'est-ce que le DNS ?
@@ -24,7 +24,7 @@ Ci-dessous, nous discutons et fournissons un tutoriel pour prouver ce qu'un obse
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. Nous pouvons ensuite utiliser [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) ou [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) pour envoyer la recherche DNS aux deux serveurs. Les logiciels tels que les navigateurs web effectuent ces recherches automatiquement, à moins qu'ils ne soient configurés pour utiliser un DNS chiffré.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Les logiciels tels que les navigateurs web effectuent ces recherches automatiquement, à moins qu'ils ne soient configurés pour utiliser un DNS chiffré.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Ci-dessous, nous discutons et fournissons un tutoriel pour prouver ce qu'un obse
nslookup privacyguides.org 8.8.8.8
```
-3. Ensuite, nous voulons [analyser](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) les résultats :
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Les DNS cryptés peuvent se référer à un certain nombre de protocoles, les pl
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) était l'une des premières méthodes de chiffrement des requêtes DNS. DNSCrypt opère sur le port 443 et fonctionne avec les protocoles de transport TCP ou UDP. DNSCrypt n'a jamais été soumis à l'IETF (Internet Engineering Task Force) [](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) et n'est pas passé par le processus de demande de commentaires (RFC) [](https://en.wikipedia.org/wiki/Request_for_Comments) . Il n'a donc pas été largement utilisé en dehors de quelques implémentations [](https://dnscrypt.info/implementations). En conséquence, il a été largement remplacé par le plus populaire [DNS sur HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) était l'une des premières méthodes de chiffrement des requêtes DNS. DNSCrypt opère sur le port 443 et fonctionne avec les protocoles de transport TCP ou UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). En conséquence, il a été largement remplacé par le plus populaire [DNS sur HTTPS](#dns-over-https-doh).
### DNS sur TLS (DoT)
@@ -118,7 +118,7 @@ Dans cet exemple, nous allons enregistrer ce qui se passe lorsque nous faisons u
3. Après avoir fait la demande, nous pouvons arrêter la capture de paquets avec CTRL + C.
-4. Analysez les résultats dans Wireshark :
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Lorsque nous effectuons une recherche DNS, c'est généralement parce que nous v
Le moyen le plus simple de déterminer l'activité de navigation est de regarder les adresses IP auxquelles vos appareils accèdent. Par exemple, si l'observateur sait que `privacyguides.org` est à `198.98.54.105`, et que votre appareil demande des données à `198.98.54.105`, il y a de fortes chances que vous visitiez Privacy Guides.
-Cette méthode n'est utile que lorsque l'adresse IP appartient à un serveur qui n'héberge que quelques sites web. Elle n'est pas non plus très utile si le site est hébergé sur une plateforme partagée (par exemple, Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Il n'est pas non plus très utile si le serveur est hébergé derrière un [proxy inverse](https://fr.wikipedia.org/wiki/Proxy_inverse), ce qui est très courant actuellement sur Internet.
+Cette méthode n'est utile que lorsque l'adresse IP appartient à un serveur qui n'héberge que quelques sites web. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Il n'est pas non plus très utile si le serveur est hébergé derrière un [proxy inverse](https://fr.wikipedia.org/wiki/Proxy_inverse), ce qui est très courant actuellement sur Internet.
### Server Name Indication (SNI)
-La Server Name Indication (indication du nom du serveur) est généralement utilisée lorsqu'une adresse IP héberge de nombreux sites web. Il peut s'agir d'un service comme Cloudflare, ou d'une autre protection contre les [attaques par déni de service](https://fr.wikipedia.org/wiki/Attaque_par_déni_de_service).
+Server Name Indication is typically used when an IP address hosts many websites. Il peut s'agir d'un service comme Cloudflare, ou d'une autre protection contre les [attaques par déni de service](https://fr.wikipedia.org/wiki/Attaque_par_déni_de_service).
-1. Recommencez à capturer avec `tshark`. Nous avons ajouté un filtre avec notre adresse IP pour que vous ne capturiez pas beaucoup de paquets :
+1. Recommencez à capturer avec `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 et hôte 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | Non | nothing(Ne faites rien)
```
-Le DNS chiffré avec des serveurs tiers ne doit être utilisé que pour contourner le [blocage DNS](https://en.wikipedia.org/wiki/DNS_blocking) de base lorsque vous êtes certain qu'il n'y aura pas de conséquences ou que vous êtes intéressés par un fournisseur qui effectue un filtrage rudimentaire.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Liste des serveurs DNS recommandés](../dns.md ""){.md-button}
diff --git a/i18n/fr/advanced/tor-overview.md b/i18n/fr/advanced/tor-overview.md
index 9034ebc0..a572b511 100644
--- a/i18n/fr/advanced/tor-overview.md
+++ b/i18n/fr/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor fonctionne en acheminant votre trafic Internet via des serveurs gérés par
Avant de vous connecter à Tor, vous devriez soigneusement réfléchir à ce que vous cherchez à accomplir en utilisant Tor, et à qui vous essayez de cacher votre activité sur le réseau.
-Si vous vivez dans un pays libre, que vous accédez à du contenu banal via Tor, que vous ne craignez pas que votre FAI ou vos administrateurs de réseau local sachent que vous utilisez Tor, et que vous voulez aider [à déstigmatiser](https://2019.www.torproject.org/about/torusers.html.en) l'utilisation de Tor, vous pouvez probablement vous connecter à Tor directement via des moyens standards comme le [Navigateur Tor](../tor.md) sans inquiétude.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
Si vous avez la possibilité d'accéder à un fournisseur de VPN de confiance et que **l'un** des éléments suivants est vrai, vous devriez presque certainement vous connecter à Tor par le biais d'un VPN :
diff --git a/i18n/fr/ai-chat.md b/i18n/fr/ai-chat.md
index 52bbe386..f339cde8 100644
--- a/i18n/fr/ai-chat.md
+++ b/i18n/fr/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Critères
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Dans le meilleur des cas
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/fr/alternative-networks.md b/i18n/fr/alternative-networks.md
index 3772f4ea..e4cbca72 100644
--- a/i18n/fr/alternative-networks.md
+++ b/i18n/fr/alternative-networks.md
@@ -68,7 +68,7 @@ Vous pouvez activer Snowflake dans votre navigateur en l'ouvrant dans un autre o
Snowflake n'améliore en rien votre vie privée et n'est pas utilisé pour se connecter au réseau Tor depuis votre navigateur personnel. Toutefois, si votre connexion Internet n'est pas censurée, vous devriez envisager de l'utiliser pour aider les personnes se trouvant sur des réseaux censurés à améliorer elles-mêmes leur vie privée. Il n'y a pas besoin de s'inquiéter des sites web auxquels les gens accèdent via votre proxy - leur adresse IP de navigation visible correspondra à leur nœud de sortie Tor, pas à la vôtre.
-Faire fonctionner un proxy Snowflake est peu risqué, encore moins que de faire fonctionner un relais ou un pont Tor qui ne sont déjà pas des entreprises particulièrement risquées. Toutefois, il achemine le trafic par le biais de votre réseau, ce qui peut avoir un impact à certains égards, surtout si votre réseau a une bande passante limitée. Assurez-vous de bien comprendre [le fonctionnement de Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) avant de décider d'utiliser ou non un proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. Toutefois, il achemine le trafic par le biais de votre réseau, ce qui peut avoir un impact à certains égards, surtout si votre réseau a une bande passante limitée. Assurez-vous de bien comprendre [le fonctionnement de Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) avant de décider d'utiliser ou non un proxy.
### I2P (Le projet Internet invisible)
@@ -77,7 +77,7 @@ Faire fonctionner un proxy Snowflake est peu risqué, encore moins que de faire
{ align=right }
{ align=right }
-**I2P** est une couche réseau qui chiffre vos connexions et les achemine via un réseau d'ordinateurs répartis dans le monde entier. Elle vise principalement à créer un réseau alternatif de protection de la vie privée plutôt qu'à rendre anonymes les connexions internet ordinaires.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. Elle vise principalement à créer un réseau alternatif de protection de la vie privée plutôt qu'à rendre anonymes les connexions internet ordinaires.
[:octicons-home-16: Page d'accueil](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ Vous pouvez essayer de vous connecter à _Privacy Guides_ via I2P à l'adresse [
-En outre, contrairement à Tor, chaque nœud I2P relaiera par défaut le trafic pour les autres utilisateurs, au lieu de s'appuyer sur des volontaires de relais dédiés pour faire fonctionner les nœuds. Il y a environ [10 000](https://metrics.torproject.org/networksize.html) relais et ponts sur le réseau Tor contre environ 50 000 sur I2P, ce qui signifie qu'il y a potentiellement plus de façons pour votre trafic d'être acheminé afin de maximiser l'anonymat. I2P a également tendance à être plus performant que Tor, bien que cela soit probablement un effet secondaire du fait que Tor se concentre davantage sur le trafic internet "clair" et utilise donc davantage de nœuds de sortie à goulot d'étranglement. Les performances des services cachés sont généralement considérées comme bien meilleures sur I2P que sur Tor. Alors que l'exécution d'applications P2P comme BitTorrent est difficile sur Tor (et peut avoir un impact massif sur les performances du réseau Tor), elle est très facile et performante sur I2P.
+En outre, contrairement à Tor, chaque nœud I2P relaiera par défaut le trafic pour les autres utilisateurs, au lieu de s'appuyer sur des volontaires de relais dédiés pour faire fonctionner les nœuds. Il y a environ [10 000](https://metrics.torproject.org/networksize.html) relais et ponts sur le réseau Tor contre environ 50 000 sur I2P, ce qui signifie qu'il y a potentiellement plus de façons pour votre trafic d'être acheminé afin de maximiser l'anonymat. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Les performances des services cachés sont généralement considérées comme bien meilleures sur I2P que sur Tor. Alors que l'exécution d'applications P2P comme BitTorrent est difficile sur Tor (et peut avoir un impact massif sur les performances du réseau Tor), elle est très facile et performante sur I2P.
L'approche de I2P présente toutefois des inconvénients. Le fait que Tor s'appuie sur des nœuds de sortie dédiés signifie que davantage de personnes dans des environnements moins sûrs peuvent l'utiliser, et les relais qui existent sur Tor sont susceptibles d'être plus performants et plus stables, car ils ne sont généralement pas exécutés sur des connexions résidentielles. Tor est également beaucoup plus axé sur la **confidentialité du navigateur** (c'est-à-dire empêcher la capture d'empreintes numériques), avec un [Navigateur Tor](tor.md) dédié pour rendre l'activité de navigation aussi anonyme que possible. I2P est utilisé via votre [navigateur web ordinaire](desktop-browsers.md), et bien que vous puissiez configurer votre navigateur pour mieux protéger votre vie privée, vous n'aurez probablement pas la même empreinte numérique de navigateur que les autres utilisateurs de I2P (il n'y a pas de "foule" à laquelle se fondre à cet égard).
diff --git a/i18n/fr/android/general-apps.md b/i18n/fr/android/general-apps.md
index ba2931d7..01cfde6f 100644
--- a/i18n/fr/android/general-apps.md
+++ b/i18n/fr/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/fr/basics/account-creation.md b/i18n/fr/basics/account-creation.md
index a169df66..8250c7de 100644
--- a/i18n/fr/basics/account-creation.md
+++ b/i18n/fr/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: La création de comptes en ligne est pratiquement une nécessité sur internet, prenez ces mesures pour vous assurer de rester privé.
---
-Souvent, les gens s'inscrivent à des services sans réfléchir. Il s'agit peut-être d'un service de streaming qui vous permet de regarder la nouvelle émission dont tout le monde parle, ou d'un compte qui vous permet de bénéficier d'une réduction dans votre fast-food préféré. Quoi qu'il en soit, vous devez tenir compte des implications pour vos données, maintenant et plus tard.
+Souvent, les gens s'inscrivent à des services sans réfléchir. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Quoi qu'il en soit, vous devez tenir compte des implications pour vos données, maintenant et plus tard.
Chaque nouveau service que vous utilisez comporte des risques. Les fuites de données, la divulgation d'informations sur les clients à des tiers, l'accès à des données par des employés véreux sont autant de possibilités qui doivent être envisagées avant de founir vos informations. Vous devez être sûr que vous pouvez faire confiance au service, c'est pourquoi nous ne recommandons pas de stocker des données précieuses sur autre chose que les produits les plus matures et les plus éprouvés. Il s'agit généralement de services qui fournissent E2EE et qui ont fait l'objet d'un audit cryptographique. Un audit renforce l'assurance que le produit a été conçu sans problèmes de sécurité flagrants causés par un développeur inexpérimenté.
@@ -13,11 +13,11 @@ Il peut également être difficile de supprimer les comptes sur certains service
## Conditions Générales d'Utilisation & Politique de Confidentialité
-Les CGU sont les règles que vous acceptez de suivre lorsque vous utilisez le service. Dans les grands services, ces règles sont souvent appliquées par des systèmes automatisés. Parfois, ces systèmes automatisés peuvent faire des erreurs. Par exemple, vous pouvez être banni ou bloqué de votre compte sur certains services pour avoir utilisé un VPN ou numéro VOIP. Il est souvent difficile de faire appel de ces interdictions, et cela implique également une procédure automatisée, qui n'aboutit pas toujours. C'est l'une des raisons pour lesquelles nous ne suggérons pas d'utiliser Gmail pour la messagerie électronique, par exemple. L'e-mail est essentiel pour accéder à d'autres services auxquels vous avez peut-être souscrit.
+Les CGU sont les règles que vous acceptez de suivre lorsque vous utilisez le service. Dans les grands services, ces règles sont souvent appliquées par des systèmes automatisés. Parfois, ces systèmes automatisés peuvent faire des erreurs. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Il est souvent difficile de faire appel de ces interdictions, et cela implique également une procédure automatisée, qui n'aboutit pas toujours. C'est l'une des raisons pour lesquelles nous ne suggérons pas d'utiliser Gmail pour la messagerie électronique, par exemple. L'e-mail est essentiel pour accéder à d'autres services auxquels vous avez peut-être souscrit.
-La Politique de Confidentialité est la manière dont le service indique qu'il utilisera vos données. Elle mérite d'être lue pour que vous compreniez comment vos données seront utilisées. Une entreprise ou une organisation peut ne pas être légalement obligée de suivre tout ce qui est contenu dans la politique (cela dépend de la juridiction). Nous vous recommandons d'avoir une idée de la législation locale et de ce qu'elle autorise un prestataire à collecter.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Une entreprise ou une organisation peut ne pas être légalement obligée de suivre tout ce qui est contenu dans la politique (cela dépend de la juridiction). Nous vous recommandons d'avoir une idée de la législation locale et de ce qu'elle autorise un prestataire à collecter.
-Nous vous recommandons de rechercher des termes particuliers tels que "collecte de données", "analyse de données", "cookies", "annonces", "publicité" ou services "tiers". Parfois, vous aurez la possibilité de refuser la collecte ou le partage de vos données, mais il est préférable de choisir un service qui respecte votre vie privée dès le départ.
+Nous vous recommandons de rechercher des termes particuliers tels que "collecte de données", "analyse de données", "cookies", "annonces", "publicité" ou services "tiers". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Vous faites également confiance à l'entreprise ou à l'organisation pour se conformer à sa propre politique de confidentialité.
@@ -42,7 +42,7 @@ Vous serez responsable de la gestion de vos identifiants de connexion. Pour plus
#### Alias d'e-mail
-Si vous ne voulez pas donner votre véritable adresse e-mail à un service, vous avez la possibilité d'utiliser un alias. Nous les avons décrits plus en détail sur notre page de recommandation des services d'e-mail. Essentiellement, les services d'alias vous permettent de créer de nouvelles adresses e-mail qui transmettent tous les courriers à votre adresse principale. Cela peut permettre d'éviter le pistage entre les services et vous aider à gérer les e-mail de marketing qui accompagnent parfois le processus d'inscription. Ceux-ci peuvent être filtrés automatiquement en fonction de l'alias auquel ils sont envoyés.
+Si vous ne voulez pas donner votre véritable adresse e-mail à un service, vous avez la possibilité d'utiliser un alias. Nous les avons décrits plus en détail sur notre page de recommandation des services d'e-mail. Essentiellement, les services d'alias vous permettent de créer de nouvelles adresses e-mail qui transmettent tous les courriers à votre adresse principale. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Ceux-ci peuvent être filtrés automatiquement en fonction de l'alias auquel ils sont envoyés.
Si un service est piraté, vous pouvez commencer à recevoir des e-mails d'hameçonnage ou de spam à l'adresse que vous avez utilisée pour vous inscrire. L'utilisation d'alias uniques pour chaque service peut aider à identifier exactement quel service a été piraté.
@@ -76,7 +76,7 @@ Des applications malveillantes, en particulier sur les appareils mobiles où l'a
Nous vous recommandons d'éviter les services qui exigent un numéro de téléphone pour l'inscription. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Vous devriez éviter de donner votre vrai numéro de téléphone si vous le pouvez. Certains services autorisent l'utilisation de numéros VOIP, mais ceux-ci déclenchent souvent des systèmes de détection des fraudes, entraînant le blocage du compte, ce que nous ne recommandons pas pour les comptes importants.
+Vous devriez éviter de donner votre vrai numéro de téléphone si vous le pouvez. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
Dans de nombreux cas, vous devrez fournir un numéro à partir duquel vous pourrez recevoir des SMS ou des appels, en particulier lorsque vous effectuez des achats à l'étranger, au cas où votre commande rencontrerait un problème lors du contrôle aux frontières. Il est courant que les services utilisent votre numéro comme méthode de vérification ; ne vous faites pas bloquer un compte important parce que vous avez voulu être malin et donner un faux numéro !
diff --git a/i18n/fr/basics/account-deletion.md b/i18n/fr/basics/account-deletion.md
index bb9c333a..07fe19f6 100644
--- a/i18n/fr/basics/account-deletion.md
+++ b/i18n/fr/basics/account-deletion.md
@@ -27,7 +27,7 @@ Les systèmes d'exploitation aussi, disposent souvent d'un gestionnaire de mots
### Email
-Si vous n'avez pas utilisé de gestionnaire de mots de passe dans le passé ou si vous pensez avoir des comptes qui n'ont jamais été ajoutés à votre gestionnaire de mots de passe, une autre option consiste à rechercher le ou les comptes de messagerie sur lesquels vous pensez vous être inscrit. Sur votre client de messagerie, recherchez des mots-clés tels que "vérifier" ou "bienvenue". Presque à chaque fois que vous créez un compte en ligne, le service envoie un lien de vérification ou un message d'introduction à votre adresse électronique. Cela peut être un bon moyen de retrouver d'anciens comptes oubliés.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. Sur votre client de messagerie, recherchez des mots-clés tels que "vérifier" ou "bienvenue". Presque à chaque fois que vous créez un compte en ligne, le service envoie un lien de vérification ou un message d'introduction à votre adresse électronique. Cela peut être un bon moyen de retrouver d'anciens comptes oubliés.
## Suppression des anciens comptes
@@ -39,7 +39,7 @@ Lorsque vous tentez de vous reconnecter, si le site renvoie un message d'erreur
### RGPD (résidents de l'Espace Économique Européen uniquement)
-Les résidents de l'EEE disposent de droits supplémentaires concernant l'effacement des données (aussi appelé "droit à l'oubli"), spécifiés dans l'article [Article 17](https://gdpr-info.eu/art-17-gdpr) du RGPD. Si vous êtes concerné, lisez la politique de confidentialité de chaque service pour trouver des informations sur la manière d'exercer votre droit à l'effacement. La lecture de la politique de confidentialité peut s'avérer importante, car certains services proposent une option "Supprimer le compte" qui ne fait que le désactiver, vous devez dans ce cas prendre des mesures supplémentaires pour réellement supprimer votre compte. Parfois, la suppression effective peut impliquer de remplir des questionnaires, d'envoyer un courriel au responsable de la protection des données du service ou même de prouver que vous résidez dans l'EEE. Si vous envisagez de procéder de cette manière, n'écrasez **pas** les informations du compte - votre identité en tant que résident de l'EEE peut être requise. Notez que l'emplacement du service n'a pas d'importance ; le RGPD s'applique à toute personne desservant des utilisateurs européens. Si le service ne respecte pas votre droit à l'effacement, vous pouvez contacter votre [autorité nationale de protection des données](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) et vous pouvez avoir droit à une compensation monétaire. L'autorité nationale de protection des données en France est la [Commission Nationale de l'Informatique et des Libertés (CNIL)](https://www.cnil.fr/). Des modèles de courrier pour des clôtures de compte ou de suppression de données sont accessibles sur leur [site](https://www.cnil.fr/fr/modeles/courrier). Pour en savoir plus sur votre droit à l'effacement, voici un [article](https://www.cnil.fr/fr/le-droit-leffacement-supprimer-vos-donnees-en-ligne) de la CNIL.
+Les résidents de l'EEE disposent de droits supplémentaires concernant l'effacement des données (aussi appelé "droit à l'oubli"), spécifiés dans l'article [Article 17](https://gdpr-info.eu/art-17-gdpr) du RGPD. Si vous êtes concerné, lisez la politique de confidentialité de chaque service pour trouver des informations sur la manière d'exercer votre droit à l'effacement. La lecture de la politique de confidentialité peut s'avérer importante, car certains services proposent une option "Supprimer le compte" qui ne fait que le désactiver, vous devez dans ce cas prendre des mesures supplémentaires pour réellement supprimer votre compte. Parfois, la suppression effective peut impliquer de remplir des questionnaires, d'envoyer un courriel au responsable de la protection des données du service ou même de prouver que vous résidez dans l'EEE. Si vous envisagez de procéder de cette manière, n'écrasez **pas** les informations du compte - votre identité en tant que résident de l'EEE peut être requise. Notez que l'emplacement du service n'a pas d'importance ; le RGPD s'applique à toute personne desservant des utilisateurs européens. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Remplacer les informations de compte
diff --git a/i18n/fr/basics/common-misconceptions.md b/i18n/fr/basics/common-misconceptions.md
index 7db9075a..d57275c0 100644
--- a/i18n/fr/basics/common-misconceptions.md
+++ b/i18n/fr/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Les politiques de confidentialité et les pratiques commerciales des fournisseur
## "Plus c'est complexe mieux c'est"
-Nous voyons souvent des personnes décrire des modèles de menace pour protéger leurs vies privées qui sont trop complexes. Souvent, ces solutions incluent des problèmes tels que de nombreux comptes email différents ou des configurations compliquées avec de nombreuses pièces mouvantes et conditions. Les réponses sont généralement des réponses à la question "Quelle est la meilleure façon de faire *X*?"
+Nous voyons souvent des personnes décrire des modèles de menace pour protéger leurs vies privées qui sont trop complexes. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Les réponses sont généralement des réponses à la question "Quelle est la meilleure façon de faire *X*?"
Trouver la "meilleure" solution pour soi ne signifie pas nécessairement que l'on recherche une solution infaillible avec des dizaines de conditions - ces solutions sont souvent difficiles à utiliser de manière réaliste. Comme nous l'avons vu précédemment, la sécurité se fait souvent au détriment de la commodité. Nous vous donnons ci-dessous quelques conseils :
1. ==Les actions doivent servir un objectif particulier:== réfléchissez à la manière de faire ce que vous voulez avec le moins d'actions possible.
2. ==Supprimer les points d'échec humains:== nous échouons, nous nous fatiguons et nous oublions des choses. Pour maintenir la sécurité, évitez de vous appuyer sur des conditions et des processus manuels dont vous devez vous souvenir.
-3. ==Utilisez le bon niveau de protection pour ce que vous voulez faire.== Nous voyons souvent des recommandations de solutions soi-disant à l'épreuve des forces de l'ordre et des assignations/mandats. Celles-ci nécessitent souvent des connaissances spécialisées et ne sont généralement pas ce que les gens recherchent. Il ne sert à rien de construire un modèle de menace complexe pour l'anonymat si vous pouvez être facilement désanonymisé par un simple oubli.
+3. ==Utilisez le bon niveau de protection pour ce que vous voulez faire.== Nous voyons souvent des recommandations de solutions soi-disant à l'épreuve des forces de l'ordre et des assignations/mandats. Celles-ci nécessitent souvent des connaissances spécialisées et ne sont généralement pas ce que les gens recherchent. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Alors, à quoi ça pourrait ressembler ?
@@ -94,4 +94,4 @@ Les modèles de menace les plus clairs sont ceux où les gens *savent qui vous
L'utilisation de Tor peut y contribuer. Il convient également de noter qu'un plus grand anonymat est possible grâce à la communication asynchrone : La communication en temps réel est vulnérable à l'analyse des habitudes de frappe (c'est-à-dire plus d'un paragraphe de texte, diffusé sur un forum, par e-mail, etc.)
-[^1]: Une attaque notable de la chaîne d'approvisionnement s'est produite en mars 2024, lorsqu'un mainteneur malveillant a ajouté une porte dérobée obscurcie dans `xz`, une bibliothèque de compression populaire. La porte dérobée ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) devait permettre à un inconnu d'accéder à distance à la plupart des serveurs Linux via SSH, mais elle a été découverte avant d'être largement déployée.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. La porte dérobée ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) devait permettre à un inconnu d'accéder à distance à la plupart des serveurs Linux via SSH, mais elle a été découverte avant d'être largement déployée.
diff --git a/i18n/fr/basics/common-threats.md b/i18n/fr/basics/common-threats.md
index 9e8b181b..f2500eef 100644
--- a/i18n/fr/basics/common-threats.md
+++ b/i18n/fr/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Votre modèle de menace vous est personnel, mais ce sont là quelques-unes des questions qui préoccupent de nombreux visiteurs de ce site.
---
-Pour faire simple, nous classons nos recommandations dans ces catégories générales de [menaces](threat-modeling.md) ou d'objectifs qui s'appliquent à la plupart des gens. ==Vous pouvez vous sentir concerné par une, plusieurs, toutes, ou bien aucune de ces possibilités==. Les outils et les services que vous utilisez dépendent également de vos objectifs. Il est possible que vous ayez des menaces spécifiques ne rentrant dans aucune de ces catégories, ce qui est tout à fait normal ! L'important est de bien comprendre les avantages et les inconvénients des outils que vous choisissez d'utiliser, car pratiquement aucun d'entre eux ne vous protégera contre toutes les menaces possibles.
+Pour faire simple, nous classons nos recommandations dans ces catégories générales de [menaces](threat-modeling.md) ou d'objectifs qui s'appliquent à la plupart des gens. ==Vous pouvez vous sentir concerné par une, plusieurs, toutes, ou bien aucune de ces possibilités==. Les outils et les services que vous utilisez dépendent également de vos objectifs. You may have specific threats outside these categories as well, which is perfectly fine! L'important est de bien comprendre les avantages et les inconvénients des outils que vous choisissez d'utiliser, car pratiquement aucun d'entre eux ne vous protégera contre toutes les menaces possibles.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Shielding your online activity from your real identity, protecting you from peop
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Pour minimiser les dommages potentiels qu'un logiciel malveillant peut causer, v
Les systèmes d'exploitation mobiles sont généralement plus sûrs que les systèmes d'exploitation de bureau en ce qui concerne le sandboxing des applications.
-Les systèmes d'exploitation de bureau sont généralement à la traîne en ce qui concerne le sandboxing. ChromeOS possède des capacités de sandboxing similaires à celles d'Android, et macOS dispose d'un contrôle complet des autorisations système (et les développeurs peuvent opter pour le sandboxing pour les applications). Cependant, ces systèmes d'exploitation transmettent des informations d'identification à leurs constructeurs respectifs. Linux a tendance à ne pas soumettre d'informations aux fournisseurs de systèmes, mais il a une mauvaise protection contre les exploits et les applications malveillantes. Ce problème peut être quelque peu atténué avec des distributions spécialisées qui font un usage intensif des machines virtuelles ou des conteneurs, comme [Qubes OS](../desktop.md#qubes-os).
+Les systèmes d'exploitation de bureau sont généralement à la traîne en ce qui concerne le sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Cependant, ces systèmes d'exploitation transmettent des informations d'identification à leurs constructeurs respectifs. Linux a tendance à ne pas soumettre d'informations aux fournisseurs de systèmes, mais il a une mauvaise protection contre les exploits et les applications malveillantes. Ce problème peut être quelque peu atténué avec des distributions spécialisées qui font un usage intensif des machines virtuelles ou des conteneurs, comme [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Par conséquent, lorsque vous comptez sur le chiffrement de bout en bout, vous d
-Même avec le chiffrement de bout en bout, les fournisseurs de services peuvent toujours vous profiler sur la base des **métadonnées**, qui ne sont généralement pas protégées. Si le fournisseur de services ne peut pas lire vos messages pour savoir ce que vous dites, il peut néanmoins observer des choses comme les personnes avec lesquelles vous parlez, la fréquence de vos messages et les heures où vous êtes généralement actif. La protection des métadonnées est assez rare, et vous devriez prêter une attention particulière à la documentation technique du logiciel que vous utilisez pour voir s'il y a une minimisation ou une protection des métadonnées, si cela vous préoccupe.
+Même avec le chiffrement de bout en bout, les fournisseurs de services peuvent toujours vous profiler sur la base des **métadonnées**, qui ne sont généralement pas protégées. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. La protection des métadonnées est assez rare, et vous devriez prêter une attention particulière à la documentation technique du logiciel que vous utilisez pour voir s'il y a une minimisation ou une protection des métadonnées, si cela vous préoccupe.
## Programmes de surveillance de masse
@@ -156,7 +156,7 @@ La surveillance de masse est un effort visant à surveiller le "comportement, de
Si vous souhaitez en savoir plus sur les méthodes de surveillance et la manière dont elles sont mises en œuvre dans votre ville, vous pouvez également consulter l'[Atlas de la surveillance](https://atlasofsurveillance.org/) de l'[Electronic Frontier Foundation](https://eff.org/).
-En France, vous pouvez consulter le [site Technolopolice](https://technopolice.fr/villes/) géré par l'association à but non lucratif La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ Si vous êtes préoccupé par les programmes de surveillance de masse, vous pouv
Pour de nombreuses personnes, le pistage et la surveillance par des sociétés privées constituent une préoccupation croissante. Les réseaux publicitaires omniprésents, tels que ceux exploités par Google et Facebook, s'étendent sur internet bien au-delà des sites qu'ils contrôlent et suivent vos actions tout le long de votre navigation. L'utilisation d'outils tels que des bloqueurs de contenu pour limiter les requêtes du réseau vers leurs serveurs, et la lecture des politiques de confidentialité des services que vous utilisez peuvent vous aider à éviter de nombreux adversaires de base (bien que cela ne puisse pas empêcher complètement le pistage).[^4]
-En outre, même les entreprises n'appartenant pas au secteur de l'*Industrie Publicitaire (AdTech)* ou du pistage peuvent partager vos informations avec des [data brokers](https://en.wikipedia.org/wiki/Information_broker) (ou « courtiers en données » en français) (tels que Cambridge Analytica, Experian ou Datalogix) ou d'autres parties. Vous ne pouvez pas automatiquement supposer que vos données sont en sécurité simplement parce que le service que vous utilisez n'a pas un modèle économique typique de l'AdTech ou du pistage. La meilleure protection contre la collecte de données par les entreprises est de chiffrer ou d'obscurcir vos données dans la mesure du possible, afin qu'il soit plus difficile pour les différents fournisseurs de corréler les données entre elles et d'établir un profil sur vous.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Vous ne pouvez pas automatiquement supposer que vos données sont en sécurité simplement parce que le service que vous utilisez n'a pas un modèle économique typique de l'AdTech ou du pistage. La meilleure protection contre la collecte de données par les entreprises est de chiffrer ou d'obscurcir vos données dans la mesure du possible, afin qu'il soit plus difficile pour les différents fournisseurs de corréler les données entre elles et d'établir un profil sur vous.
## Limiter l'information publique
diff --git a/i18n/fr/basics/email-security.md b/i18n/fr/basics/email-security.md
index 24757c32..a0c8310b 100644
--- a/i18n/fr/basics/email-security.md
+++ b/i18n/fr/basics/email-security.md
@@ -29,13 +29,13 @@ Si vous utilisez un domaine partagé d'un fournisseur qui ne prend pas en charge
### Quels clients d'e-mail supportent le E2EE ?
-Les fournisseurs d'e-mail qui vous permettent d'utiliser les protocoles d'accès standard comme IMAP et SMTP peuvent être utilisés avec n'importe lequel des [clients d'e-mail que nous recommandons](../email-clients.md). En fonction de la méthode d'authentification, cela peut entraîner une diminution de la sécurité si le fournisseur ou le client d'e-mail ne prend pas en charge OATH ou une application passerelle, car [l'authentification multi-facteurs](/basics/multi-factor-authentication/) n'est pas possible avec l'authentification par mot de passe simple.
+Les fournisseurs d'e-mail qui vous permettent d'utiliser les protocoles d'accès standard comme IMAP et SMTP peuvent être utilisés avec n'importe lequel des [clients d'e-mail que nous recommandons](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Comment puis-je protéger mes clés privées ?
-Une carte à puce (telle qu'une [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) ou [Nitrokey](../security-keys.md#nitrokey)) fonctionne en recevant un e-mail chiffré d'un appareil (téléphone, tablette, ordinateur, etc.) exécutant un client d'e-mail/une interface d'e-mail web. Le message est ensuite déchiffré par la carte à puce et le contenu déchiffré est renvoyé à l'appareil.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Il est préférable que le déchiffrement ait lieu sur la carte à puce afin d'éviter d'exposer votre clé privée à un dispositif compromis.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Aperçu des métadonnées des e-mails
@@ -49,4 +49,4 @@ Les métadonnées des emails sont protégées des observateurs extérieurs par l
### Pourquoi les métadonnées ne peuvent-elles pas être E2EE?
-Les métadonnées des e-mails sont essentielles à la fonctionnalité la plus élémentaire d'un e-mail (d'où il vient et où il doit aller). À l'origine, le E2EE n'était pas intégré dans les protocoles d'e-mails, mais nécessitait un logiciel complémentaire comme OpenPGP. Comme les messages OpenPGP doivent toujours fonctionner avec les fournisseurs d'e-mail traditionnels, il ne peut pas chiffrer les métadonnées de l'e-mail, mais seulement le corps du message lui-même. Cela signifie que, même en utilisant OpenPGP, des observateurs extérieurs peuvent voir de nombreuses informations sur vos messages, comme l'identité de l'expéditeur, l'objet du message, le moment de l'envoi, etc.
+Les métadonnées des e-mails sont essentielles à la fonctionnalité la plus élémentaire d'un e-mail (d'où il vient et où il doit aller). À l'origine, le E2EE n'était pas intégré dans les protocoles d'e-mails, mais nécessitait un logiciel complémentaire comme OpenPGP. Comme les messages OpenPGP doivent toujours fonctionner avec les fournisseurs d'e-mail traditionnels, il ne peut pas chiffrer les métadonnées de l'e-mail, mais seulement le corps du message lui-même. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/fr/basics/hardware.md b/i18n/fr/basics/hardware.md
index cf01fdfb..dd18a868 100644
--- a/i18n/fr/basics/hardware.md
+++ b/i18n/fr/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Avertissement
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/fr/basics/multi-factor-authentication.md b/i18n/fr/basics/multi-factor-authentication.md
index 4ffa7492..5466efe8 100644
--- a/i18n/fr/basics/multi-factor-authentication.md
+++ b/i18n/fr/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Authentification multi-facteurs"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA est un mécanisme de sécurité essentiel pour sécuriser vos comptes en ligne, mais certaines méthodes sont plus efficaces que d'autres.
---
-L'**Authentification Multi-Facteurs** (**MFA**) est un mécanisme de sécurité qui exige des étapes supplémentaires au-delà de la saisie du nom d'utilisateur (ou de l'email) et du mot de passe. La méthode la plus courante est celle des codes à durée limitée que vous pouvez recevoir par SMS ou par une application.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. La méthode la plus courante est celle des codes à durée limitée que vous pouvez recevoir par SMS ou par une application.
Normalement, si un pirate informatique (ou un adversaire) est capable de trouver votre mot de passe, il aura alors accès au compte auquel ce mot de passe appartient. Un compte avec MFA oblige le pirate informatique à avoir à la fois le mot de passe (quelque chose que vous *connaissez*) et un appareil que vous possédez (quelque chose que vous *avez*), comme votre téléphone.
@@ -26,7 +26,7 @@ La sécurité de la MFA par notification push dépend à la fois de la qualité
### Mot de passe unique basé sur le temps (TOTP)
-TOTP est l'une des formes les plus courantes de MFA. Lorsque vous configurez un TOTP, vous devez généralement scanner un code QR [](https://fr.wikipedia.org/wiki/Code_QR) qui établit un "[secret partagé](https://fr.wikipedia.org/wiki/Secret_partag%C3%A9)" avec le service que vous avez l'intention d'utiliser. Le secret partagé est sécurisé à l'intérieur des données de l'application d'authentification, et est parfois protégé par un mot de passe.
+TOTP est l'une des formes les plus courantes de MFA. Lorsque vous configurez un TOTP, vous devez généralement scanner un code QR [](https://fr.wikipedia.org/wiki/Code_QR) qui établit un "[secret partagé](https://fr.wikipedia.org/wiki/Secret_partag%C3%A9)" avec le service que vous avez l'intention d'utiliser. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Le code limité dans le temps est alors dérivé du secret partagé et de l'heure courante. Comme le code n'est valable que pour une courte période, sans accès au secret partagé, un adversaire ne peut pas générer de nouveaux codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 et WebAuthn présentent des propriétés de sécurité et de confidentialité supérieures à celles de toute autre méthode MFA.
-Généralement pour les services web, il est utilisé avec WebAuthn qui fait partie des [recommandations W3C](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Il utilise l'authentification asymétrique et est plus sécurisé que les secrets partagés utilisés dans les méthodes OTP de Yubico et TOTP, car il inclut le nom d'origine (habituellement le nom de domaine) lors de l'authentification. L'attestation est fournie pour vous protéger des attaques de phishing, car elle vous aide à déterminer que vous utilisez le service authentique et non une fausse copie.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Il utilise l'authentification asymétrique et est plus sécurisé que les secrets partagés utilisés dans les méthodes OTP de Yubico et TOTP, car il inclut le nom d'origine (habituellement le nom de domaine) lors de l'authentification. L'attestation est fournie pour vous protéger des attaques de phishing, car elle vous aide à déterminer que vous utilisez le service authentique et non une fausse copie.
Contrairement à Yubico OTP, WebAuthn n'utilise pas d'identifiant public, de sorte que la clé est **non** identifiable sur différents sites web. Il n'utilise pas non plus de serveur cloud tiers pour l'authentification. Toute la communication se fait entre la clé et le site web auquel vous vous connectez. FIDO utilise également un compteur qui est incrémenté lors de l'utilisation afin d'empêcher la réutilisation de session et les clés clonées.
@@ -116,15 +116,15 @@ Si vous utilisez la MFA par SMS, utilisez un opérateur qui ne changera pas votr
## Plus d'endroits pour configurer MFA
-Au-delà de la simple sécurisation des connexions à votre site web, l'authentification multifactorielle peut être utilisée pour sécuriser vos connexions locales, vos clés SSH ou même vos bases de données de mots de passe.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS dispose d'un [support natif](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) pour l'authentification par carte à puce (PIV). Si vous avez une carte à puce ou une clé de sécurité matérielle qui prend en charge l'interface PIV telle que la YubiKey, nous vous recommandons de suivre la documentation de votre fournisseur de sécurité de carte à puce/matérielle et de configurer l'authentification à second facteur pour votre ordinateur macOS.
+macOS dispose d'un [support natif](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) pour l'authentification par carte à puce (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico a un guide [Utiliser votre YubiKey comme une Smart Card dans macOS](https://support.yubico.com/hc/articles/360016649059) qui peut vous aider à configurer votre YubiKey sur macOS.
-Une fois votre carte à puce/clé de sécurité configurée, nous vous recommandons d'exécuter cette commande dans le terminal :
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ La MFA par SSH peut également être configurée en utilisant TOTP. DigitalOcean
### KeePass (et KeePassXC)
-Les bases de données KeePass et KeePassXC peuvent être sécurisées en utilisant Challenge-Response ou HOTP comme second facteur d'authentification. Yubico a fourni un document pour KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) et il y en a également un sur le site de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico a fourni un document pour KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) et il y en a également un sur le site de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
diff --git a/i18n/fr/basics/passwords-overview.md b/i18n/fr/basics/passwords-overview.md
index 58d026ce..6ea382e8 100644
--- a/i18n/fr/basics/passwords-overview.md
+++ b/i18n/fr/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Tous nos [gestionnaires de mots de passe recommandés](../passwords.md) comprenn
Vous devez éviter de changer trop souvent les mots de passe que vous devez retenir (comme le mot de passe principal de votre gestionnaire de mots de passe), sauf si vous avez des raisons de penser qu'ils ont été compromis, car le fait de les changer trop souvent vous expose au risque de les oublier.
-En ce qui concerne les mots de passe que vous n'avez pas à retenir (comme les mots de passe stockés dans votre gestionnaire de mots de passe), si votre [modèle de menace](threat-modeling.md) le demande, nous vous recommandons de passer en revue les comptes importants (en particulier les comptes qui n'utilisent pas l'authentification multi-facteurs) et de changer leur mot de passe tous les deux mois, au cas où ils auraient été compromis dans le cadre d'une fuite de données qui n'a pas encore été rendue publique. La plupart des gestionnaires de mots de passe vous permettent de fixer une date d'expiration pour votre mot de passe afin d'en faciliter la gestion.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. La plupart des gestionnaires de mots de passe vous permettent de fixer une date d'expiration pour votre mot de passe afin d'en faciliter la gestion.
Vérifier les fuites/violations de données
@@ -54,13 +54,13 @@ Pour générer une phrase secrète diceware à l'aide de vrais dés, suivez ces
Note
-Ces instructions supposent que vous utilisez [la grande liste de mots de l'EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) pour générer la phrase secrète, ce qui nécessite cinq jets de dés par mot. D'autres listes de mots peuvent nécessiter plus ou moins de lancers par mot, et peuvent nécessiter un nombre différent de mots pour obtenir la même entropie.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Lancez cinq fois un dé à six faces, en notant le nombre après chaque lancer.
-2. Par exemple, disons que vous avez obtenu `2-5-2-6-6`. Recherchez dans [la grande liste de mots du FEP](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) le mot correspondant à `25266`.
+2. Par exemple, disons que vous avez obtenu `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Vous trouverez le mot `encrypt`. Notez ce mot.
@@ -75,25 +75,25 @@ Vous ne devez **pas** relancer les mots jusqu'à ce que vous obteniez une combin
Si vous n'avez pas accès à de vrais dés ou si vous préférez ne pas en utiliser, vous pouvez utiliser le générateur de mots de passe intégré à votre gestionnaire de mots de passe, car la plupart d'entre eux ont la possibilité de générer des phrases secrètes diceware en plus des mots de passe ordinaires.
-Nous vous recommandons d'utiliser la [grande liste de mots de l'EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) pour générer vos phrases de passe diceware, car elle offre exactement la même sécurité que la liste originale, tout en contenant des mots plus faciles à mémoriser. Il existe également [d'autres listes de mots dans différentes langues](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), si vous ne souhaitez pas que votre phrase secrète soit en anglais.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explication de l'entropie et de la force des phrases secrètes diceware
-Pour démontrer la force des phrases secrètes diceware, nous utiliserons la phrase secrète de sept mots mentionnée plus haut (`viewable fastness reluctant squishy seventeen shown pencil`) et la [grande liste de mots de l'EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) comme exemple.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
L'une des mesures permettant de déterminer la force d'une phrase secrète est son degré d'entropie. L'entropie par mot d'une phrase secrète est calculée comme suit et l'entropie globale de la phrase secrète est calculée comme suit :
Par conséquent, chaque mot de la liste susmentionnée représente ~12,9 bits d'entropie (), et une phrase secrète de sept mots dérivée de celle-ci a ~90,47 bits d'entropie ().
-La [grande liste de mots de l'EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contient 7776 mots uniques. Pour calculer le nombre de phrases secrètes possibles, il suffit de faire ce qui suit ou dans notre cas, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. Pour calculer le nombre de phrases secrètes possibles, il suffit de faire ce qui suit ou dans notre cas, .
-Mettons tout cela en perspective : une phrase secrète de sept mots utilisant la [grande liste de mots de l'EFF](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) est l'une des ~1 719 070 799 748 422 500 000 000 000 phrases secrètes possibles.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
En moyenne, il faut essayer 50 % de toutes les combinaisons possibles pour deviner votre phrase. En gardant cela à l'esprit, même si votre adversaire est capable de faire ~1 000 000 000 000 de suppositions par seconde, il lui faudrait toujours ~27 255 689 ans pour deviner votre phrase secrète. C'est le cas même si les choses suivantes sont vraies :
- Votre adversaire sait que vous avez utilisé la méthode du diceware.
-- Votre adversaire connaît la liste de mots spécifique que vous avez utilisée.
+- Your adversary knows the specific word list that you used.
- Votre adversaire sait combien de mots contient votre phrase secrète.
@@ -113,7 +113,7 @@ Il existe de nombreuses options intéressantes, qu'elles soient basées sur le c
Ne placez pas vos mots de passe et vos codes TOTP dans le même gestionnaire de mots de passe
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Le stockage de vos codes TOTP au même endroit que vos mots de passe, bien que pratique, réduit les comptes à un seul facteur dans le cas où un adversaire aurait accès à votre gestionnaire de mots de passe.
diff --git a/i18n/fr/basics/threat-modeling.md b/i18n/fr/basics/threat-modeling.md
index d3ba2f19..7a825839 100644
--- a/i18n/fr/basics/threat-modeling.md
+++ b/i18n/fr/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Un "actif" est quelque chose que vous valorisez et que vous voulez protéger. Da
Pour répondre à cette question, il est important d'identifier qui pourrait vouloir vous cibler, vous ou vos informations. ==Une personne ou une entité qui représente une menace pour vos actifs est un “adversaire.”== Des exemples d'adversaires potentiels sont votre patron, votre ancien partenaire, une entreprise concurrentielle, votre gouvernement ou un pirate informatique sur un réseau public.
-*Dressez une liste de vos adversaires, ou de ceux qui pourraient vouloir s'emparer de vos actifs. Votre liste peut comprendre des particuliers, une agence gouvernementale ou des sociétés.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Votre liste peut comprendre des particuliers, une agence gouvernementale ou des sociétés.*
En fonction de l'identité de vos adversaires, vous souhaiterez peut-être détruire cette liste une fois que vous avez terminé l'élaboration de votre modèle de menace.
diff --git a/i18n/fr/browser-extensions.md b/i18n/fr/browser-extensions.md
index 8dac235e..e28e9ef5 100644
--- a/i18n/fr/browser-extensions.md
+++ b/i18n/fr/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/fr/calendar.md b/i18n/fr/calendar.md
index ec607c10..e5509f62 100644
--- a/i18n/fr/calendar.md
+++ b/i18n/fr/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Les calendriers multiples et la fonctionnalité de partage étendue sont réservés aux abonnés payants.
diff --git a/i18n/fr/cloud.md b/i18n/fr/cloud.md
index c450b6d0..5ecbd9f9 100644
--- a/i18n/fr/cloud.md
+++ b/i18n/fr/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Critères
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Doit imposer le chiffrement de bout en bout.
- Doit avoir une offre gratuite ou une période d'essai pour les tests.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Doit offrir une interface web prennant en charge les fonctionnalités de base de gestion des fichiers.
- Doit permettre d'exporter facilement tous les fichiers/documents.
diff --git a/i18n/fr/cryptocurrency.md b/i18n/fr/cryptocurrency.md
index 2531121b..15fddd64 100644
--- a/i18n/fr/cryptocurrency.md
+++ b/i18n/fr/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Critères
diff --git a/i18n/fr/data-broker-removals.md b/i18n/fr/data-broker-removals.md
index c56227ef..e7131ca5 100644
--- a/i18n/fr/data-broker-removals.md
+++ b/i18n/fr/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/fr/desktop-browsers.md b/i18n/fr/desktop-browsers.md
index 05fdb6d1..e3373a71 100644
--- a/i18n/fr/desktop-browsers.md
+++ b/i18n/fr/desktop-browsers.md
@@ -109,7 +109,7 @@ Ceci est nécessaire pour empêcher les formes avancées de pistage, mais se fai
### Mullvad Leta
-Le navigateur Mullvad est livré avec DuckDuckGo comme [moteur de recherche](search-engines.md) par défaut, mais il est également préinstallé avec **Mullvad Leta**, un moteur de recherche qui nécessite un abonnement VPN Mullvad actif pour y accéder. Mullvad Leta interroge directement l'API de recherche payante de Google, c'est pourquoi elle se limite aux abonnés payants. Cependant, il est possible pour Mullvad de corréler les requêtes de recherche et les comptes VPN Mullvad en raison de cette limitation. C'est pourquoi nous déconseillons l'utilisation de Mullvad Leta, même si Mullvad recueille très peu d'informations sur ses abonnés VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta interroge directement l'API de recherche payante de Google, c'est pourquoi elle se limite aux abonnés payants. Cependant, il est possible pour Mullvad de corréler les requêtes de recherche et les comptes VPN Mullvad en raison de cette limitation. C'est pourquoi nous déconseillons l'utilisation de Mullvad Leta, même si Mullvad recueille très peu d'informations sur ses abonnés VPN.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox nous envoie des données sur la version et la langue de votre Firefox ; le système d'exploitation de l'appareil et la configuration matérielle ; la mémoire, les informations de base sur les plantages et les erreurs; les résultats de processus automatisés tels que les mises à jour, la navigation sécurisée et l'activation de notre système. Lorsque Firefox nous envoie des données, votre adresse IP est temporairement collectée dans les journaux de notre serveur.
-De plus, le service Mozilla Accounts collecte [certaines données techniques](https://mozilla.org/privacy/mozilla-accounts). Si vous utilisez un compte Mozilla, vous pouvez la refuser :
+De plus, le service Mozilla Accounts collecte [certaines données techniques](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Ouvrez les [paramètres de votre profil sur accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Décochez **Collecte et utilisation de données** > **Aidez à améliorer les comptes Firefox**
@@ -204,7 +204,7 @@ Avec la sortie de Firefox 128, un nouveau paramètre pour l'[attribution respect
- [x] Sélectionnez **Activer le mode HTTPS uniquement dans toutes les fenêtres**
-Cela vous empêche de vous connecter involontairement à un site Web en "clair" HTTP. Les sites sans HTTPS sont rares de nos jours. Cela ne devrait donc avoir que peu ou pas d'impact sur votre navigation quotidienne.
+Cela vous empêche de vous connecter involontairement à un site Web en "clair" HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS sur HTTPS
@@ -297,7 +297,7 @@ Brave vous permet de sélectionner des filtres de contenu supplémentaires dans
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/fr/desktop.md b/i18n/fr/desktop.md
index 32db923b..4cc40d74 100644
--- a/i18n/fr/desktop.md
+++ b/i18n/fr/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. Il est également possible d'épingler plus de déploiements selon les besoins.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS est une distribution indépendante basée sur le gestionnaire de paquets N
Le gestionnaire de paquets de NixOS conserve chaque version de chaque paquet dans un dossier différent dans le **magasin Nix**. De ce fait, vous pouvez avoir différentes versions d'un même paquet installé sur votre système. Une fois que le contenu du paquet a été écrit dans le dossier, ce dernier est mis en lecture seule.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. Vous pouvez également *tester* la nouvelle génération en basculant sur celle-ci pendant l'exécution, mais sans la définir comme la génération actuelle du système. Si quelque chose se casse pendant le processus de mise à jour, vous pouvez simplement redémarrer et revenir automatiquement à une version fonctionnelle de votre système.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. Vous pouvez également *tester* la nouvelle génération en basculant sur celle-ci pendant l'exécution, mais sans la définir comme la génération actuelle du système. Si quelque chose se casse pendant le processus de mise à jour, vous pouvez simplement redémarrer et revenir automatiquement à une version fonctionnelle de votre système.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/fr/device-integrity.md b/i18n/fr/device-integrity.md
index 3e0c2596..7ce51e59 100644
--- a/i18n/fr/device-integrity.md
+++ b/i18n/fr/device-integrity.md
@@ -28,7 +28,7 @@ Cela signifie qu'un attaquant devrait régulièrement réinfecter votre appareil
Si l'un des outils suivants indique une compromission potentielle par un logiciel espion tel que Pegasus, Predator ou KingsPawn, nous vous conseillons de contacter :
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Les forces de l'ordre locales
**Nous ne sommes pas en mesure de vous aider directement au-delà de ces conseils.** Nous sommes disposés à discuter de votre situation ou de vos circonstances particulières et à examiner vos résultats dans nos espaces [communautaires](https://discuss.privacyguides.net), mais il est peu probable que nous puissions vous aider au-delà de ce qui est écrit sur cette page.
@@ -129,7 +129,7 @@ MVT vous permet d'effectuer des analyses plus approfondies si votre appareil est
-iMazing automatise et vous guide de manière interactive tout au long du processus d'utilisation de [MVT](#mobile-verification-toolkit) pour analyser votre appareil à la recherche d'indicateurs de compromission accessibles au public et publiés par divers chercheurs en menaces. Toutes les informations et tous les avertissements qui s'appliquent à MVT s'appliquent également à cet outil. Nous vous conseillons donc de vous familiariser également avec les notes sur MVT dans les sections ci-dessus.
+iMazing automatise et vous guide de manière interactive tout au long du processus d'utilisation de [MVT](#mobile-verification-toolkit) pour analyser votre appareil à la recherche d'indicateurs de compromission accessibles au public et publiés par divers chercheurs en menaces. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## Vérification sur l'appareil
diff --git a/i18n/fr/dns.md b/i18n/fr/dns.md
index 5b8d8643..f59ea9d6 100644
--- a/i18n/fr/dns.md
+++ b/i18n/fr/dns.md
@@ -75,7 +75,7 @@ AdGuard Home est doté d'une interface web conviviale qui permet de visualiser e
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Un logiciel de proxy DNS chiffré fourni un proxy local vers lequel le résolveu
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/fr/document-collaboration.md b/i18n/fr/document-collaboration.md
index 0b1b3fd2..22912504 100644
--- a/i18n/fr/document-collaboration.md
+++ b/i18n/fr/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet parfait dans cette catégorie. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/fr/email-aliasing.md b/i18n/fr/email-aliasing.md
index b66786f9..efa9efc4 100644
--- a/i18n/fr/email-aliasing.md
+++ b/i18n/fr/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** est un service gratuit qui fournit des alias de courrier électronique sur une variété de noms de domaine partagés, et offre en option des fonctions payantes comme des alias illimités et des domaines personnalisés.
diff --git a/i18n/fr/email.md b/i18n/fr/email.md
index 2b7277cd..72d197a3 100644
--- a/i18n/fr/email.md
+++ b/i18n/fr/email.md
@@ -58,7 +58,7 @@ OpenPGP ne prend pas non plus en charge la confidentialité persistante, ce qui
{ align=right }
-**Proton Mail** est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis 2013. Proton AG a son siège à Genève, en Suisse. L'offre Free de Proton Mail comprend 500 Mo de stockage d'e-mails, que vous pouvez augmenter jusqu'à 1 Go gratuitement.
+**Proton Mail** est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepte](https://proton.me/support/payment-options) les paiements e
#### :material-check:{ .pg-green } Sécurité du compte
-Proton Mail prend en charge [l'authentification à deux facteurs](https://proton.me/support/two-factor-authentication-2fa) TOTP et les [clés de sécurité matérielles](https://proton.me/support/2fa-security-key) en utilisant les normes FIDO2 ou U2F. L'utilisation d'une clé de sécurité matérielle nécessite la mise en place préalable d'une authentification à deux facteurs TOTP.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Sécurité des données
@@ -117,7 +117,7 @@ Si vous avez un compte payant et que votre [facture est impayée](https://proton
#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires
-L'offre [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) de Proton Mail permet également d'accéder à d'autres services Proton, en plus de fournir plusieurs domaines personnalisés, un nombre illimité d'alias "hide-my-email" et 500 Go de stockage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail ne propose pas de fonction d'héritage numérique.
@@ -127,7 +127,7 @@ Proton Mail ne propose pas de fonction d'héritage numérique.
{ align=right }
-**Mailbox.org** est un service d'e-mail qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peut être mis à niveau au besoin.
+**Mailbox.org** est un service d'e-mail qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org vous permet d'utiliser votre propre domaine et prend en charge les a
#### :material-check:{ .pg-green } Modes de paiement privés
-Mailbox.org n'accepte aucune crypto-monnaie en raison de la suspension des activités de son processeur de paiement BitPay en Allemagne. Cependant, ils acceptent les paiements en espèces par courrier, les paiements en espèces sur compte bancaire, les virements bancaires, les cartes de crédit, PayPal et quelques processeurs de paiement spécifiques à l'Allemagne : paydirekt et Sofortüberweisung.
+Mailbox.org n'accepte aucune crypto-monnaie en raison de la suspension des activités de son processeur de paiement BitPay en Allemagne. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Sécurité du compte
-Mailbox.org prend en charge l'[authentification à deux facteurs](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) pour son application web uniquement. Vous pouvez utiliser TOTP ou une [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via [YubiCloud](https://yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. Vous pouvez utiliser TOTP ou une [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via [YubiCloud](https://yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge.
#### :material-information-outline:{ .pg-blue } Sécurité des données
@@ -172,7 +172,7 @@ Votre compte sera marqué comme un compte d'utilisateur restreint à la fin de v
#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires
-Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Cependant, leur interface d'e-mail web n'est pas accessible via leur service .onion et vous pouvez rencontrer des erreurs de certificat TLS.
+Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Tous les comptes sont assortis d'un espace de stockage cloud limité, qui [peut être chiffré](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org propose également l'alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), qui applique le chiffrement TLS à la connexion entre les serveurs d'e-mail, faute de quoi le message ne sera pas envoyé. Mailbox.org prend également en charge [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) en plus des protocoles d'accès standard comme IMAP et POP3.
@@ -195,7 +195,7 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro,
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Les comptes gratuits commencent avec 1 Go de stockage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Les comptes Tuta payants peuvent utiliser 15 ou 30 alias en fonction de leur abo
#### :material-information-outline:{ .pg-blue } Modes de paiement privés
-Tuta n'accepte directement que les cartes de crédit et PayPal, mais [les crypto-monnaies](cryptocurrency.md) peuvent être utilisées pour acheter des cartes-cadeaux grâce à leur [partenariat](https://tuta.com/support/#cryptocurrency) avec Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Sécurité du compte
-Tuta prend en charge l'[authentification à deux facteurs](https://tuta.com/support#2fa) avec TOTP ou U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Sécurité des données
@@ -297,7 +297,7 @@ Nous considérons ces caractéristiques comme importantes afin de fournir un ser
**Minimum pour se qualifier :**
- Chiffre les données du compte e-mail au repos avec un chiffrement à accès zéro.
-- Capacité d'exportation en tant que [Mbox](https://en.wikipedia.org/wiki/Mbox) ou .eml individuel avec la norme [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Permet aux utilisateurs d'utiliser leur propre [nom de domaine](https://en.wikipedia.org/wiki/Domain_name). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée.
- Fonctionne sur sa propre infrastructure, c'est-à-dire qu'elle ne repose pas sur des fournisseurs de services d'e-mail tiers.
diff --git a/i18n/fr/encryption.md b/i18n/fr/encryption.md
index 4ff347f9..1422d1c1 100644
--- a/i18n/fr/encryption.md
+++ b/i18n/fr/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt est un dérivé du projet TrueCrypt, qui a été abandonné. Selon ses
Lors du chiffrement avec VeraCrypt, vous avez la possibilité de choisir parmi différentes [fonctions de hachage](https://fr.wikipedia.org/wiki/VeraCrypt#Syst%C3%A8me_de_chiffrement). Nous vous suggérons de **seulement** sélectionner [SHA-512](https://fr.wikipedia.org/wiki/SHA-2) et de vous en tenir au [chiffrement par blocs AES](https://fr.wikipedia.org/wiki/Advanced_Encryption_Standard).
-Truecrypt a été [audité un certain nombre de fois](https://fr.wikipedia.org/wiki/TrueCrypt#Audit_global_du_logiciel_en_2013) et VeraCrypt a également été [audité séparément](https://fr.wikipedia.org/wiki/VeraCrypt#Audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Pour activer BitLocker sur les éditions "Famille" de Windows, vous devez format
{ align=right }
-**FileVault** est la solution de chiffrement de volume à la volée intégrée à macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** est la solution de chiffrement de volume à la volée intégrée à macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/fr/file-sharing.md b/i18n/fr/file-sharing.md
index fd75b9d4..0dd4428d 100644
--- a/i18n/fr/file-sharing.md
+++ b/i18n/fr/file-sharing.md
@@ -13,7 +13,7 @@ Découvrez comment partager vos fichiers en toute confidentialité entre vos app
## Partage de fichiers
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/fr/frontends.md b/i18n/fr/frontends.md
index b4dd99bf..8cebcf43 100644
--- a/i18n/fr/frontends.md
+++ b/i18n/fr/frontends.md
@@ -251,7 +251,7 @@ Par défaut, LibreTube bloque toutes les publicités YouTube. Additionally, Libr
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/fr/index.md b/i18n/fr/index.md
index ac3b2c54..3dafd336 100644
--- a/i18n/fr/index.md
+++ b/i18n/fr/index.md
@@ -91,7 +91,7 @@ Essayer de protéger toutes vos données contre tout le monde, tout le temps, es
---
- Proton Mail est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis 2013. Proton AG a son siège à Genève, en Suisse. L'offre Free de Proton Mail comprend 500 Mo de stockage d'e-mails, que vous pouvez augmenter jusqu'à 1 Go gratuitement.
+ Proton Mail est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Lire l'article complet](email.md#proton-mail)
@@ -99,7 +99,7 @@ Essayer de protéger toutes vos données contre tout le monde, tout le temps, es
---
- Mailbox.org est un service de messagerie électronique sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peut être mis à niveau au besoin.
+ Mailbox.org est un service de messagerie électronique sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Essayer de protéger toutes vos données contre tout le monde, tout le temps, es
---
- Tuta(anciennement *Tutanota*) est un service de mesagerie électronique mettant l'accent sur la sécurité et la protéction de la vie privée via l'utilisation du cryptage. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Les comptes gratuits commencent avec 1 Go de stockage.
+ Tuta(anciennement *Tutanota*) est un service de mesagerie électronique mettant l'accent sur la sécurité et la protéction de la vie privée via l'utilisation du cryptage. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Lire l'article complet](email.md#tuta)
@@ -172,7 +172,7 @@ Il a été cité dans **WIRED**, **Tweakers.net**, **The New York Times** et de
## Qu'est-ce qu'un outil de protection de la vie privée ?
-Nous recommandons une grande variété d'**outils de confidentialité** (a.k.a. *applications de protection de la vie privée*, *utilitaires de protection de la vie privée*, *logiciels de protection de la vie privée*) couvrant les logiciels et le matériel que vous pouvez adopter pour améliorer votre protection de la vie privée. La plupart des outils que nous recommandons sont entièrement gratuits et constituent des logiciels libres, tandis que d'autres sont des services commerciaux disponibles à l'achat. Passer d'un logiciel grand public gourmand en données comme Google Chrome et Windows à des outils axés sur la protection de la vie privée comme [Brave](desktop-browsers.md#brave) et [Linux](desktop.md) peut grandement contribuer à contrôler les informations que vous partagez avec les entreprises et d'autres personnes.
+Nous recommandons une grande variété d'**outils de confidentialité** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. La plupart des outils que nous recommandons sont entièrement gratuits et constituent des logiciels libres, tandis que d'autres sont des services commerciaux disponibles à l'achat. Passer d'un logiciel grand public gourmand en données comme Google Chrome et Windows à des outils axés sur la protection de la vie privée comme [Brave](desktop-browsers.md#brave) et [Linux](desktop.md) peut grandement contribuer à contrôler les informations que vous partagez avec les entreprises et d'autres personnes.
[:material-check-all: Nos critères généraux](about/criteria.md){ class="md-button" }
diff --git a/i18n/fr/meta/brand.md b/i18n/fr/meta/brand.md
index 0f456f06..f974bf03 100644
--- a/i18n/fr/meta/brand.md
+++ b/i18n/fr/meta/brand.md
@@ -12,7 +12,7 @@ Le nom du site web est **Privacy Guides** et ne devrait **pas** être changé en
- PG.org
-Le nom du subreddit est **r/PrivacyGuides** ou **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
D'autres directives relatives à l'image de marque sont disponibles à l'adresse [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/fr/meta/translations.md b/i18n/fr/meta/translations.md
index a570d541..b6a6d2d9 100644
--- a/i18n/fr/meta/translations.md
+++ b/i18n/fr/meta/translations.md
@@ -27,8 +27,8 @@ Pour des exemples tels que les admonitions ci-dessus, les guillemets, par exempl
## Alternatives en pleine largeur et syntaxe Markdown
-Les systèmes d'écriture CJK ont tendance à utiliser des variantes "pleine largeur" des symboles courants. Il s'agit de caractères différents qui ne peuvent pas être utilisés pour la syntaxe Markdown.
+Les systèmes d'écriture CJK ont tendance à utiliser des variantes "pleine largeur" des symboles courants. These are different characters and cannot be used for Markdown syntax.
-- Les liens doivent utiliser des parenthèses normales, c'est-à-dire `(` (parenthèse gauche U+0028) et `)` (parenthèse droite U+0029) et non `(` (parenthèse gauche pleine largeur U+FF08) ou `)` (parenthèse droite pleine largeur U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Le texte cité et en retrait doit utiliser `:` (deux-points U+003A) et non `:` (deux-points pleine largeur U+FF1A)
- Les images doivent utiliser `!` (point d'exclamation U+0021) et non `!` (point d'exclamation pleine largeur U+FF01)
diff --git a/i18n/fr/meta/uploading-images.md b/i18n/fr/meta/uploading-images.md
index d1d6c568..dd011748 100644
--- a/i18n/fr/meta/uploading-images.md
+++ b/i18n/fr/meta/uploading-images.md
@@ -48,7 +48,7 @@ Dans l'onglet **Sortie SVG** sous **Options du document** :
- [ ] Désactivez **Supprimer la déclaration XML**
- [x] Activez **Supprimer les métadonnées**
- [x] Activez **Supprimer les commentaires**
-- [x] Activez **Images matricielles incorporées**
+- [x] Turn on **Embedded raster images**
- [x] Activez **Activer le viewboxing**
Dans le document **Sortie SVG** sous **Pretty-printing** :
diff --git a/i18n/fr/meta/writing-style.md b/i18n/fr/meta/writing-style.md
index 23543575..d466f8e9 100644
--- a/i18n/fr/meta/writing-style.md
+++ b/i18n/fr/meta/writing-style.md
@@ -64,7 +64,7 @@ Nous devrions essayer d'éviter les abréviations dans la mesure du possible, ma
## Soyez concis
-> Les mots inutiles font perdre du temps à votre public. Une bonne écriture est comme une conversation. Omettez les informations que le public n'a pas besoin de connaître. Cela peut s'avérer difficile pour un expert en la matière. Il est donc important que quelqu'un examine les informations du point de vue du public.
+> Les mots inutiles font perdre du temps à votre public. Une bonne écriture est comme une conversation. Omettez les informations que le public n'a pas besoin de connaître. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source : [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/fr/mobile-browsers.md b/i18n/fr/mobile-browsers.md
index 45b009d8..f4d9d97c 100644
--- a/i18n/fr/mobile-browsers.md
+++ b/i18n/fr/mobile-browsers.md
@@ -247,7 +247,7 @@ Cela vous empêche de vous connecter involontairement à un site Web en "clair"
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** est le navigateur par défaut dans iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** est le navigateur par défaut dans iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Ouvrez Safari et appuyez sur le bouton Onglets, situé en bas à droite. Then, e
- [x] Sélectionner **Privé**
-Le mode de Navigation Privée de Safari offre des protections supplémentaires en matière de confidentialité. La Navigation Privée utilise une nouvelle session [éphémère](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) pour chaque onglet, ce qui signifie que les onglets sont isolés les uns des autres. La Navigation Privée présente également d'autres avantages mineurs en matière de protection de la vie privée, comme le fait de ne pas envoyer l'adresse d'une page web à Apple lors de l'utilisation de la fonction de traduction de Safari.
+Le mode de Navigation Privée de Safari offre des protections supplémentaires en matière de confidentialité. La Navigation Privée utilise une nouvelle session [éphémère](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) pour chaque onglet, ce qui signifie que les onglets sont isolés les uns des autres. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Cela peut être un inconvénient.
diff --git a/i18n/fr/multi-factor-authentication.md b/i18n/fr/multi-factor-authentication.md
index 1c12146f..eb86e728 100644
--- a/i18n/fr/multi-factor-authentication.md
+++ b/i18n/fr/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Authentification multi-facteurs"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Remplacez `[SUBREDDIT]` par le subreddit auquel vous souhaitez vous abonner.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/fr/notebooks.md b/i18n/fr/notebooks.md
index d290d34d..54df174a 100644
--- a/i18n/fr/notebooks.md
+++ b/i18n/fr/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Fournisseurs de service](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Gardez une trace de vos notes et de vos journaux sans les donner à un tiers.
+Keep track of your notes and journals without giving them to a third party.
Si vous utilisez actuellement une application comme Evernote, Google Keep, ou Microsoft OneNote, nous vous suggérons de choisir ici une alternative qui supporte le E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** est une application gratuite, open-source et complète de prise de notes et de tâches à accomplir qui peut gérer un grand nombre de notes écrites en markdown organisées en carnets et en balises. Il offre E2EE et peut se synchroniser via Nextcloud, Dropbox, et plus encore. Il permet également d'importer facilement des notes d'Evernote et des notes en texte brut.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Il offre E2EE et peut se synchroniser via Nextcloud, Dropbox, et plus encore. Il permet également d'importer facilement des notes d'Evernote et des notes en texte brut.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin ne [prend pas en charge](https://github.com/laurent22/joplin/issues/289)
-Cryptee offre 100 Mo de stockage gratuit, avec des options payantes si vous avez besoin de plus. L'inscription ne nécessite pas d'e-mail ou d'autres informations permettant d'identifier la personne.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. L'inscription ne nécessite pas d'e-mail ou d'autres informations permettant d'identifier la personne.
## Blocs-notes locaux
diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md
index a825230d..cccf6766 100644
--- a/i18n/fr/os/android-overview.md
+++ b/i18n/fr/os/android-overview.md
@@ -84,7 +84,7 @@ Si une application est principalement un service web, le suivi peut se faire du
Note
-Des applications respectueuses de la vie privée telles que [Bitwarden](https://reports.exodus-privacy.eu.org/fr/reports/com.x8bit.bitwarden/latest) peuvent afficher certains traqueurs tels que [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/fr/trackers/49). Cette bibliothèque comprend [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) qui peut fournir des [notifications push](https://fr.wikipedia.org/wiki/Server_push) dans les applications. C'est [le cas](https://fosstodon.org/@bitwarden/109636825700482007) avec Bitwarden. Cela ne signifie pas que Bitwarden utilise toutes les fonctionnalités d'analyse fournies par Google Firebase Analytics.
+Des applications respectueuses de la vie privée telles que [Bitwarden](https://reports.exodus-privacy.eu.org/fr/reports/com.x8bit.bitwarden/latest) peuvent afficher certains traqueurs tels que [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/fr/trackers/49). Cette bibliothèque comprend [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) qui peut fournir des [notifications push](https://fr.wikipedia.org/wiki/Server_push) dans les applications. C'est [le cas](https://fosstodon.org/@bitwarden/109636825700482007) avec Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### Arrêt d'urgence VPN
+### VPN kill switch
Android 7 et plus prennent en charge un arrêt d'urgence du VPN et il est disponible sans qu'il soit nécessaire d'installer des applications tierces. Cette fonction permet d'éviter les fuites si le VPN est déconnecté. Il se trouve dans :gear: **Paramètres** → **Réseau & internet** → **VPN** → :gear: → **Bloquer les connexions sans VPN**.
@@ -124,7 +124,7 @@ Les appareils Android modernes disposent de boutons à bascule permettant de dé
## Services Google
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. Nous recommandons toujours d'éviter complètement les services Google ou de limiter les services Google Play à un profil utilisateur/professionnel spécifique en combinant un contrôleur d'appareil comme *Shelter* avec le Sandboxed Google Play de GrapheneOS.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Programme de Protection Avancé
diff --git a/i18n/fr/os/ios-overview.md b/i18n/fr/os/ios-overview.md
index 3892e99c..457e4fe0 100644
--- a/i18n/fr/os/ios-overview.md
+++ b/i18n/fr/os/ios-overview.md
@@ -125,7 +125,7 @@ Si vous ne voulez pas que quelqu'un puisse contrôler votre téléphone avec Sir
#### Face ID/Touch ID et code
-Définir un mot de passe fort pour votre téléphone est la mesure la plus importante que vous puissiez prendre pour assurer la sécurité physique de votre appareil. Vous devrez faire des compromis entre la sécurité et la commodité : un mot de passe plus long sera fastidieux à saisir à chaque fois, mais un mot de passe ou un code PIN plus court sera plus facile à deviner. Configurer Face ID ou Touch ID avec un mot de passe fort peut être un bon compromis entre convivialité et sécurité.
+Définir un mot de passe fort pour votre téléphone est la mesure la plus importante que vous puissiez prendre pour assurer la sécurité physique de votre appareil. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Configurer Face ID ou Touch ID avec un mot de passe fort peut être un bon compromis entre convivialité et sécurité.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Veillez à créer un [mot de passe sûr](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ Si vous souhaitez utiliser Face ID ou Touch ID, vous pouvez le configurer mainte
Si vous utilisez les déverouillages biométriques, vous devez savoir comment les désactiver rapidement en cas d'urgence. Maintenir enfoncé le bouton latéral ou le bouton d'alimentation et *l'un* des boutons de volume jusqu'à ce que vous voyiez le curseur Glisser pour éteindre désactivera la biométrie, exigeant votre code d'accès pour déverrouiller. Votre code d'accès sera également requis après le redémarrage de l'appareil.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Veillez à faire un essai préalable afin de savoir quelle méthode fonctionne pour votre appareil.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/fr/os/linux-overview.md b/i18n/fr/os/linux-overview.md
index 903a58f5..5d4dfc92 100644
--- a/i18n/fr/os/linux-overview.md
+++ b/i18n/fr/os/linux-overview.md
@@ -10,9 +10,9 @@ Notre site web utilise généralement le terme "Linux" pour décrire les distrib
[Nos recommandations Linux :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Remarques concernant la vie privée
+## Security Notes
-Linux pose quelques problèmes importants en matière de protection de la vie privée, qu'il convient de connaître. Malgré ces inconvénients, les distributions Linux de bureau restent excellentes pour la plupart des personnes qui souhaitent :
+There are some notable security concerns with Linux which you should be aware of. Malgré ces inconvénients, les distributions Linux de bureau restent excellentes pour la plupart des personnes qui souhaitent :
- Éviter la télémétrie qui accompagne souvent les systèmes d'exploitation propriétaires
- Maintenir la [liberté des logiciels](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ Nous ne pensons pas que retenir les paquets et appliquer des correctifs provisoi
Traditionnellement, les distributions Linux se mettent à jour en mettant séquentiellement à jour les paquets souhaités. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### "Distributions "axées sur la sécurité
@@ -85,7 +85,7 @@ Nous vous **déconseillons d'**utiliser le noyau Linux-libre, car il [supprime l
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Chiffrement de disque
-La plupart des distributions Linux ont une option dans leur installateur pour activer [LUKS](../encryption.md#linux-unified-key-setup) FDE. Si cette option n'est pas définie au moment de l'installation, vous devrez sauvegarder vos données et réinstaller, car le chiffrement est appliqué après le [partitionnement du disque](https://en.wikipedia.org/wiki/Disk_partitioning), mais avant le formatage des [systèmes de fichiers](https://en.wikipedia.org/wiki/File_system). Nous vous suggérons également d'effacer de façon sécurisée votre dispositif de stockage :
+La plupart des distributions Linux ont une option dans leur installateur pour activer [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. Nous vous suggérons également d'effacer de façon sécurisée votre dispositif de stockage :
- [Effacement sécurisé des données :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ Il existe d'autres identifiants de système auxquels vous devez faire attention.
Le projet Fedora [compte](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) le nombre de systèmes uniques qui accèdent à ses miroirs en utilisant une variable [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) au lieu d'un identifiant unique. Fedora fait cela pour déterminer la charge et fournir de meilleurs serveurs pour les mises à jour si nécessaire.
-Cette [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) est actuellement désactivée par défaut. Nous recommandons d'ajouter `countme=false` à `/etc/dnf/dnf.conf` juste au cas où il serait activé dans le futur. Sur les systèmes qui utilisent `rpm-ostree` tels que Silverblue, l'option countme est désactivée en masquant le compteur [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems).
+Cette [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) est actuellement désactivée par défaut. Nous recommandons d'ajouter `countme=false` à `/etc/dnf/dnf.conf` juste au cas où il serait activé dans le futur. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE utilise également un [identifiant unique](https://en.opensuse.org/openSUSE:Statistics) pour compter les systèmes, qui peut être désactivé en vidant le fichier `/var/lib/zypp/AnonymousUniqueId`.
diff --git a/i18n/fr/os/macos-overview.md b/i18n/fr/os/macos-overview.md
index d7b63330..6b479bbc 100644
--- a/i18n/fr/os/macos-overview.md
+++ b/i18n/fr/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS est le système d'exploitation d'Apple pour ordinateurs de bu
**macOS** est un système d'exploitation Unix développé par Apple pour leurs ordinateurs Mac. Pour améliorer la confidentialité de macOS, il est possible de désactiver la télémétrie et renforcer les paramètres existants de confidentialité et de sécurité.
-Les anciens Mac à base de processeur Intel et les Hackintosh ne prennent pas en charge toutes les fonctions de sécurité offertes par macOS. Pour améliorer la sécurité des données, nous recommandons d'utiliser un Mac plus récent avec du [silicium Apple](https://support.apple.com/HT211814).
+Les anciens Mac à base de processeur Intel et les Hackintosh ne prennent pas en charge toutes les fonctions de sécurité offertes par macOS. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Remarques concernant la vie privée
@@ -14,7 +14,7 @@ macOS pose quelques problèmes importants en matière de protection de la vie pr
### Verrouillage d'activation
-Les nouveaux appareils Apple silicium peuvent être configurés sans connexion internet. Cependant, la récupération ou la réinitialisation de votre Mac **nécessitera** une connexion internet aux serveurs d'Apple pour vérifier la base de données Verrouillage d'activation des appareils perdus ou volés.
+Brand-new Apple Silicon devices can be set up without an internet connection. Cependant, la récupération ou la réinitialisation de votre Mac **nécessitera** une connexion internet aux serveurs d'Apple pour vérifier la base de données Verrouillage d'activation des appareils perdus ou volés.
### Contrôles de révocation des applications
@@ -122,7 +122,7 @@ Décidez si vous souhaitez des publicités personnalisées en fonction de votre
##### FileVault
-Sur les appareils modernes dotés d'une Secure Enclave (puce de sécurité T2 d'Apple, Apple silicium), vos données sont toujours chiffrées, mais elles sont déchiffrées automatiquement par une clé matérielle si votre appareil ne détecte pas qu'il a été altéré. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
Sur les anciens ordinateurs Mac à processeur Intel, FileVault est la seule forme de chiffrement de disque disponible par défaut et doit toujours être activé.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS est doté de deux formes de défense contre les logiciels malveillants :
1. La protection contre le lancement de logiciels malveillants est assurée par le processus d'examen des applications de l'App Store, ou *Notarization* (fait partie de *Gatekeeper*), un processus au cours duquel les applications tierces sont analysées par Apple à la recherche de logiciels malveillants connus avant d'être autorisées à s'exécuter. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. La protection contre les autres logiciels malveillants et la remédiation des logiciels malveillants existants sur votre système sont assurées par *XProtect*, un logiciel antivirus plus traditionnel intégré à macOS.
-Nous vous déconseillons d'installer des logiciels antivirus tiers, car ils n'ont généralement pas l'accès au niveau du système nécessaire pour fonctionner correctement, en raison des limitations imposées par Apple aux applications tierces, et parce que l'octroi des niveaux d'accès élevés qu'ils demandent pose souvent un risque encore plus grand pour la sécurité et la vie privée de votre ordinateur.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Sauvegardes
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Sécurité matérielle
-De nombreuses fonctions de sécurité modernes de macOS - telles que le démarrage sécurisé moderne, l'atténuation des exploits au niveau matériel, les vérifications de l'intégrité du système d'exploitation et le chiffrement des fichiers - reposent sur le silicium d'Apple, et le matériel le plus récent d'Apple est toujours doté de la [meilleure sécurité](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). Nous n'encourageons que l'utilisation du silicium d'Apple, et non des anciens ordinateurs Mac à base d'Intel ou des Hackintosh.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Certaines de ces fonctions de sécurité modernes sont disponibles sur les anciens ordinateurs Mac à base d'Intel équipés de la puce de sécurité T2 d'Apple, mais cette puce est susceptible d'être exploitée par *checkm8*, ce qui pourrait compromettre sa sécurité.
@@ -256,7 +256,7 @@ Les ordinateurs Mac peuvent être configurés pour démarrer selon trois modes d
#### Enclave sécurisée
-L'Enclave sécurisée est une puce de sécurité intégrée dans les appareils dotés du silicium d'Apple, qui est chargée de stocker et de générer des clés de chiffrement pour les données au repos ainsi que pour les données Face ID et Touch ID. Il contient sa propre ROM d'amorçage.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. Il contient sa propre ROM d'amorçage.
Vous pouvez considérer l'Enclave sécurisée comme le centre de sécurité de votre appareil : elle dispose d'un moteur de chiffrement AES et d'un mécanisme pour stocker en toute sécurité vos clés de chiffrement, et elle est séparée du reste du système, de sorte que même si le processeur principal est compromis, elle devrait rester sûre.
@@ -268,7 +268,7 @@ Vos données biométriques ne quittent jamais votre appareil ; elles sont stock
#### Déconnexion matérielle du microphone
-Tous les ordinateurs portables équipés de silicium Apple ou de la puce T2 disposent d'une déconnexion matérielle du microphone intégrée lorsque le couvercle est fermé. Cela signifie qu'il n'y a aucun moyen pour un attaquant d'écouter le microphone de votre Mac, même si le système d'exploitation est compromis.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. Cela signifie qu'il n'y a aucun moyen pour un attaquant d'écouter le microphone de votre Mac, même si le système d'exploitation est compromis.
Notez que la caméra n'a pas de déconnexion matérielle, puisque sa vue est de toute façon obscurcie lorsque le couvercle est fermé.
@@ -287,7 +287,7 @@ Lorsqu'il est nécessaire d'utiliser l'un de ces processeurs, Apple travaille av
#### Protections contre l'accès direct à la mémoire
-Le silicium d'Apple sépare chaque composant qui nécessite un accès direct à la mémoire. Par exemple, un port Thunderbolt ne peut pas accéder à la mémoire réservée au noyau.
+Apple Silicon separates each component that requires direct memory access. Par exemple, un port Thunderbolt ne peut pas accéder à la mémoire réservée au noyau.
## Sources
diff --git a/i18n/fr/os/windows/group-policies.md b/i18n/fr/os/windows/group-policies.md
index 81dec70c..0bb9ab59 100644
--- a/i18n/fr/os/windows/group-policies.md
+++ b/i18n/fr/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/fr/os/windows/index.md b/i18n/fr/os/windows/index.md
index 668eca35..1bafe3e7 100644
--- a/i18n/fr/os/windows/index.md
+++ b/i18n/fr/os/windows/index.md
@@ -21,13 +21,13 @@ Vous pouvez améliorer votre confidentialité et votre sécurité sur Windows, s
Cette section est nouvelle
-Cette section est un travail en cours parce que, comparativement aux autres systèmes d'exploitation, il faut beaucoup plus de temps et d'effort pour rendre une installation Windows plus confidentielle.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Remarques concernant la vie privée
-Microsoft Windows, particulièrement les versions pour les particuliers, comme la version **Home**, ne priorisent pas les fonctionnalités de confidentialité par [défaut](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). En conséquence, nous remarquons beaucoup plus de [collecte de données](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) que nécessaire, sans réel avertissement qu'il s'agit du comportement par défaut. Pour tenter de faire compétition à Google dans le domaine des publicités, [Cortana](https://fr.wikipedia.org/wiki/Cortana_\(assistant_personnel_intelligent\)) a inclus des identifiants uniques tels qu'un "identifiant publicitaire" afin de corréler l'utilisation et d'aider les publicitaires à cibler leurs publicités. Au lancement, la télémétrie ne pouvait pas être désactivé dans les éditions non commerciales de Windows 10. Celle-ci ne peut toujours pas être désactivée, cependant, Microsoft a ajouté l'option de [réduire](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) les données qui leur sont envoyées.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). En conséquence, nous remarquons beaucoup plus de [collecte de données](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) que nécessaire, sans réel avertissement qu'il s'agit du comportement par défaut. Pour tenter de faire compétition à Google dans le domaine des publicités, [Cortana](https://fr.wikipedia.org/wiki/Cortana_\(assistant_personnel_intelligent\)) a inclus des identifiants uniques tels qu'un "identifiant publicitaire" afin de corréler l'utilisation et d'aider les publicitaires à cibler leurs publicités. Au lancement, la télémétrie ne pouvait pas être désactivé dans les éditions non commerciales de Windows 10. Celle-ci ne peut toujours pas être désactivée, cependant, Microsoft a ajouté l'option de [réduire](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) les données qui leur sont envoyées.
Windows 11 comporte un certain nombre de restrictions ou de valeurs par défaut, telles que :
@@ -43,11 +43,11 @@ Microsoft utilise fréquemment sa fonction de mises à jour automatiques pour aj
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/fr/passwords.md b/i18n/fr/passwords.md
index e2f70405..3480f442 100644
--- a/i18n/fr/passwords.md
+++ b/i18n/fr/passwords.md
@@ -228,7 +228,7 @@ Le code côté serveur de Bitwarden est [open source](https://github.com/bitward
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ Ces options vous permettent de gérer une base de données de mots de passe chif
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stocke ses données d'exportation sous forme de fichiers [CSV](https:/
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/fr/photo-management.md b/i18n/fr/photo-management.md
index 15574673..9c5a8ddc 100644
--- a/i18n/fr/photo-management.md
+++ b/i18n/fr/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Doit avoir une offre gratuite ou une période d'essai pour les tests.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Doit offrir une interface web prennant en charge les fonctionnalités de base de gestion des fichiers.
- Doit permettre d'exporter facilement tous les fichiers/documents.
- Doit être open-source.
diff --git a/i18n/fr/real-time-communication.md b/i18n/fr/real-time-communication.md
index aa850c83..2f3a9a1b 100644
--- a/i18n/fr/real-time-communication.md
+++ b/i18n/fr/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Critères
diff --git a/i18n/fr/router.md b/i18n/fr/router.md
index 158bb5fa..f6b8a714 100644
--- a/i18n/fr/router.md
+++ b/i18n/fr/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** est un système d'exploitation basé sur Linux ; il est principalement utilisé sur les périphériques embarqués pour acheminer le trafic réseau. Il comprend util-linux, uClibc, et BusyBox. Tous les composants ont été optimisés pour les routeurs domestiques.
+**OpenWrt** est un système d'exploitation basé sur Linux ; il est principalement utilisé sur les périphériques embarqués pour acheminer le trafic réseau. Il comprend util-linux, uClibc, et BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Page d'accueil](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/fr/security-keys.md b/i18n/fr/security-keys.md
index 9015ee7e..6e612b9c 100644
--- a/i18n/fr/security-keys.md
+++ b/i18n/fr/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/fr/tools.md b/i18n/fr/tools.md
index 53bbfe5e..0214d298 100644
--- a/i18n/fr/tools.md
+++ b/i18n/fr/tools.md
@@ -174,7 +174,7 @@ Si vous recherchez une **sécurité** supplémentaire, vous devez toujours vous
---
- Proton Mail est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Il existe depuis 2013. Proton AG a son siège à Genève, en Suisse. L'offre Free de Proton Mail comprend 500 Mo de stockage d'e-mails, que vous pouvez augmenter jusqu'à 1 Go gratuitement.
+ Proton Mail est un service d'e-mail qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Il existe depuis 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Lire la critique complète :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -182,7 +182,7 @@ Si vous recherchez une **sécurité** supplémentaire, vous devez toujours vous
---
- Mailbox.org est un service de messagerie électronique sécurisé, sans publicité et alimenté par une énergie 100 % écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peut être mis à niveau au besoin.
+ Mailbox.org est un service de messagerie électronique sécurisé, sans publicité et alimenté par une énergie 100 % écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -190,7 +190,7 @@ Si vous recherchez une **sécurité** supplémentaire, vous devez toujours vous
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Les comptes gratuits commencent avec 1 Go de stockage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta est en activité depuis 2011 et est basée à Hanovre, en Allemagne. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -214,8 +214,8 @@ Si vous recherchez une **sécurité** supplémentaire, vous devez toujours vous
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
-- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -640,10 +640,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/fr/tor.md b/i18n/fr/tor.md
index 45f933b8..0aed45bb 100644
--- a/i18n/fr/tor.md
+++ b/i18n/fr/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Certaines de ces applications sont meilleures que d'autres et, une fois encore, la décision dépend de votre modèle de menace. Si vous êtes un utilisateur occasionnel de Tor et que vous ne craignez pas que votre FAI collecte des preuves contre vous, l'utilisation d'applications comme [Orbot](#orbot) ou de navigateurs mobiles pour accéder au réseau Tor est probablement suffisante. L'augmentation du nombre de personnes qui utilisent Tor au quotidien permet de réduire la mauvaise image de Tor et de diminuer la qualité des "listes d'utilisateurs de Tor" que les FAIs et les gouvernements peuvent compiler.
-Si un anonymat plus complet est primordial dans votre situation, vous devriez **uniquement** utiliser le client bureau du Navigateur Tor, idéalement dans une configuration [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+Si un anonymat plus complet est primordial dans votre situation, vous devriez **uniquement** utiliser le client bureau du Navigateur Tor, idéalement dans une configuration [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Navigateur Tor
@@ -114,11 +114,11 @@ Nous avons précédemment recommandé d'activer la préférence *Isolate Destina
Conseils pour Android
-Orbot peut proxy des applications individuelles si elles supportent le proxying SOCKS ou HTTP. Il peut également proxy toutes vos connexions réseau en utilisant [VpnService](https://developer.android.com/reference/android/net/VpnService) et peut être utilisé avec le killswitch VPN dans :gear: **Paramètres** → **Réseau & Internet** → **VPN** → :gear: → **Bloquer les connexions sans VPN**.
+Orbot peut proxy des applications individuelles si elles supportent le proxying SOCKS ou HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot est souvent obsolète sur le [dépôt F-Droid](https://guardianproject.info/fdroid) du Guardian Project et sur le [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), alors envisagez à la place de télécharger directement depuis le [dépôt GitHub](https://github.com/guardianproject/orbot/releases).
-Toutes les versions sont signées en utilisant la même signature, elles devraient donc être compatibles entre elles.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/fr/vpn.md b/i18n/fr/vpn.md
index 0c7e8d62..38d2795f 100644
--- a/i18n/fr/vpn.md
+++ b/i18n/fr/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Recommandations et comparaison de services VPN privés, sans sponsors ni publicités - Privacy Guides"
title: "Services VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Trouvez ici un fournisseur qui ne cherche pas à vous espionner.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Redirection de port
-Proton VPN ne prend actuellement en charge que la [redirection de port](https://protonvpn.com/support/port-forwarding) éphémère via NAT-PMP, avec des durées de location de 60 secondes. L'application Windows offre une option facile d'accès, tandis que sur les autres systèmes d'exploitation, vous devrez exécuter votre propre [client NAT-PMP](https://protonvpn.com/support/port-forwarding-manual-setup). Les applications de torrent prennent souvent en charge NAT-PMP nativement.
+Proton VPN ne prend actuellement en charge que la [redirection de port](https://protonvpn.com/support/port-forwarding) éphémère via NAT-PMP, avec des durées de location de 60 secondes. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Les applications de torrent prennent souvent en charge NAT-PMP nativement.
#### :material-information-outline:{ .pg-blue } Anti-censure
-Proton VPN a son protocole [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) qui *peut* aider dans les situations où les protocoles VPN comme OpenVPN ou Wireguard sont bloqués par diverses techniques rudimentaires. Stealth encapsule le tunnel VPN dans une session TLS afin de donner l'impression d'un trafic internet plus générique.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsule le tunnel VPN dans une session TLS afin de donner l'impression d'un trafic internet plus générique.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ En plus de fournir des fichiers de configuration OpenVPN standard, Proton VPN a
#### :material-information-outline:{ .pg-blue } Notes supplémentaires
-Les clients Proton VPN prennent en charge l'authentification à deux facteurs sur toutes les plateformes. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des contenus et des domaines de logiciels malveillants connus avec leur service DNS. En outre, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites onion, mais nous recommandons fortement d'utiliser [le navigateur officiel Tor](tor.md#tor-browser) à cette fin.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des contenus et des domaines de logiciels malveillants connus avec leur service DNS. En outre, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites onion, mais nous recommandons fortement d'utiliser [le navigateur officiel Tor](tor.md#tor-browser) à cette fin.
-##### :material-alert-outline:{ .pg-orange } La fonction d'arrêt d'urgence ne fonctionne pas sur les Macs à processeur Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-Des pannes système [peuvent se produire](https://protonvpn.com/support/macos-t2-chip-kill-switch) sur les Mac basés sur Intel lors de l'utilisation de l'arrêt d'urgence du VPN. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN.
### IVPN
@@ -183,7 +183,7 @@ IVPN prenait auparavant en charge la redirection de port, mais a supprimé cette
#### :material-check:{ .pg-green } Anti-censure
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Actuellement, cette fonctionnalité n'est disponible que sur bureau et [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Elle dispose de deux modes d'utilisation de [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) via des connexions QUIC ou TCP. QUIC est un protocole moderne avec un meilleur contrôle de la congestion et peut donc être plus rapide avec une latence réduite. Le mode TCP fait apparaître vos données comme du trafic HTTP normal.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Elle dispose de deux modes d'utilisation de [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) via des connexions QUIC ou TCP. QUIC est un protocole moderne avec un meilleur contrôle de la congestion et peut donc être plus rapide avec une latence réduite. Le mode TCP fait apparaître vos données comme du trafic HTTP normal.
#### :material-check:{ .pg-green } Clients mobiles
@@ -191,7 +191,7 @@ En plus de fournir des fichiers de configuration OpenVPN standard, IVPN a des cl
#### :material-information-outline:{ .pg-blue } Notes supplémentaires
-Les clients IVPN prennent en charge l'authentification à deux facteurs. IVPN propose également la fonctionnalité "[AntiTraqueur](https://ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les traqueurs au niveau du réseau.
+IVPN clients support two-factor authentication. IVPN propose également la fonctionnalité "[AntiTraqueur](https://ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les traqueurs au niveau du réseau.
### Mullvad
@@ -199,7 +199,7 @@ Les clients IVPN prennent en charge l'authentification à deux facteurs. IVPN pr
{ align=right }
-**Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Page d'accueil](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Service onion" }
@@ -260,7 +260,7 @@ Mullvad prenait auparavant en charge la redirection de port, mais a supprimé ce
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Il est important de noter que l'utilisation d'un fournisseur VPN ne vous rendra
### Technologie
-Nous exigeons de tous nos fournisseurs VPN recommandés qu'ils fournissent des fichiers de configuration OpenVPN utilisables dans n'importe quel client. **Si** un VPN fournit son propre client personnalisé, nous exigeons un killswitch pour bloquer les fuites de données du réseau lors de la déconnexion.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum pour se qualifier :**
-- Prise en charge de protocoles forts tels que WireGuard & OpenVPN.
-- Arrêt d'urgence intégré dans les clients.
-- Prise en charge du multi-sauts. Le multi-sauts est important pour garder les données privées en cas de compromission d'un seul noeud.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- Si des clients VPN sont fournis, ils doivent être [open source](https://en.wikipedia.org/wiki/Open_source), comme le logiciel VPN qui y est généralement intégré. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Dans le meilleur des cas :**
-- Un arrêt d'urgence avec des options hautement configurables (activer/désactiver sur certains réseaux, au démarrage, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Clients VPN faciles à utiliser
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Nous nous attendons à ce que les serveurs autorisent les connexions entrantes via IPv6 et vous permettent d'accéder aux services hébergés sur des adresses IPv6.
- La capacité de [transfert de port à distance](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) aide à créer des connexions lors de l'utilisation de logiciels de partage de fichiers P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) ou de l'hébergement d'un serveur (par exemple, Mumble).
@@ -316,11 +316,11 @@ Nous préférons que nos prestataires recommandés collectent le moins de donné
**Dans le meilleur des cas :**
- Accepte plusieurs [options de paiement anonymes](advanced/payments.md).
-- Aucune information personnelle acceptée (nom d'utilisateur généré automatiquement, pas d'email requis, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Sécurité
-Un VPN est inutile s'il ne peut même pas fournir une sécurité adéquate. Nous exigeons de tous nos fournisseurs recommandés qu'ils respectent les normes de sécurité en vigueur pour leurs connexions OpenVPN. Idéalement, ils utiliseraient par défaut des schémas de chiffrement plus évolutifs. Nous exigeons également qu'un tiers indépendant procède à un audit de la sécurité du fournisseur, idéalement de manière très complète et de manière répétée (chaque année).
+Un VPN est inutile s'il ne peut même pas fournir une sécurité adéquate. We require all our recommended providers to abide by current security standards. Idéalement, ils utiliseraient par défaut des schémas de chiffrement plus évolutifs. Nous exigeons également qu'un tiers indépendant procède à un audit de la sécurité du fournisseur, idéalement de manière très complète et de manière répétée (chaque année).
**Minimum pour se qualifier :**
@@ -358,7 +358,7 @@ Avec les fournisseurs de VPN que nous recommandons, nous aimons voir un marketin
**Minimum pour se qualifier :**
-- Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, etc.). Le site du fournisseur doit également se conformer à [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) pour les personnes qui souhaitent se désinscrire.
+- Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, etc.). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Ne doit pas avoir de marketing irresponsable :
diff --git a/i18n/he/about.md b/i18n/he/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/he/about.md
+++ b/i18n/he/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/he/about/contributors.md b/i18n/he/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/he/about/contributors.md
+++ b/i18n/he/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/he/about/criteria.md b/i18n/he/about/criteria.md
index dcd0fb32..86c8065a 100644
--- a/i18n/he/about/criteria.md
+++ b/i18n/he/about/criteria.md
@@ -24,7 +24,7 @@ Below are some general priorities we consider for all submissions to Privacy Gui
- חייב לחשוף את ההשתייכות, כלומר את עמדתך בפרויקט המוגש.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. במידת האפשר נא לציין מי יבצע את הביקורת.
- חייב להסביר מה הפרויקט מביא לשולחן בכל הנוגע לפרטיות.
diff --git a/i18n/he/about/executive-policy.md b/i18n/he/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/he/about/executive-policy.md
+++ b/i18n/he/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/he/about/notices.md b/i18n/he/about/notices.md
index f469859e..516a5c4c 100644
--- a/i18n/he/about/notices.md
+++ b/i18n/he/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-אנו מאמינים שסמלי הלוגו ותמונות אחרות ב`נכסים` המתקבלים מספקי צד שלישי הם נחלת הכלל או ב**שימוש הוגן**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. עם זאת, ייתכן שסמלים אלה ותמונות אחרות עדיין יהיו כפופות לחוקי סימנים מסחריים בתחומי שיפוט אחד או יותר. לפני השימוש בתוכן זה, אנא ודא שהוא משמש לזיהוי הישות או הארגון המחזיקים בסימן המסחרי וכי יש לך את הזכות להשתמש בו לפי החוקים החלים בנסיבות השימוש המיועד שלך. *בעת העתקת תוכן מאתר זה, אתה האחראי הבלעדי לוודא שאינך מפר סימן מסחרי או זכויות יוצרים של מישהו אחר.*
+אנו מאמינים שסמלי הלוגו ותמונות אחרות ב`נכסים` המתקבלים מספקי צד שלישי הם נחלת הכלל או ב**שימוש הוגן**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. עם זאת, ייתכן שסמלים אלה ותמונות אחרות עדיין יהיו כפופות לחוקי סימנים מסחריים בתחומי שיפוט אחד או יותר. לפני השימוש בתוכן זה, אנא ודא שהוא משמש לזיהוי הישות או הארגון המחזיקים בסימן המסחרי וכי יש לך את הזכות להשתמש בו לפי החוקים החלים בנסיבות השימוש המיועד שלך. *בעת העתקת תוכן מאתר זה, אתה האחראי הבלעדי לוודא שאינך מפר סימן מסחרי או זכויות יוצרים של מישהו אחר.*
כאשר אתה תורם לאתר שלנו אתה עושה זאת תחת הרישיונות הנ"ל, ואתה מעניק ל-Privacy Guides רישיון תמידי, כלל עולמי, לא בלעדי, ניתן להעברה, ללא תמלוגים, בלתי חוזר עם הזכות לתת רישיון משנה לזכויות כאלה באמצעות שכבות מרובות של בעלי רישיונות משנה., לשכפל, לשנות, להציג, לבצע ולהפיץ את התרומה שלך כחלק מהפרויקט שלנו.
diff --git a/i18n/he/about/privacytools.md b/i18n/he/about/privacytools.md
index 3b762b9e..8180a7f9 100644
--- a/i18n/he/about/privacytools.md
+++ b/i18n/he/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## שליטה ב - r/privacytoolsIO
-במקביל לבעיות המתמשכות באתר האינטרנט של privacytools.io, צוות המודים r/privacytoolsIO התמודד עם אתגרים בניהול הסאב רדיט (subreddit). הסאב - רדיט תמיד הופעל באופן עצמאי מפיתוח האתר, אך BurungHantu היה גם המנחה הראשי של הסאב - רדיט, והוא היה המנחה היחיד שקיבל הרשאות "שליטה מלאה ". u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit דורש כי subreddits יהיו מנחים פעילים. אם המנחה הראשי אינו פעיל במשך תקופה ארוכה (כגון שנה) ניתן למנות מחדש את מנחה הראשי בתור. כדי שבקשה זו תיענה, בורונגהאנטו (BurungHantu) היה חייב להיעדר לחלוטין מכל פעילות Reddit למשך תקופה ארוכה, דבר שעלה בקנה אחד עם התנהגותו בפלטפורמות אחרות.
+Reddit requires that Subreddits have active moderators. אם המנחה הראשי אינו פעיל במשך תקופה ארוכה (כגון שנה) ניתן למנות מחדש את מנחה הראשי בתור. כדי שבקשה זו תיענה, בורונגהאנטו (BurungHantu) היה חייב להיעדר לחלוטין מכל פעילות Reddit למשך תקופה ארוכה, דבר שעלה בקנה אחד עם התנהגותו בפלטפורמות אחרות.
> אם הוסרת בתור מנחה מ - subreddit באמצעות בקשה ל Reddit, זה בגלל שחוסר התגובה שלך וחוסר הפעילות שלך הכשירו את ה - subreddit להעברת r/redditrequest.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- אחסון קוד המקור בארכיון ב- GitHub כדי לשמר את העבודה הקודמת שלנו ואת מעקב הבעיות שלנו, שבו המשכנו להשתמש במשך חודשים של פיתוח עתידי של אתר זה.
-- פרסום הודעות ב - subreddit שלנו ובקהילות שונות אחרות המודיעות לאנשים על השינוי הרשמי.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- סגירה רשמית של שירותי privacytools.io, כמו Matrix ו - Mastodon, ועידוד משתמשים קיימים לעבור בהקדם האפשרי.
נראה שהדברים מתנהלים בצורה חלקה, ורוב הקהילה הפעילה שלנו עברה לפרויקט החדש שלנו בדיוק כפי שקיווינו.
@@ -66,11 +66,11 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). אנו מחויבים ומבקשים ממנו לשמור על תת - הדומיינים של Matrix, Mastodon ו - Peer YouTube פעילים כדי שנוכל להפעיל כשירות ציבורי לקהילה שלנו למשך מספר חודשים לפחות, כדי לאפשר למשתמשים בפלטפורמות אלה לעבור בקלות לחשבונות אחרים. בשל האופי הפדרלי של השירותים שסיפקנו, הם היו קשורים לשמות דומיין ספציפיים, דבר שהקשה מאוד על ההעברה (ובמקרים מסוימים בלתי אפשרי).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
בעקבות זאת, BurungHantu עשה האשמות שווא על Jonah כדי לגנוב תרומות מהפרויקט. לBurungHantu הייתה יותר משנה מאז האירוע לכאורה, אך הוא מעולם לא הודיע על כך לאיש עד לאחר העברת מדריכי הפרטיות. בורונגהאנטו התבקש שוב ושוב להוכיח ולהגיב על הסיבה לשתיקתו על ידי הקבוצה [והקהילה](https://twitter.com/TommyTran732/status/1526153536962281474), ולא עשה זאת.
-BurungHantu גם עשה פוסט טוויטר בטענה כי "עורך דין" פנה אליו בטוויטר והיה מתן ייעוץ, בניסיון נוסף להציק לנו לתת לו שליטה על ה subreddit שלנו, וכחלק ממסע ההכפשה שלו למי בוץ סביב ההשקה של מדריכי פרטיות תוך התחזות לקורבן.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io עכשיו
@@ -80,7 +80,7 @@ BurungHantu גם עשה פוסט טוויטר בטענה כי "עורך דין"
## r/privacytoolsIO עכשיו
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] הצמיחה של הסאב הזה הייתה תוצאה של מאמץ רב, לאורך מספר שנים, על ידי צוות privacyGuides.org. ועל ידי כל אחד מכם.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits אינם שייכים לאף אחד, והם במיוחד לא שייכים לבעלי מותג. הם שייכים לקהילות שלהם, והקהילה ומנהליה החליטו לתמוך במעבר ל - r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> נקמה מכל מנחה בנוגע לבקשות הסרה אסורה.
-עבור קהילה עם אלפים רבים של מנויים שנותרו, אנו מרגישים שזה יהיה מאוד לא מכובד להחזיר את השליטה בפלטפורמה המסיבית לאדם שנטש אותה במשך יותר משנה, וכיום מפעיל אתר שלדעתנו מספק מידע באיכות נמוכה מאוד. שימור השנים של דיונים קודמים בקהילה זו חשוב לנו יותר, ולכן u/trai_dep ושאר צוות המתינות של ה subreddit קיבל את ההחלטה לשמור על r/privacytoolsIO כפי שהוא.
+עבור קהילה עם אלפים רבים של מנויים שנותרו, אנו מרגישים שזה יהיה מאוד לא מכובד להחזיר את השליטה בפלטפורמה המסיבית לאדם שנטש אותה במשך יותר משנה, וכיום מפעיל אתר שלדעתנו מספק מידע באיכות נמוכה מאוד. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective עכשיו
diff --git a/i18n/he/about/statistics.md b/i18n/he/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/he/about/statistics.md
+++ b/i18n/he/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/he/advanced/communication-network-types.md b/i18n/he/advanced/communication-network-types.md
index 82f060cd..8c117eb1 100644
--- a/i18n/he/advanced/communication-network-types.md
+++ b/i18n/he/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ description: סקירה כללית של מספר ארכיטקטורות רשת
- מאפשר שליטה רבה יותר על הנתונים שלך בעת הפעלת השרת שלך.
- מאפשר לך לבחור עם מי לסמוך על הנתונים שלך על ידי בחירה בין מספר שרתים "ציבוריים ".
- לעתים קרובות מאפשר לקוחות צד שלישי שיכולים לספק חוויה מקורית, מותאמת אישית או נגישה יותר.
-- ניתן לאמת שתוכנת השרת תואמת לקוד המקור הציבורי, בהנחה שיש לך גישה לשרת או שאתה בוטח באדם שעושה זאת (למשל, בן משפחה).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**חסרונות:**
@@ -60,7 +60,7 @@ description: סקירה כללית של מספר ארכיטקטורות רשת
מסנג'רים P2P מתחברים ל[רשת מבוזרת](https://en.wikipedia.org/wiki/Distributed_networking) של צמתים כדי להעביר הודעה לנמען ללא שרת של צד שלישי.
-לקוחות (עמיתים) מוצאים זה את זה בדרך כלל באמצעות [רשת מחשוב מבוזרת](https://en.wikipedia.org/wiki/Distributed_computing). דוגמאות לכך כוללות [טבלאות Hash מפוזרות](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), המשמשות את [טורנטים](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) ו[IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) למשל. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+לקוחות (עמיתים) מוצאים זה את זה בדרך כלל באמצעות [רשת מחשוב מבוזרת](https://en.wikipedia.org/wiki/Distributed_computing). דוגמאות לכך כוללות [טבלאות Hash מפוזרות](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), המשמשות את [טורנטים](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) ו[IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) למשל. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
לאחר שעמית מצא מסלול ליצירת קשר באמצעות כל אחת מהשיטות הללו, נוצר קשר ישיר ביניהן. למרות שהודעות מוצפנות בדרך כלל, צופה עדיין יכול להסיק את המיקום והזהות של השולח והנמען.
@@ -85,9 +85,9 @@ description: סקירה כללית של מספר ארכיטקטורות רשת
מסנג'ר המשתמש ב[ניתוב אנונימי](https://doi.org/10.1007/978-1-4419-5906-5_628) מסתיר את זהות השולח, המקבל או ראיות לכך שהם תקשרו. באופן אידיאלי, מסנג'ר צריך להסתיר את שלושתם.
-ישנן [הרבה](https://doi.org/10.1145/3182658) דרכים שונות ליישם ניתוב אנונימי. אחד המפורסמים ביותר הוא [ניתוב בצל](https://en.wikipedia.org/wiki/Onion_routing) (כלומר [Tor](tor-overview.md)), שמתקשרת הודעות מוצפנות באמצעות [רשת שכבת-על](https://en.wikipedia.org/wiki/Overlay_network) וירטואלית המסתירה את המיקום של כל צומת כמו גם את הנמען והשולח של כל הודעה. השולח והנמען לעולם אינם מקיימים אינטראקציה ישירה ורק נפגשים דרך צומת מפגש סודי כך שאין דליפה של כתובות IP או מיקום פיזי. צמתים אינם יכולים לפענח הודעות, וגם לא את היעד הסופי; רק הנמען יכול. כל צומת מתווך יכול לפענח רק חלק שמציין לאן לשלוח את ההודעה שעדיין מוצפנת בשלב הבא, עד שהוא מגיע לנמען שיכול לפענח אותה במלואה, ומכאן "שכבות הבצל."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. אחד המפורסמים ביותר הוא [ניתוב בצל](https://en.wikipedia.org/wiki/Onion_routing) (כלומר [Tor](tor-overview.md)), שמתקשרת הודעות מוצפנות באמצעות [רשת שכבת-על](https://en.wikipedia.org/wiki/Overlay_network) וירטואלית המסתירה את המיקום של כל צומת כמו גם את הנמען והשולח של כל הודעה. השולח והנמען לעולם אינם מקיימים אינטראקציה ישירה ורק נפגשים דרך צומת מפגש סודי כך שאין דליפה של כתובות IP או מיקום פיזי. צמתים אינם יכולים לפענח הודעות, וגם לא את היעד הסופי; רק הנמען יכול. כל צומת מתווך יכול לפענח רק חלק שמציין לאן לשלוח את ההודעה שעדיין מוצפנת בשלב הבא, עד שהוא מגיע לנמען שיכול לפענח אותה במלואה, ומכאן "שכבות הבצל."
-אירוח עצמי של צומת ברשת ניתוב אנונימית אינו מספק למארח יתרונות פרטיות נוספים, אלא תורם לעמידות הרשת כולה בפני התקפות זיהוי לטובת כולם.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**יתרונות:**
diff --git a/i18n/he/advanced/dns-overview.md b/i18n/he/advanced/dns-overview.md
index 33499606..811752d7 100644
--- a/i18n/he/advanced/dns-overview.md
+++ b/i18n/he/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: מערכת שמות הדומיין היא "ספר הטלפונים של האינטרנט", שעוזרת לדפדפן שלך למצוא את האתר שהוא מחפש.
---
-[מערכת שמות הדומיין](https://en.wikipedia.org/wiki/Domain_Name_System) היא 'ספר הטלפונים של האינטרנט'. DNS מתרגם שמות דומיין לכתובות IP כך שדפדפנים ושירותים אחרים יכולים לטעון משאבי אינטרנט, דרך רשת מבוזרת של שרתים.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS מתרגם שמות דומיין לכתובות IP כך שדפדפנים ושירותים אחרים יכולים לטעון משאבי אינטרנט, דרך רשת מבוזרת של שרתים.
## מה זה DNS?
@@ -24,7 +24,7 @@ DNS קיים מאז [הימים הראשונים](https://en.wikipedia.org/wiki/
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. לאחר מכן נוכל להשתמש ב[`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS וכו') או [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) כדי לשלוח את בדיקת ה-DNS לשני השרתים. תוכנות כגון דפדפני אינטרנט מבצעות חיפושים אלו באופן אוטומטי, אלא אם כן הם מוגדרים לשימוש ב-DNS מוצפן.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. תוכנות כגון דפדפני אינטרנט מבצעות חיפושים אלו באופן אוטומטי, אלא אם כן הם מוגדרים לשימוש ב-DNS מוצפן.
=== "לינוקס, macOS"
@@ -39,7 +39,7 @@ DNS קיים מאז [הימים הראשונים](https://en.wikipedia.org/wiki/
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) הייתה אחת השיטות הראשונות להצפנת שאילתות DNS. DNSCrypt פועל על יציאה 443 ועובד עם פרוטוקולי התחבורה TCP או UDP. DNSCrypt מעולם לא הוגש ל[כוח המשימה להנדסת אינטרנט (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) וגם לא עבר דרך [בקשה להערות (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments), כך שלא נעשה בו שימוש נרחב מחוץ לכמה [יישומים](https://dnscrypt.info/implementations). כתוצאה מכך, הוא הוחלף במידה רבה על ידי [DNS על HTTPS](#dns-over-https-doh) הפופולרי יותר.
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) הייתה אחת השיטות הראשונות להצפנת שאילתות DNS. DNSCrypt פועל על יציאה 443 ועובד עם פרוטוקולי התחבורה TCP או UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). כתוצאה מכך, הוא הוחלף במידה רבה על ידי [DNS על HTTPS](#dns-over-https-doh) הפופולרי יותר.
### DNS על TLS (DoT)
@@ -118,7 +118,7 @@ Apple אינה מספקת ממשק מקורי ליצירת פרופילי DNS מ
3. לאחר הגשת הבקשה, נוכל לעצור את לכידת החבילות עם CTRL + C.
-4. נתח את התוצאות ב-Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
הדרך הפשוטה ביותר לקבוע את פעילות הגלישה עשויה להיות להסתכל על כתובות ה-IP שהמכשירים שלך ניגשים אליהם. לדוגמה, אם הצופה יודע ש-`privacyguides.org` נמצא בכתובת `198.98.54.105`, והמכשיר שלך מבקש נתונים מ-`198.98.54.105`, יש יש סיכוי טוב שאתה מבקר בPrivacy Guides.
-שיטה זו שימושית רק כאשר כתובת ה-IP שייכת לשרת המארח רק מעט אתרים. זה גם לא מאוד שימושי אם האתר מתארח בפלטפורמה משותפת (למשל Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger וכו'). זה גם לא מאוד שימושי אם השרת מתארח מאחורי [פרוקסי הפוך](https://en.wikipedia.org/wiki/Reverse_proxy), הנפוץ מאוד באינטרנט המודרני.
+שיטה זו שימושית רק כאשר כתובת ה-IP שייכת לשרת המארח רק מעט אתרים. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). זה גם לא מאוד שימושי אם השרת מתארח מאחורי [פרוקסי הפוך](https://en.wikipedia.org/wiki/Reverse_proxy), הנפוץ מאוד באינטרנט המודרני.
### ציון שם השרת (SNI)
-ציון שם שרת משמש בדרך כלל כאשר כתובת IP מארחת אתרים רבים. זה יכול להיות שירות כמו Cloudflare, או הגנה אחרת של [מניעת מניעת שירות](https://en.wikipedia.org/wiki/Denial-of-service_attack).
+Server Name Indication is typically used when an IP address hosts many websites. זה יכול להיות שירות כמו Cloudflare, או הגנה אחרת של [מניעת מניעת שירות](https://en.wikipedia.org/wiki/Denial-of-service_attack).
-1. התחל לתעד שוב עם `tshark`. הוספנו מסנן עם כתובת ה-IP שלנו כדי שלא תלכוד הרבה מנות:
+1. התחל לתעד שוב עם `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | לא | כלום(לא לעשות כלום)
```
-יש להשתמש ב-DNS מוצפן עם צד שלישי רק כדי לעקוף הפניות מחדש ו[חסימת DNS](https://en.wikipedia.org/wiki/DNS_blocking) בסיסית כאשר אתה יכול להיות בטוח שלא יהיו השלכות או שאתה מעוניין בספק שיבצע סינון ראשוני.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[רשימת שרתי DNS מומלצים](../dns.md ""){.md-button}
diff --git a/i18n/he/advanced/tor-overview.md b/i18n/he/advanced/tor-overview.md
index 15007e85..2e6eced9 100644
--- a/i18n/he/advanced/tor-overview.md
+++ b/i18n/he/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/he/ai-chat.md b/i18n/he/ai-chat.md
index 6f57085e..b0e422a8 100644
--- a/i18n/he/ai-chat.md
+++ b/i18n/he/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## קריטריונים
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### המקרה הטוב ביותר
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/he/alternative-networks.md b/i18n/he/alternative-networks.md
index 3db3b72a..dd6124fd 100644
--- a/i18n/he/alternative-networks.md
+++ b/i18n/he/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/he/android/general-apps.md b/i18n/he/android/general-apps.md
index 34e4d822..517d6d99 100644
--- a/i18n/he/android/general-apps.md
+++ b/i18n/he/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/he/basics/account-creation.md b/i18n/he/basics/account-creation.md
index b6f5ba7a..10a65a49 100644
--- a/i18n/he/basics/account-creation.md
+++ b/i18n/he/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-לעתים קרובות אנשים נרשמים לשירותים מבלי לחשוב. אולי זה שירות סטרימינג כדי שתוכל לצפות בתוכנית החדשה שכולם מדברים עליה, או חשבון שנותן לך הנחה למקום האוכל המהיר האהוב עליך. לא משנה מה המקרה, עליך לשקול את ההשלכות על הנתונים שלך כעת ובהמשך בהמשך הקו.
+לעתים קרובות אנשים נרשמים לשירותים מבלי לחשוב. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. לא משנה מה המקרה, עליך לשקול את ההשלכות על הנתונים שלך כעת ובהמשך בהמשך הקו.
ישנם סיכונים הקשורים לכל שירות חדש שאתה משתמש בו. פרצות מידע; חשיפת פרטי הלקוח לצדדים שלישיים; עובדים סוררים שניגשים לנתונים; כולן אפשרויות שיש לקחת בחשבון בעת מתן המידע שלך. אתה צריך להיות בטוח שאתה יכול לסמוך על השירות, ולכן אנחנו לא ממליצים לאחסן נתונים יקרי ערך על שום דבר מלבד המוצרים הבוגרים ביותר שנבדקו בקרב. זה בדרך כלל אומר שירותים המספקים E2EE ועברו ביקורת קריפטוגרפית. ביקורת מגבירה את הביטחון שהמוצר תוכנן ללא בעיות אבטחה בולטות שנגרמו על ידי מפתח חסר ניסיון.
@@ -13,11 +13,11 @@ description: Creating accounts online is practically an internet necessity, take
## תנאים והגבלות & מדיניות הפרטיות
-ה-ToS הם הכללים שאתה מסכים לפעול עליהם בעת השימוש בשירות. עם שירותים גדולים יותר כללים אלה נאכפים לרוב על ידי מערכות אוטומטיות. לפעמים המערכות האוטומטיות האלה יכולות לעשות טעויות. לדוגמה, אתה עשוי להיות חסום או נעול מחוץ לחשבון שלך בשירותים מסוימים בגלל שימוש במספר VPN או VOIP. ערעור על איסורים כאלה הוא לעתים קרובות קשה, וכרוך גם בתהליך אוטומטי, שלא תמיד מצליח. זו תהיה אחת הסיבות לכך שלא היינו מציעים להשתמש ב-Gmail לאימייל כדוגמה. אימייל חיוני לגישה לשירותים אחרים שאולי נרשמת אליהם.
+ה-ToS הם הכללים שאתה מסכים לפעול עליהם בעת השימוש בשירות. עם שירותים גדולים יותר כללים אלה נאכפים לרוב על ידי מערכות אוטומטיות. לפעמים המערכות האוטומטיות האלה יכולות לעשות טעויות. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. ערעור על איסורים כאלה הוא לעתים קרובות קשה, וכרוך גם בתהליך אוטומטי, שלא תמיד מצליח. זו תהיה אחת הסיבות לכך שלא היינו מציעים להשתמש ב-Gmail לאימייל כדוגמה. אימייל חיוני לגישה לשירותים אחרים שאולי נרשמת אליהם.
-מדיניות הפרטיות היא האופן שבו השירות אומר שהם ישתמשו בנתונים שלך וכדאי לקרוא כדי שתבין כיצד ישמש הנתונים שלך. ייתכן שחברה או ארגון לא יהיו מחויבים על פי חוק לציית לכל הכלול במדיניות (זה תלוי בתחום השיפוט). אנו ממליצים לקבל מושג מה הם החוקים המקומיים שלך ומה הם מאפשרים לספק לאסוף.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. ייתכן שחברה או ארגון לא יהיו מחויבים על פי חוק לציית לכל הכלול במדיניות (זה תלוי בתחום השיפוט). אנו ממליצים לקבל מושג מה הם החוקים המקומיים שלך ומה הם מאפשרים לספק לאסוף.
-אנו ממליצים לחפש מונחים מסוימים כגון "איסוף נתונים", "ניתוח נתונים", "עוגיות", "מודעות" או שירותי "צד שלישי". לפעמים תוכל לבטל את הסכמתך לאיסוף נתונים או משיתוף הנתונים שלך, אבל עדיף לבחור שירות שמכבד את פרטיותך מלכתחילה.
+אנו ממליצים לחפש מונחים מסוימים כגון "איסוף נתונים", "ניתוח נתונים", "עוגיות", "מודעות" או שירותי "צד שלישי". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
זכור שאתה גם נותן אמון בחברה או בארגון ושהם יצייתו למדיניות הפרטיות שלהם.
@@ -42,7 +42,7 @@ description: Creating accounts online is practically an internet necessity, take
#### כינויי אימייל
-אם אינך רוצה לתת את כתובת האימייל האמיתית שלך לשירות, יש לך אפשרות להשתמש בכינוי. תיארנו אותם ביתר פירוט בדף ההמלצות של שירותי האימייל שלנו. בעיקרון, שירותי כינוי מאפשרים לך ליצור כתובות אימייל חדשות המעבירות את כל המיילים לכתובת הראשית שלך. זה יכול לעזור למנוע מעקב אחר שירותים ולעזור לך לנהל את האימיילים השיווקיים שמגיעים לפעמים עם תהליך ההרשמה. ניתן לסנן אותם באופן אוטומטי על סמך הכינוי שאליו הם נשלחים.
+אם אינך רוצה לתת את כתובת האימייל האמיתית שלך לשירות, יש לך אפשרות להשתמש בכינוי. תיארנו אותם ביתר פירוט בדף ההמלצות של שירותי האימייל שלנו. בעיקרון, שירותי כינוי מאפשרים לך ליצור כתובות אימייל חדשות המעבירות את כל המיילים לכתובת הראשית שלך. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. ניתן לסנן אותם באופן אוטומטי על סמך הכינוי שאליו הם נשלחים.
אם שירות ייפרץ, ייתכן שתתחיל לקבל הודעות דיוג או דואר זבל לכתובת שבה השתמשת כדי להירשם. שימוש בכינויים ייחודיים עבור כל שירות יכול לסייע בזיהוי בדיוק איזה שירות נפרץ.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
אנו ממליצים להימנע משירותים הדורשים מספר טלפון לצורך הרשמה. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-כדאי להימנע מלמסור את מספר הטלפון האמיתי שלך אם אתה יכול. שירותים מסוימים יאפשרו שימוש במספרי VOIP, אולם אלה מפעילים לעתים קרובות מערכות זיהוי הונאה, מה שגורם לנעילה של חשבון, ולכן איננו ממליצים על כך עבור חשבונות חשובים.
+כדאי להימנע מלמסור את מספר הטלפון האמיתי שלך אם אתה יכול. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
במקרים רבים תצטרך לספק מספר שממנו תוכל לקבל SMS או שיחות, במיוחד בעת קניות בינלאומיות, למקרה שיש בעיה בהזמנה שלך בבדיקת הגבול. מקובל ששירותים משתמשים במספר שלך כשיטת אימות; אל תיתן לעצמך להינעל מחוץ לחשבון חשוב כי רצית להיות חכם ולתת מספר מזויף!
diff --git a/i18n/he/basics/account-deletion.md b/i18n/he/basics/account-deletion.md
index ff43b8ac..c2024f17 100644
--- a/i18n/he/basics/account-deletion.md
+++ b/i18n/he/basics/account-deletion.md
@@ -27,7 +27,7 @@ description: קל לצבור מספר רב של חשבונות אינטרנט,
### אימייל
-אם לא השתמשת במנהל סיסמאות בעבר או שאתה חושב שיש לך חשבונות שמעולם לא נוספו למנהל הסיסמאות שלך, אפשרות נוספת היא לחפש בחשבונ(ות) הדוא"ל שאתה מאמין שנרשמת אליהם. בלקוח האימייל שלך, חפש מילות מפתח כגון "אמת" או "ברוך הבא" כמעט בכל פעם שתבצע חשבון מקוון, השירות ישלח קישור לאימות או הודעת היכרות לאימייל שלך. זו יכולה להיות דרך טובה למצוא חשבונות ישנים ונשכחים.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. בלקוח האימייל שלך, חפש מילות מפתח כגון "אמת" או "ברוך הבא" כמעט בכל פעם שתבצע חשבון מקוון, השירות ישלח קישור לאימות או הודעת היכרות לאימייל שלך. זו יכולה להיות דרך טובה למצוא חשבונות ישנים ונשכחים.
## מחיקת חשבונות ישנים
@@ -39,7 +39,7 @@ description: קל לצבור מספר רב של חשבונות אינטרנט,
### GDPR (תושבי EEA בלבד)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. אם זה רלוונטי עבורך, קרא את מדיניות הפרטיות של כל שירות נתון כדי למצוא מידע על מימוש הזכות שלך למחיקה. קריאת מדיניות הפרטיות יכולה להיות חשובה, שכן חלק מהשירותים כוללים אפשרות "מחק חשבון" המשביתה רק את החשבון שלך ולמחיקת אמיתית עליך לנקוט פעולה נוספת. לפעמים מחיקה בפועל עשויה לכלול מילוי סקרים, שליחת אימייל לקצין הגנת המידע של השירות או אפילו הוכחת מקום מגוריך ב - EEA. אם אתם מתכננים ללכת בדרך זו,** אל תעשו ** שישכתב את המידע על חשבון שיש - הזהות שלך כתושב EEA עשוי להיות נדרש. שים לב כי המיקום של השירות אינו משנה; GDPR חל על כל מי שמשרת משתמשים באירופה. אם השירות אינו מכבד את זכותך למחיקה, באפשרותך ליצור קשר עם הלאום שלך [לרשות להגנת נתונים ](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) אתה יכול להיות זכאי לפיצוי כספי.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. אם זה רלוונטי עבורך, קרא את מדיניות הפרטיות של כל שירות נתון כדי למצוא מידע על מימוש הזכות שלך למחיקה. קריאת מדיניות הפרטיות יכולה להיות חשובה, שכן חלק מהשירותים כוללים אפשרות "מחק חשבון" המשביתה רק את החשבון שלך ולמחיקת אמיתית עליך לנקוט פעולה נוספת. לפעמים מחיקה בפועל עשויה לכלול מילוי סקרים, שליחת אימייל לקצין הגנת המידע של השירות או אפילו הוכחת מקום מגוריך ב - EEA. אם אתם מתכננים ללכת בדרך זו,** אל תעשו ** שישכתב את המידע על חשבון שיש - הזהות שלך כתושב EEA עשוי להיות נדרש. שים לב כי המיקום של השירות אינו משנה; GDPR חל על כל מי שמשרת משתמשים באירופה. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### עריכת פרטי החשבון הקיים
diff --git a/i18n/he/basics/common-misconceptions.md b/i18n/he/basics/common-misconceptions.md
index 38deef10..e0cd699b 100644
--- a/i18n/he/basics/common-misconceptions.md
+++ b/i18n/he/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## "מסובך זה יותר טוב"
-לעתים קרובות אנחנו רואים אנשים שמתארים מודלים של איום על פרטיות שהם מורכבים מדי. לעתים קרובות, פתרונות אלה כוללים בעיות כמו חשבונות דוא"ל רבים ושונים או התקנות מסובכות עם הרבה העברת חלקים ותנאים. התשובות הן בדרך כלל תשובות לשאלה "מהי הדרך הטובה ביותר לעשות *X*?"
+לעתים קרובות אנחנו רואים אנשים שמתארים מודלים של איום על פרטיות שהם מורכבים מדי. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. התשובות הן בדרך כלל תשובות לשאלה "מהי הדרך הטובה ביותר לעשות *X*?"
מציאת הפתרון ה"טוב ביותר" עבור עצמך לא אומר בהכרח שאתה מחפש פתרון שאין לו טעות עם עשרות תנאים - פתרונות אלו לרוב קשה לעבוד איתם באופן מציאותי. כפי שדיברנו בעבר, אבטחה לרוב באה במחיר של נוחות. בהמשך אנו מספקים כמה טיפים:
1. ==פעולות צריכות לשרת מטרה מסוימת:== תחשוב איך לעשות מה שאתה רוצה עם הכי פחות פעולות.
2. ==הסר נקודות כשל אנושיות:== אנחנו נכשלים, מתעייפים ושוכחים דברים. כדי לשמור על אבטחה, הימנע מהסתמכות על תנאים ותהליכים ידניים שאתה צריך לזכור.
-3. ==השתמש ברמת ההגנה הנכונה עבור מה שאתה מתכוון.== לעתים קרובות אנו רואים המלצות על מה שנקרא פתרונות אכיפת חוק או הוכחת זימון. אלה דורשים לעתים קרובות ידע מומחה ובדרך כלל הם לא מה שאנשים רוצים. אין טעם לבנות מודל איום מורכב לאנונימיות אם ניתן בקלות לבטל את האנונימיות באמצעות פיקוח פשוט.
+3. ==השתמש ברמת ההגנה הנכונה עבור מה שאתה מתכוון.== לעתים קרובות אנו רואים המלצות על מה שנקרא פתרונות אכיפת חוק או הוכחת זימון. אלה דורשים לעתים קרובות ידע מומחה ובדרך כלל הם לא מה שאנשים רוצים. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
אז איך זה עשוי להיראות?
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/he/basics/common-threats.md b/i18n/he/basics/common-threats.md
index 81da070e..ec506202 100644
--- a/i18n/he/basics/common-threats.md
+++ b/i18n/he/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: מודל האיום שלך הוא אישי עבורך, אך אלו הם חלק מהדברים שמהם אכפת למבקרים רבים באתר זה.
---
-באופן כללי, אנו מסווגים את ההמלצות שלנו ל[איומים](threat-modeling.md) או יעדים שחלים על רוב האנשים. ==ייתכן שאתה מודאג מאף אחת, אחת, כמה, או מכל האפשרויות האלה==, והכלים והשירותים שבהם אתה משתמש תלויים במטרותיך. ייתכן שיש לך איומים ספציפיים גם מחוץ לקטגוריות האלה, וזה בסדר גמור! החלק החשוב הוא פיתוח הבנה של היתרונות והחסרונות של הכלים שבהם אתה בוחר להשתמש, כי למעשה אף אחד מהם לא יגן עליך מכל איום.
+באופן כללי, אנו מסווגים את ההמלצות שלנו ל[איומים](threat-modeling.md) או יעדים שחלים על רוב האנשים. ==ייתכן שאתה מודאג מאף אחת, אחת, כמה, או מכל האפשרויות האלה==, והכלים והשירותים שבהם אתה משתמש תלויים במטרותיך. You may have specific threats outside these categories as well, which is perfectly fine! החלק החשוב הוא פיתוח הבנה של היתרונות והחסרונות של הכלים שבהם אתה בוחר להשתמש, כי למעשה אף אחד מהם לא יגן עליך מכל איום.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Avoiding censored access to information or being censored yourself when speaking
למערכות הפעלה מובייל יש בדרך כלל ארגז חול טוב יותר לאפליקציות מאשר למערכות הפעלה שולחניות: אפליקציות אינן יכולות לקבל גישת שורש, ודורשות הרשאה לגישה למשאבי המערכת.
-מערכות הפעלה שולחניות בדרך כלל מפגרות עם ארגז חול נכון. ל-ChromeOS יש יכולות ארגז חול דומות לאנדרואיד, ול-macOS יש בקרת הרשאות מערכת מלאה (ומפתחים יכולים להצטרף לארגזי חול עבור יישומים). עם זאת, מערכות הפעלה אלו אכן משדרות מידע מזהה ליצרני ה-OEM שלהם. לינוקס נוטה לא לשלוח מידע לספקי מערכות, אך יש לה הגנה גרועה מפני ניצול ואפליקציות זדוניות. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+מערכות הפעלה שולחניות בדרך כלל מפגרות עם ארגז חול נכון. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). עם זאת, מערכות הפעלה אלו אכן משדרות מידע מזהה ליצרני ה-OEM שלהם. לינוקס נוטה לא לשלוח מידע לספקי מערכות, אך יש לה הגנה גרועה מפני ניצול ואפליקציות זדוניות. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
-אפילו עם E2EE, ספקי שירות עדיין יכולים ליצור פרופיל שלך על סמך **מטא נתונים**, שבדרך כלל אינם מוגנים. למרות שספק השירות לא יכול לקרוא את ההודעות שלך, הוא עדיין יכול לראות דברים חשובים, כגון עם מי אתה מדבר, באיזו תדירות אתה שולח להם הודעות ומתי אתה פעיל בדרך כלל. הגנה על מטא נתונים היא נדירה למדי, ואם היא ב[מודל האיום](threat-modeling.md) שלך - עליך לשים לב היטב לתיעוד הטכני של התוכנה שבה אתה משתמש כדי לראות אם יש מזעור או הגנה של מטא נתונים בכלל.
+אפילו עם E2EE, ספקי שירות עדיין יכולים ליצור פרופיל שלך על סמך **מטא נתונים**, שבדרך כלל אינם מוגנים. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. הגנה על מטא נתונים היא נדירה למדי, ואם היא ב[מודל האיום](threat-modeling.md) שלך - עליך לשים לב היטב לתיעוד הטכני של התוכנה שבה אתה משתמש כדי לראות אם יש מזעור או הגנה של מטא נתונים בכלל.
## תוכניות מעקב המוני
@@ -156,7 +156,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
עבור אנשים רבים, מעקב ומעקב על ידי תאגידים פרטיים הם דאגה גוברת. רשתות מודעות נרחבות, כמו אלו המופעלות על ידי גוגל ופייסבוק, משתרעות על האינטרנט הרבה מעבר לאתרים שהם שולטים בהם, ועוקבות אחר הפעולות שלך לאורך הדרך. שימוש בכלים כמו חוסמי תוכן כדי להגביל את בקשות הרשת לשרתים שלהם, וקריאת מדיניות הפרטיות של השירותים שבהם אתה משתמש יכול לעזור לך למנוע יריבים בסיסיים רבים (אם כי זה לא יכול למנוע לחלוטין מעקב).[^4]
-בנוסף, אפילו חברות מחוץ ל*AdTech* או תעשיית המעקב יכולות לשתף את המידע שלך עם [מתווכי נתונים](https://en.wikipedia.org/wiki/Information_broker) (כגון Cambridge Analytica, Experian או Datalogix) או גורמים אחרים. אתה לא יכול להניח אוטומטית שהנתונים שלך בטוחים רק בגלל שהשירות שבו אתה משתמש אינו נופל במסגרת המודל העסקי הטיפוסי של AdTech או מעקב. ההגנה החזקה ביותר מפני איסוף נתונים תאגידי היא הצפנת או ערפול הנתונים שלך בכל עת אפשרי, מה שמקשה על ספקים שונים לתאם נתונים זה עם זה ולבנות עליך פרופיל.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. אתה לא יכול להניח אוטומטית שהנתונים שלך בטוחים רק בגלל שהשירות שבו אתה משתמש אינו נופל במסגרת המודל העסקי הטיפוסי של AdTech או מעקב. ההגנה החזקה ביותר מפני איסוף נתונים תאגידי היא הצפנת או ערפול הנתונים שלך בכל עת אפשרי, מה שמקשה על ספקים שונים לתאם נתונים זה עם זה ולבנות עליך פרופיל.
## הגבלת מידע ציבורי
diff --git a/i18n/he/basics/email-security.md b/i18n/he/basics/email-security.md
index b859d1c3..8a023859 100644
--- a/i18n/he/basics/email-security.md
+++ b/i18n/he/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### אילו לקוחות אימייל תומכים ב - E2EE?
-ספקי אימייל המאפשרים לך להשתמש בפרוטוקולי גישה סטנדרטיים כגון IMAP ו- SMTP יכולים לשמש עם כל אחד מ[קליינטי הדואר האלקטרוני שאנו ממליצים עליהם](../email-clients.md). בהתאם לשיטת האימות, הדבר עלול להוביל לירידה באבטחה אם הספק או לקוח האימייל אינם תומכים בשבועה או ביישום גשר מאחר שלא ניתן לבצע [אימות רב - גורמי](multi-factor-authentication.md) באמצעות אימות סיסמה רגיל.
+ספקי אימייל המאפשרים לך להשתמש בפרוטוקולי גישה סטנדרטיים כגון IMAP ו- SMTP יכולים לשמש עם כל אחד מ[קליינטי הדואר האלקטרוני שאנו ממליצים עליהם](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### כיצד אוכל להגן על המפתחות הפרטיים שלי?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. לאחר מכן, ההודעה מפוענחת על ידי הכרטיס החכם והתוכן המפוענח נשלח חזרה למכשיר.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-זה יתרון שהפענוח יתרחש בכרטיס החכם כדי למנוע חשיפת המפתח הפרטי שלך למכשיר שנפגע.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## סקירה כללית של מטא נתונים בדוא"ל
@@ -49,4 +49,4 @@ A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/36001379
### למה מטא נתונים לא יכולים להיות E2EE?
-מטא נתונים של דואר אלקטרוני חיוניים לפונקציונליות הבסיסית ביותר של דואר אלקטרוני (מהיכן הוא הגיע ולאן הוא צריך ללכת). E2EE לא היה מובנה בפרוטוקולי הדואר האלקטרוני במקור, ובמקום זאת נדרש לתוכנת הרחבה כמו OpenPGP. מכיוון שהודעות OpenPGP עדיין צריכות לעבוד עם ספקי דואר אלקטרוני מסורתיים, הן אינן יכולות להצפין מטה - נתונים של דואר אלקטרוני, אלא רק את גוף ההודעה עצמו. כלומר, גם כאשר משתמשים ב - OpenPGP, משקיפים חיצוניים יכולים לראות מידע רב על ההודעות שלך, כגון את מי אתה שולח בדוא"ל, את קווי הנושא, מתי אתה שולח דוא"ל וכו '.
+מטא נתונים של דואר אלקטרוני חיוניים לפונקציונליות הבסיסית ביותר של דואר אלקטרוני (מהיכן הוא הגיע ולאן הוא צריך ללכת). E2EE לא היה מובנה בפרוטוקולי הדואר האלקטרוני במקור, ובמקום זאת נדרש לתוכנת הרחבה כמו OpenPGP. מכיוון שהודעות OpenPGP עדיין צריכות לעבוד עם ספקי דואר אלקטרוני מסורתיים, הן אינן יכולות להצפין מטה - נתונים של דואר אלקטרוני, אלא רק את גוף ההודעה עצמו. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/he/basics/hardware.md b/i18n/he/basics/hardware.md
index fdab19fb..11779322 100644
--- a/i18n/he/basics/hardware.md
+++ b/i18n/he/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/he/basics/multi-factor-authentication.md b/i18n/he/basics/multi-factor-authentication.md
index e9ff4e15..e3ad06a7 100644
--- a/i18n/he/basics/multi-factor-authentication.md
+++ b/i18n/he/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "אימות מרובה גורמים"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA הוא מנגנון אבטחה קריטי לאבטחת החשבונות המקוונים שלך, אך שיטות מסוימות חזקות יותר מאחרות.
---
-**אימות מרובה גורמים** (**MFA**) הוא מנגנון אבטחה הדורש שלבים נוספים מעבר להזנת שם המשתמש (או האימייל) והסיסמה שלך. השיטה הנפוצה ביותר היא קודים מוגבלים בזמן שאתה עשוי לקבל מ-SMS או מאפליקציה.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. השיטה הנפוצה ביותר היא קודים מוגבלים בזמן שאתה עשוי לקבל מ-SMS או מאפליקציה.
בדרך כלל, אם האקר (או יריב) מסוגל להבין את הסיסמה שלך, הם יקבלו גישה לחשבון שאליו שייכת הסיסמה. חשבון עם MFA מאלץ את ההאקר להחזיק גם את הסיסמה (משהו שאתה *יודע*) וגם מכשיר שבבעלותך (משהו שיש *לך*), כמו הטלפון שלך.
@@ -26,7 +26,7 @@ description: MFA הוא מנגנון אבטחה קריטי לאבטחת החשב
### סיסמה חד פעמית מבוססת זמן (TOTP)
-TOTP היא אחת הצורות הנפוצות ביותר של MFA. כאשר אתה מגדיר TOTP, אתה בדרך כלל נדרש לסרוק קוד QR [](https://en.wikipedia.org/wiki/QR_code) אשר קובע "[סוד משותף](https://en.wikipedia.org/wiki/Shared_secret)" עם השירות שבו אתה מתכוון להשתמש. הסוד המשותף מאובטח בתוך הנתונים של אפליקציית האימות, ולעתים מוגן על ידי סיסמה.
+TOTP היא אחת הצורות הנפוצות ביותר של MFA. כאשר אתה מגדיר TOTP, אתה בדרך כלל נדרש לסרוק קוד QR [](https://en.wikipedia.org/wiki/QR_code) אשר קובע "[סוד משותף](https://en.wikipedia.org/wiki/Shared_secret)" עם השירות שבו אתה מתכוון להשתמש. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
לאחר מכן, הקוד המוגבל בזמן נגזר מהסוד המשותף ומהזמן הנוכחי. מאחר שהקוד תקף לזמן קצר בלבד, ללא גישה לסוד המשותף, היריב אינו יכול ליצור קודים חדשים.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
ל-FIDO2 ול-WebAuthn יש מאפייני אבטחה ופרטיות מעולים בהשוואה לכל שיטות MFA.
-בדרך כלל עבור שירותי אינטרנט הוא משמש עם WebAuthn שהוא חלק מ[המלצות W3C](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). הוא משתמש באימות מפתח ציבורי והוא מאובטח יותר מאשר סודות משותפים המשמשים בשיטות Yubico OTP ו-TOTP, מכיוון שהוא כולל את שם המקור (בדרך כלל, שם התחום) במהלך האימות. אישור מסופק כדי להגן עליך מפני התקפות דיוג, מכיוון שהוא עוזר לך לקבוע שאתה משתמש בשירות האותנטי ולא בעותק מזויף.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). הוא משתמש באימות מפתח ציבורי והוא מאובטח יותר מאשר סודות משותפים המשמשים בשיטות Yubico OTP ו-TOTP, מכיוון שהוא כולל את שם המקור (בדרך כלל, שם התחום) במהלך האימות. אישור מסופק כדי להגן עליך מפני התקפות דיוג, מכיוון שהוא עוזר לך לקבוע שאתה משתמש בשירות האותנטי ולא בעותק מזויף.
שלא כמו Yubico OTP, WebAuthn אינו משתמש בשום מזהה ציבורי, כך שהמפתח **לא** ניתן לזיהוי באתרים שונים. הוא גם לא משתמש בשרת ענן של צד שלישי לאימות. כל התקשורת הושלמה בין המפתח לאתר שאליו אתה נכנס. FIDO משתמשת גם במונה שמוגדל עם השימוש על מנת למנוע שימוש חוזר בהפעלה ומפתחות משובטים.
@@ -116,15 +116,15 @@ When using TOTP with an authenticator app, be sure to back up your recovery keys
## מקומות נוספים להגדרת MFA
-מעבר לאבטחת כניסות האתר שלך בלבד, ניתן להשתמש באימות רב-גורמי כדי לאבטח את כניסותיך המקומיות, מפתחות SSH או אפילו מסדי נתונים של סיסמאות.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-ל - macOS יש [תמיכה מקומית](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) לאימות עם כרטיסים חכמים (PIV). אם יש לך כרטיס חכם או מפתח אבטחה חומרה התומך בממשק PIV כגון YubiKey, אנו ממליצים לך לעקוב אחר התיעוד של ספק הכרטיס החכם/חומרה שלך ולהגדיר אימות גורם שני עבור מחשב macOS שלך.
+ל - macOS יש [תמיכה מקומית](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) לאימות עם כרטיסים חכמים (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-לאחר הגדרת הכרטיס החכם/מפתח האבטחה שלך, אנו ממליצים להפעיל את הפקודה הזו בטרמינל:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLog
### KeePass (ו-KeePassXC)
-ניתן לאבטח מסדי נתונים של KeePass ו-KeePassXC באמצעות Challenge-Response או HOTP כאימות גורם שני. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/he/basics/passwords-overview.md b/i18n/he/basics/passwords-overview.md
index ba50971c..6edcdc5f 100644
--- a/i18n/he/basics/passwords-overview.md
+++ b/i18n/he/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: These are some tips and tricks on how to create the strongest passw
עליך להימנע משינוי סיסמאות שאתה צריך לזכור (כגון סיסמת האב של מנהל הסיסמאות שלך) לעתים קרובות מדי, אלא אם יש לך סיבה להאמין שהיא נפגעה, שכן שינוי שלה לעתים קרובות מדי חושף אותך לסיכון של שכחתה.
-כשמדובר בסיסמאות שאינך חייב לזכור (כגון סיסמאות המאוחסנות בתוך מנהל הסיסמאות שלך), אם [מודל האיומים](threat-modeling.md) שלך דורש זאת, אנו ממליצים עוברים על חשבונות חשובים (במיוחד חשבונות שאינם משתמשים באימות רב-גורמי) ומשנים את הסיסמה שלהם כל חודשיים, למקרה שהם נפגעו בפרצת מידע שעדיין לא הפכה לציבורית. רוב מנהלי הסיסמאות מאפשרים לך להגדיר תאריך תפוגה לסיסמה שלך כדי להקל על הניהול שלה.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. רוב מנהלי הסיסמאות מאפשרים לך להגדיר תאריך תפוגה לסיסמה שלך כדי להקל על הניהול שלה.
Checking for data breaches
@@ -54,13 +54,13 @@ description: These are some tips and tricks on how to create the strongest passw
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. רשימות מילים אחרות עשויות לדרוש יותר או פחות גלגולים למילה, ועשויות לדרוש כמות שונה של מילים כדי להשיג את אותה אנטרופיה.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. לזרוק קובייה בעלת שש צדדים חמש פעמים, לרשום את המספר לאחר כל גלגול.
-2. כדוגמה, נניח שזרקת `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. כדוגמה, נניח שזרקת `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. אתה תמצא את המילה `להצפין`. כתוב את המילה הזו.
@@ -75,25 +75,25 @@ These instructions assume that you are using [EFF's large wordlist](https://eff.
אם אין לך גישה או תעדיף לא להשתמש בקוביות אמיתיות, תוכל להשתמש במחולל הסיסמאות המובנה של מנהל הסיסמאות שלך, שכן לרובם יש אפשרות ליצור ביטויי סיסמה של תוכנת קוביות בנוסף לסיסמאות הרגילות.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. יש גם [רשימות מילים אחרות בשפות שונות](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), אם אינך רוצה שביטוי הסיסמה שלך יהיה באנגלית.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
בממוצע, צריך לנסות 50% מכל השילובים האפשריים כדי לנחש את הביטוי שלך. עם זאת בחשבון, גם אם היריב שלך מסוגל ל-1,000,000,000,000 ניחושים בשנייה, עדיין ייקח לו ~27,255,689 שנים לנחש את משפט הסיסמה שלך. זה המצב גם אם הדברים הבאים נכונים:
- היריב שלך יודע שהשתמשת בשיטת קוביות.
-- היריב שלך יודע את רשימת המילים הספציפית שבה השתמשת.
+- Your adversary knows the specific word list that you used.
- היריב שלך יודע כמה מילים מכיל ביטוי הסיסמה שלך.
@@ -113,7 +113,7 @@ Let's put all of this in perspective: A seven word passphrase using [EFF's large
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
אחסון אסימוני ה-TOTP שלך באותו מקום כמו הסיסמאות שלך, למרות שהוא נוח, מצמצם את החשבונות לגורם יחיד במקרה שיריב יקבל גישה למנהל הסיסמאות שלך.
diff --git a/i18n/he/basics/threat-modeling.md b/i18n/he/basics/threat-modeling.md
index f5206f86..4bbc16a5 100644
--- a/i18n/he/basics/threat-modeling.md
+++ b/i18n/he/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: איזון בין אבטחה, פרטיות ושימושיות הי
כדי לענות על שאלה זו, חשוב לזהות מי ירצה למקד אותך או את המידע שלך. =אדם או ישות המהווים איום על הנכסים שלך הוא "יריב ". דוגמאות ליריבים פוטנציאליים הם הבוס שלך, השותף שלך לשעבר, התחרות העסקית שלך, הממשלה שלך, או האקר ברשת ציבורית.
-*ערוך רשימה של היריבים שלך או של אלה שאולי ירצו להשיג את הנכסים שלך. הרשימה עשויה לכלול אנשים פרטיים, סוכנות ממשלתית או תאגידים.*
+*Make a list of your adversaries or those who might want to get hold of your assets. הרשימה עשויה לכלול אנשים פרטיים, סוכנות ממשלתית או תאגידים.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/he/browser-extensions.md b/i18n/he/browser-extensions.md
index 3c944170..21b058ff 100644
--- a/i18n/he/browser-extensions.md
+++ b/i18n/he/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/he/calendar.md b/i18n/he/calendar.md
index 107701f6..67fcc6da 100644
--- a/i18n/he/calendar.md
+++ b/i18n/he/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
מספר לוחות שנה ופונקציונליות שיתוף מורחבת מוגבלים למנויים בתשלום.
diff --git a/i18n/he/cloud.md b/i18n/he/cloud.md
index 8baf681a..3be4b8f7 100644
--- a/i18n/he/cloud.md
+++ b/i18n/he/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## קריטריונים
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- חייב לאכוף הצפנה מקצה לקצה.
- יש להציע תוכנית חינם או תקופת ניסיון לבדיקה.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- חייב להציע ממשק אינטרנט התומך בפונקציונליות ניהול קבצים בסיסית.
- חייב לאפשר ייצוא קל של כל הקבצים/המסמכים.
diff --git a/i18n/he/cryptocurrency.md b/i18n/he/cryptocurrency.md
index b5e39fac..13ee7a22 100644
--- a/i18n/he/cryptocurrency.md
+++ b/i18n/he/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## קריטריונים
diff --git a/i18n/he/data-broker-removals.md b/i18n/he/data-broker-removals.md
index ecd406d9..00627fcc 100644
--- a/i18n/he/data-broker-removals.md
+++ b/i18n/he/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/he/desktop-browsers.md b/i18n/he/desktop-browsers.md
index 84960ba6..5b6e5194 100644
--- a/i18n/he/desktop-browsers.md
+++ b/i18n/he/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad Browser מגיע עם *uBlock Origin* ו*NoScript* הרחבות דפדפ
### Mullvad Leta
-Mullvad Browser מגיע עם DuckDuckGo מוגדר כ[מנוע החיפוש](search-engines.md) המוגדר כברירת מחדל, אך הוא מגיע גם מותקן מראש עם **Mullvad Leta**, מנוע חיפוש שדורש מנוי Mullvad VPN פעיל כדי לגשת אליו. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. מסיבה זו אנו מונעים את השימוש ב-Mullvad Leta, למרות ש-Mullvad אוספת מעט מאוד מידע על מנויי ה-VPN שלהם.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. מסיבה זו אנו מונעים את השימוש ב-Mullvad Leta, למרות ש-Mullvad אוספת מעט מאוד מידע על מנויי ה-VPN שלהם.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox שולח נתונים על הגרסה והשפה של Firefox שלך; תצורת מערכת ההפעלה והחומרה של המכשיר; זיכרון, מידע בסיסי על קריסות ושגיאות; תוצאה של תהליכים אוטומטיים כמו עדכונים, גלישה בטוחה והפעלה אלינו. כאשר Firefox שולח לנו נתונים, כתובת ה-IP שלך נאספת זמנית כחלק מיומני השרת שלנו.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. פתח את [הגדרות הפרופיל שלך ב ](https://accounts.firefox.com/settings#data-collection)accounts.firefox.com
2. ביטול סימון **איסוף נתונים ושימוש** > **עזרה בשיפור חשבונות Firefox**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] בחר **הפעלת מצב HTTPS בלבד בכל החלונות**
-זה מונע ממך להתחבר ללא כוונה לאתר אינטרנט ב-HTTP בטקסט רגיל. אתרים ללא HTTPS אינם נפוצים כיום, לכן לא אמורה להיות לכך השפעה רבה על הגלישה היומיומית שלך.
+זה מונע ממך להתחבר ללא כוונה לאתר אינטרנט ב-HTTP בטקסט רגיל. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS דרך HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/he/desktop.md b/i18n/he/desktop.md
index 40106eb1..4fc22f79 100644
--- a/i18n/he/desktop.md
+++ b/i18n/he/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS היא הפצה עצמאית המבוססת על מנהל החבילות
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/he/device-integrity.md b/i18n/he/device-integrity.md
index db491be6..55e38067 100644
--- a/i18n/he/device-integrity.md
+++ b/i18n/he/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/he/dns.md b/i18n/he/dns.md
index f868ea45..ff878c7e 100644
--- a/i18n/he/dns.md
+++ b/i18n/he/dns.md
@@ -75,7 +75,7 @@ AdGuard Home כולל ממשק אינטרנט משופשף כדי להציג ת
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/he/document-collaboration.md b/i18n/he/document-collaboration.md
index 17b63e5a..c34c24c2 100644
--- a/i18n/he/document-collaboration.md
+++ b/i18n/he/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
הקריטריונים הטובים ביותר שלנו מייצגים את מה שהיינו רוצים לראות מהפרויקט המושלם בקטגוריה זו. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/he/email-aliasing.md b/i18n/he/email-aliasing.md
index 04b18f03..435d005e 100644
--- a/i18n/he/email-aliasing.md
+++ b/i18n/he/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/he/email.md b/i18n/he/email.md
index 2f20dbf6..eaa08915 100644
--- a/i18n/he/email.md
+++ b/i18n/he/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** הוא שירות דואר אלקטרוני עם התמקדות בפרטיות, הצפנה, אבטחה וקלות שימוש. They have been in operation since 2013. Proton AG מבוססת בז'נב, שוויץ. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** הוא שירות דואר אלקטרוני עם התמקדות בפרטיות, הצפנה, אבטחה וקלות שימוש. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [מקבל](https://proton.me/support/payment-options) מזומן ב
#### :material-check:{ .pg-green } אבטחת חשבון
-Proton Mail תומך באימות TOTP ב[שני גורמים](https://proton.me/support/two-factor-authentication-2fa) וב[מפתחות אבטחת חומרה](https://proton.me/support/2fa-security-key) באמצעות תקני FIDO2 או U2F. השימוש במפתח אבטחת חומרה מחייב הגדרת אימות דו - שלבי של TOTP תחילה.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } אבטחת מידע
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail אינו מציע תכונה מורשת דיגיטלית.
@@ -127,7 +127,7 @@ Proton Mail אינו מציע תכונה מורשת דיגיטלית.
{ align=right }
-**Mailbox.org** הוא שירות דוא"ל עם התמקדות בלהיות מאובטח, ללא פרסומות ומופעל באופן פרטי על ידי 100% אנרגיה ידידותית לסביבה. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** הוא שירות דוא"ל עם התמקדות בלהיות מאובטח, ללא פרסומות ומופעל באופן פרטי על ידי 100% אנרגיה ידידותית לסביבה. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } שיטות תשלום פרטיות
-Mailbox.org אינו מקבל מטבעות קריפטוגרפיים כלשהם כתוצאה מכך שמעבד התשלומים BitPay השהה את הפעולות בגרמניה. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org אינו מקבל מטבעות קריפטוגרפיים כלשהם כתוצאה מכך שמעבד התשלומים BitPay השהה את הפעולות בגרמניה. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } אבטחת חשבון
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) אינם נתמכים עדיין.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) אינם נתמכים עדיין.
#### :material-information-outline:{ .pg-blue } אבטחת מידע
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). עם זאת, לא ניתן לגשת לממשק דואר האינטרנט שלהם באמצעות שירות.onion שלהם ואתה עלול להיתקל בשגיאות אישור TLS.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org תומך גם ב-[Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) בנוסף לפרוטוקולי גישה סטנדרטיים כמו IMAP ו-POP3.
@@ -195,7 +195,7 @@ Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכני
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } שיטות תשלום פרטיות
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } אבטחת חשבון
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } אבטחת מידע
@@ -297,7 +297,7 @@ Tuta אינו מציע תכונה מורשת דיגיטלית.
**מינימום כדי לעמוד בדרישות:**
- מצפין נתוני חשבון אימייל במצב מנוחה עם הצפנה ללא גישה.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- מאפשר למשתמשים להשתמש ב[שם דומיין](https://en.wikipedia.org/wiki/Domain_name) משלהם. שמות דומיין מותאמים אישית חשובים למשתמשים מכיוון שהם מאפשרים להם לתחזק את הסוכנות שלהם מהשירות, אם היא תהפוך לגרועה או תירכש על ידי חברה אחרת שאינה מתעדפת פרטיות.
- פועל על תשתית בבעלות, כלומר לא בנוי על ספקי שירותי דואר אלקטרוני של צד שלישי.
diff --git a/i18n/he/encryption.md b/i18n/he/encryption.md
index d46dbab2..7f458270 100644
--- a/i18n/he/encryption.md
+++ b/i18n/he/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt הוא מזלג של פרויקט TrueCrypt שהופסק. על פי ה
בעת הצפנה עם VeraCrypt, יש לך אפשרות לבחור מבין [hash פונקציות](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme) שונות. אנו מציעים לך **לבחור** רק [SHA-512](https://en.wikipedia.org/wiki/SHA-512) ולהיצמד ל [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) צופן בלוק.
-Truecrypt [נבדק מספר פעמים](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), וגם VeraCrypt [נבדק בנפרד](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form
{ align=right }
-**FileVault** הוא פתרון הצפנת נפח תוך כדי תנועה המובנה ב-macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** הוא פתרון הצפנת נפח תוך כדי תנועה המובנה ב-macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/he/file-sharing.md b/i18n/he/file-sharing.md
index 3c2ddd8c..18b68251 100644
--- a/i18n/he/file-sharing.md
+++ b/i18n/he/file-sharing.md
@@ -13,7 +13,7 @@ cover: file-sharing.webp
## שיתוף קבצים
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/he/frontends.md b/i18n/he/frontends.md
index 2a28acf5..9b01dfa9 100644
--- a/i18n/he/frontends.md
+++ b/i18n/he/frontends.md
@@ -251,7 +251,7 @@ When using LibreTube, your IP address will be visible to YouTube, [Piped](https:
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/he/index.md b/i18n/he/index.md
index f3543ecb..10957fa6 100644
--- a/i18n/he/index.md
+++ b/i18n/he/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG מבוססת בז'נב, שוויץ. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/he/meta/brand.md b/i18n/he/meta/brand.md
index f131228c..ee4dbe97 100644
--- a/i18n/he/meta/brand.md
+++ b/i18n/he/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-שם ה-Subreddit הוא **r/PrivacyGuides** או **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
ניתן למצוא הנחיות מיתוג נוספות בכתובת [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/he/meta/translations.md b/i18n/he/meta/translations.md
index 884cbeec..60ed855e 100644
--- a/i18n/he/meta/translations.md
+++ b/i18n/he/meta/translations.md
@@ -27,8 +27,8 @@ Please join our localization room on Matrix ([#pg-i18n:aragon.sh](https://matrix
## חלופות ברוחב מלא ותחביר Markdown
-מערכות כתיבה של CJK נוטות להשתמש בגרסאות חלופיות "ברוחב מלא" של סמלים נפוצים. אלו תווים שונים ולא ניתן להשתמש בהם עבור markdown.
+מערכות כתיבה של CJK נוטות להשתמש בגרסאות חלופיות "ברוחב מלא" של סמלים נפוצים. These are different characters and cannot be used for Markdown syntax.
-- קישורים חייבים להשתמש בסוגריים רגילים, כלומר `(` (Left Parenthesis U+0028) ו-`)` (Right Parenthesis U+0029) ולא `(` (סוגריים שמאליים ברוחב מלא U+FF08) או `)` (סוגריים ימניים ברוחב מלא U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- טקסט מצוטט עם הזחה חייב להשתמש ב-`:` (נקודתיים U+003A) ולא ב-`:` (נקודתיים U+FF1A ברוחב מלא)
- תמונות חייבות להשתמש ב-`!` (סימן קריאה U+0021) ולא ב-`!` (סימן קריאה ברוחב מלא U+FF01)
diff --git a/i18n/he/meta/uploading-images.md b/i18n/he/meta/uploading-images.md
index 6035efc5..cf5166cd 100644
--- a/i18n/he/meta/uploading-images.md
+++ b/i18n/he/meta/uploading-images.md
@@ -48,7 +48,7 @@ optipng -o7 file.png
- [ ] תכבה **הסר את הצהרת ה-XML**
- [x] הפעל **הסר מטא נתונים**
- [x] הפעל **הסר תגובות**
-- [x] הפעל את **תמונות רסטר מוטמעות**
+- [x] Turn on **Embedded raster images**
- [x] הפעל את **הפעל צפייה ב-viewboxing**
ב**פלט SVG** תחת **הדפסה יפה**:
diff --git a/i18n/he/meta/writing-style.md b/i18n/he/meta/writing-style.md
index c27434bf..198ce989 100644
--- a/i18n/he/meta/writing-style.md
+++ b/i18n/he/meta/writing-style.md
@@ -64,7 +64,7 @@ Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a
## תהיה תמציתי
-> מילים מיותרות מבזבזות את הזמן של הקהל שלך. כתיבה נהדרת היא כמו שיחה. השמט מידע שהקהל לא צריך לדעת. זה יכול להיות קשה כמומחה לנושא ולכן חשוב שמישהו יסתכל על המידע מנקודת המבט של הקהל.
+> מילים מיותרות מבזבזות את הזמן של הקהל שלך. כתיבה נהדרת היא כמו שיחה. השמט מידע שהקהל לא צריך לדעת. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/he/mobile-browsers.md b/i18n/he/mobile-browsers.md
index 06de9104..fca0ddac 100644
--- a/i18n/he/mobile-browsers.md
+++ b/i18n/he/mobile-browsers.md
@@ -247,7 +247,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** הוא דפדפן ברירת המחדל ב - iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** הוא דפדפן ברירת המחדל ב - iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ The **Advanced Tracking and Fingerprinting Protection** setting will randomize c
- [x] בחר **פרטי**
-מצב הגלישה הפרטית של Safari מציע הגנות פרטיות נוספות. גלישה פרטית משתמשת בהפעלה חדשה [>חולפת](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) עבור כל כרטיסייה, כלומר כרטיסיות מבודדות זו מזו. יש גם יתרונות פרטיות קטנים יותר עם גלישה פרטית, כגון אי שליחת כתובת של דף אינטרנט לאפל בעת שימוש בתכונת התרגום של Safari.
+מצב הגלישה הפרטית של Safari מציע הגנות פרטיות נוספות. גלישה פרטית משתמשת בהפעלה חדשה [>חולפת](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) עבור כל כרטיסייה, כלומר כרטיסיות מבודדות זו מזו. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. זה עשוי להיות אי נוחות.
diff --git a/i18n/he/multi-factor-authentication.md b/i18n/he/multi-factor-authentication.md
index bc5c378a..75eda4f6 100644
--- a/i18n/he/multi-factor-authentication.md
+++ b/i18n/he/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "אימות מרובה גורמים"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/he/notebooks.md b/i18n/he/notebooks.md
index a658cd20..023629c2 100644
--- a/i18n/he/notebooks.md
+++ b/i18n/he/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: ספקי שירות](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-עקוב אחר ההערות והיומנים שלך מבלי למסור אותם לצד שלישי.
+Keep track of your notes and journals without giving them to a third party.
אם אתה משתמש כעת באפליקציה כמו Evernote, Google Keep או Microsoft OneNote, אנו מציעים שתבחר כאן חלופה שתומכת ב-E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** הוא יישום חינמי, קוד פתוח ומלא תכונות לרישום הערות ומשימות שיכול להתמודד עם מספר רב של הערות סימון מאורגנים במחברות ותגים. הוא מציע E2EE ויכול לסנכרן דרך Nextcloud, Dropbox ועוד. הוא מציע גם ייבוא קל מ-Evernote והערות בטקסט רגיל.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. הוא מציע E2EE ויכול לסנכרן דרך Nextcloud, Dropbox ועוד. הוא מציע גם ייבוא קל מ-Evernote והערות בטקסט רגיל.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee מציע 100MB של אחסון בחינם, עם אפשרויות בתשלום אם אתה צריך יותר. ההרשמה אינה דורשת דואר אלקטרוני או מידע מזהה אישי אחר.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. ההרשמה אינה דורשת דואר אלקטרוני או מידע מזהה אישי אחר.
## מחברות מקומיות
diff --git a/i18n/he/os/android-overview.md b/i18n/he/os/android-overview.md
index e518ac24..c1e22b85 100644
--- a/i18n/he/os/android-overview.md
+++ b/i18n/he/os/android-overview.md
@@ -84,7 +84,7 @@ Fairphone, for example, markets their Fairphone 4 device as receiving 6 years of
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). ספרייה זו כוללת את [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) שיכולה לספק [הודעות דחיפה](https://en.wikipedia.org/wiki/Push_technology) באפליקציות. זה [המקרה](https://fosstodon.org/@bitwarden/109636825700482007) עם Bitwarden. זה לא אומר ש-Bitwarden משתמש בכל תכונות הניתוח שמסופקות על ידי Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). ספרייה זו כוללת את [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) שיכולה לספק [הודעות דחיפה](https://en.wikipedia.org/wiki/Push_technology) באפליקציות. זה [המקרה](https://fosstodon.org/@bitwarden/109636825700482007) עם Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### מתג הרג VPN
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. תכונה זו יכולה למנוע דליפות אם ה-VPN מנותק. ניתן למצוא אותו ב:gear: **הגדרות** ← **רשת & אינטרנט** ← **VPN** ← :gear: ← **חסום חיבורים ללא VPN**.
@@ -124,7 +124,7 @@ Android 7 and above supports a VPN kill switch, and it is available without the
## שירותי גוגל
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. אנו עדיין ממליצים להימנע לחלוטין משירותי Google, או להגביל את שירותי Google Play לפרופיל משתמש/עבודה ספציפי על ידי שילוב של בקר מכשיר כמו *Shelter* עם Google Play Sandboxed של GrapheneOS.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### תוכנית הגנה מתקדמת
diff --git a/i18n/he/os/ios-overview.md b/i18n/he/os/ios-overview.md
index 608d9d89..f5945941 100644
--- a/i18n/he/os/ios-overview.md
+++ b/i18n/he/os/ios-overview.md
@@ -125,7 +125,7 @@ Note that Bluetooth is automatically turned on after every system update.
#### מזהה פנים/זיהוי מגע & קוד סיסמה
-הגדרת סיסמה חזקה בטלפון שלך היא הצעד החשוב ביותר שאתה יכול לנקוט לאבטחת המכשיר הפיזי. תצטרך לעשות כאן פשרה בין אבטחה לנוחות: סיסמה ארוכה יותר תהיה מעצבנת להזין בכל פעם, אבל סיסמה קצרה יותר או PIN יהיה קל יותר לנחש. הגדרת Face ID או Touch ID יחד עם סיסמה חזקה יכולה להיות פשרה טובה בין שימושיות ואבטחה.
+הגדרת סיסמה חזקה בטלפון שלך היא הצעד החשוב ביותר שאתה יכול לנקוט לאבטחת המכשיר הפיזי. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. הגדרת Face ID או Touch ID יחד עם סיסמה חזקה יכולה להיות פשרה טובה בין שימושיות ואבטחה.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** →
אם אתה משתמש ביומטרי, אתה צריך לדעת איך לכבות אותם במהירות במקרה חירום. לחיצה ממושכת על לחצן הצד או ההפעלה ו*כל אחד* כפתור עוצמת הקול עד שתראה את המחוון Slide to Power Off תשבית את הביומטרי, ותחייב את קוד הגישה שלך כדי לפתוח. קוד הגישה שלך יידרש גם לאחר הפעלה מחדש של המכשיר.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. הקפד לנסות זאת מראש כדי שתדע איזו שיטה עובדת עבור המכשיר שלך.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/he/os/linux-overview.md b/i18n/he/os/linux-overview.md
index 24d72b5f..67838b64 100644
--- a/i18n/he/os/linux-overview.md
+++ b/i18n/he/os/linux-overview.md
@@ -10,9 +10,9 @@ description: Linux is an open-source, privacy-focused desktop operating system a
[המלצות לינוקס שלנו :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## הערות פרטיות
+## Security Notes
-יש כמה חששות בולטים של פרטיות עם לינוקס שכדאי להיות מודעים אליהם. למרות החסרונות הללו, הפצות לינוקס לשולחן העבודה עדיין נהדרות עבור רוב האנשים שרוצים:
+There are some notable security concerns with Linux which you should be aware of. למרות החסרונות הללו, הפצות לינוקס לשולחן העבודה עדיין נהדרות עבור רוב האנשים שרוצים:
- הימנע מטלמטריה שמגיעה לרוב עם מערכות הפעלה קנייניות
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ For frozen distributions such as [Debian](https://debian.org/security/faq#handli
באופן מסורתי, הפצות לינוקס מתעדכנות על ידי עדכון רציף של החבילות הרצויות. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### הפצות "ממוקדות אבטחה"
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### הצפנת כונן
-לרוב ההפצות של לינוקס יש אפשרות בתוך תוכנית ההתקנה שלה להפעלת [LUKS](../encryption.md#linux-unified-key-setup) FDE. אם אפשרות זו לא מוגדרת בזמן ההתקנה, תצטרך לגבות את הנתונים שלך ולהתקין מחדש, מכיוון שההצפנה מוחלת לאחר [חלוקת דיסקים ](https://en.wikipedia.org/wiki/Disk_partitioning), אבל לפני ש[מערכות הקבצים](https://en.wikipedia.org/wiki/File_system) מתעצבות. אנו מציעים גם למחוק בצורה מאובטחת את מכשיר האחסון שלך:
+לרוב ההפצות של לינוקס יש אפשרות בתוך תוכנית ההתקנה שלה להפעלת [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. אנו מציעים גם למחוק בצורה מאובטחת את מכשיר האחסון שלך:
- [מחיקת נתונים מאובטחת :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancill
פרויקט Fedora [סופר](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) כמה מערכות ייחודיות ניגשים למראות שלו באמצעות [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) משתנה במקום מזהה ייחודי. פדורה עושה זאת כדי לקבוע עומס והספקת שרתים טובים יותר עבור עדכונים במידת הצורך.
-[אפשרות](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) זו כבויה כעת כברירת מחדל. אנו ממליצים להוסיף את `countme=false` ל-`/etc/dnf/dnf.conf` למקרה שהוא יופעל בעתיד. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+[אפשרות](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) זו כבויה כעת כברירת מחדל. אנו ממליצים להוסיף את `countme=false` ל-`/etc/dnf/dnf.conf` למקרה שהוא יופעל בעתיד. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/he/os/macos-overview.md b/i18n/he/os/macos-overview.md
index cb3d4eaf..0175c8b3 100644
--- a/i18n/he/os/macos-overview.md
+++ b/i18n/he/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** היא מערכת הפעלה Unix שפותחה על ידי אפל עבור מחשבי ה-Mac שלהם. כדי לשפר את הפרטיות ב-macOS, אתה יכול להשבית את תכונות הטלמטריה ולהקשיח את הגדרות הפרטיות והאבטחה הקיימות.
-מחשבי Mac ו-Hackintosh ישנים יותר מבוססי אינטל אינם תומכים בכל תכונות האבטחה ש-macOS מציעה. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+מחשבי Mac ו-Hackintosh ישנים יותר מבוססי אינטל אינם תומכים בכל תכונות האבטחה ש-macOS מציעה. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## הערות פרטיות
@@ -14,7 +14,7 @@ description: macOS is Apple's desktop operating system that works with their har
### נעילת הפעלה
-ניתן להגדיר מכשירי סיליקון חדשים של Apple ללא חיבור לאינטרנט. עם זאת, שחזור או איפוס ה-Mac שלך **ידרש**חיבור לאינטרנט לשרתים של אפל כדי לבדוק מול מסד הנתונים של נעילת ההפעלה של מכשירים שאבדו או נגנבו.
+Brand-new Apple Silicon devices can be set up without an internet connection. עם זאת, שחזור או איפוס ה-Mac שלך **ידרש**חיבור לאינטרנט לשרתים של אפל כדי לבדוק מול מסד הנתונים של נעילת ההפעלה של מכשירים שאבדו או נגנבו.
### בדיקות ביטול אפליקציה
@@ -122,7 +122,7 @@ If you want to be able to install apps from the App Store but don't want to enab
##### FileVault
-במכשירים מודרניים עם מובלעת מאובטחת (Apple T2 Security Chip, Apple Silicon), הנתונים שלך תמיד מוצפנים, אך מפוענחים אוטומטית על ידי מפתח חומרה אם המכשיר שלך לא מזהה שטופלו בהם. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
במחשבי Mac ישנים יותר מבוססי אינטל, FileVault היא הצורה היחידה של הצפנת דיסקים הזמינה כברירת מחדל, וצריכה להיות מופעלת תמיד.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS מגיע עם שתי צורות של הגנה מפני תוכנות זדו
1. הגנה מפני הפעלת תוכנות זדוניות מלכתחילה מסופקת על ידי תהליך הבדיקה של App Store עבור יישומי App Store, או *אישור נוטריוני* (חלק מ* Gatekeeper*), תהליך שבו יישומי צד שלישי נסרקים לאיתור תוכנות זדוניות ידועות על ידי אפל לפני שהם מורשים לפעול. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. הגנה מפני תוכנות זדוניות אחרות ותיקון מתוכנות זדוניות קיימות במערכת שלך מסופקת על ידי *XProtect*, תוכנת אנטי-וירוס מסורתית יותר המובנית ב-macOS.
-אנו ממליצים לא להתקין תוכנת אנטי-וירוס של צד שלישי מכיוון שבדרך כלל אין להם את הגישה ברמת המערכת הנדרשת לתפקוד תקין בכל מקרה, בגלל המגבלות של אפל על אפליקציות של צד שלישי, ומכיוון שהענקת רמות הגישה הגבוהות שהם מבקשים מייצגת לעתים קרובות סיכון אבטחה ופרטיות גדול עוד יותר למחשב שלך.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### גיבויים
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### אבטחת חומרה
-תכונות אבטחה מודרניות רבות ב-macOS - כמו אתחול מאובטח מודרני, הפחתת ניצול ברמת החומרה, בדיקות שלמות מערכת ההפעלה והצפנה מבוססת קבצים - מסתמכות על סיליקון של Apple, ולחומרה החדשה יותר של אפל יש תמיד את [האבטחה הטובה ביותר](https:// support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). אנו מעודדים רק שימוש בסיליקון של Apple, ולא במחשבי Mac או Hackintosh ישנים יותר מבוססי אינטל.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
חלק מתכונות האבטחה המודרניות הללו זמינות במחשבי Mac ישנים יותר מבוססי אינטל עם שבב האבטחה של Apple T2, אך השבב הזה רגיש לניצול *checkm8* שעלול לסכן את האבטחה שלו.
@@ -256,7 +256,7 @@ ROM האתחול הוא שורש האמון של החומרה. זה מבטיח
#### Secure Enclave
-ה-Secure Enclave הוא שבב אבטחה מובנה במכשירים עם סיליקון של אפל אשר אחראי על אחסון ויצירת מפתחות הצפנה עבור נתונים במנוחה וכן נתוני Face ID ו-Touch ID. הוא מכיל ROM אתחול נפרד משלו.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. הוא מכיל ROM אתחול נפרד משלו.
אתה יכול לחשוב על ה-Secure Enclave כמרכז האבטחה של המכשיר שלך: יש לו מנוע הצפנה AES ומנגנון לאחסון מאובטח של מפתחות ההצפנה שלך, והוא מופרד משאר המערכת, כך שגם אם המעבד הראשי נפגע, הוא צריך עדיין להיות בטוח.
@@ -268,7 +268,7 @@ ROM האתחול הוא שורש האמון של החומרה. זה מבטיח
#### ניתוק מיקרופון של החומרה
-כל המחשבים הניידים עם סיליקון אפל או שבב T2 כוללים ניתוק חומרה עבור המיקרופון המובנה בכל פעם שהמכסה סגור. זה אומר שאין שום דרך לתוקף להאזין למיקרופון של ה-Mac שלך גם אם מערכת ההפעלה נפגעת.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. זה אומר שאין שום דרך לתוקף להאזין למיקרופון של ה-Mac שלך גם אם מערכת ההפעלה נפגעת.
שימו לב שלמצלמה אין ניתוק חומרה, מכיוון שהנוף שלה מעורפל כאשר המכסה סגור בכל מקרה.
@@ -287,7 +287,7 @@ ROM האתחול הוא שורש האמון של החומרה. זה מבטיח
#### הגנות גישה ישירה לזיכרון
-סיליקון אפל מפריד בין כל רכיב שדורש גישה ישירה לזיכרון. לדוגמה, יציאת Thunderbolt לא יכולה לגשת לזיכרון המיועד לליבה.
+Apple Silicon separates each component that requires direct memory access. לדוגמה, יציאת Thunderbolt לא יכולה לגשת לזיכרון המיועד לליבה.
## מקורות
diff --git a/i18n/he/os/windows/group-policies.md b/i18n/he/os/windows/group-policies.md
index e02a717d..f866d4d5 100644
--- a/i18n/he/os/windows/group-policies.md
+++ b/i18n/he/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/he/os/windows/index.md b/i18n/he/os/windows/index.md
index 7140fabc..92eb795d 100644
--- a/i18n/he/os/windows/index.md
+++ b/i18n/he/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## הערות פרטיות
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/he/passwords.md b/i18n/he/passwords.md
index 97f261b1..543afa76 100644
--- a/i18n/he/passwords.md
+++ b/i18n/he/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-i
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC מאחסן את נתוני הייצוא שלו כקובצי [CSV](http
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/he/photo-management.md b/i18n/he/photo-management.md
index dca2d038..40bdef29 100644
--- a/i18n/he/photo-management.md
+++ b/i18n/he/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- יש להציע תוכנית חינם או תקופת ניסיון לבדיקה.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- חייב להציע ממשק אינטרנט התומך בפונקציונליות ניהול קבצים בסיסית.
- חייב לאפשר ייצוא קל של כל הקבצים/המסמכים.
- חייב להיות קוד פתוח.
diff --git a/i18n/he/real-time-communication.md b/i18n/he/real-time-communication.md
index 6d11313d..11477169 100644
--- a/i18n/he/real-time-communication.md
+++ b/i18n/he/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## קריטריונים
diff --git a/i18n/he/router.md b/i18n/he/router.md
index 4b9e0a55..b4a1c656 100644
--- a/i18n/he/router.md
+++ b/i18n/he/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** היא מערכת הפעלה מבוססת לינוקס; הוא משמש בעיקר במכשירים משובצים לניתוב תעבורת רשת. זה כולל util-linux, uClibc ו-BusyBox. כל הרכיבים עברו אופטימיזציה עבור נתבים ביתיים.
+**OpenWrt** היא מערכת הפעלה מבוססת לינוקס; הוא משמש בעיקר במכשירים משובצים לניתוב תעבורת רשת. זה כולל util-linux, uClibc ו-BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: דף הבית](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=תיעוד}
diff --git a/i18n/he/security-keys.md b/i18n/he/security-keys.md
index dac4e3ee..a24c3d82 100644
--- a/i18n/he/security-keys.md
+++ b/i18n/he/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/he/tools.md b/i18n/he/tools.md
index 35f15ed0..c56dbc65 100644
--- a/i18n/he/tools.md
+++ b/i18n/he/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG מבוססת בז'נב, שוויץ. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. הם פועלים מאז 2014. Mailbox.org ממוקם בברלין, גרמניה. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/he/tor.md b/i18n/he/tor.md
index f892315a..118dd8be 100644
--- a/i18n/he/tor.md
+++ b/i18n/he/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## דפדפן Tor
@@ -114,11 +114,11 @@ In addition to installing Tor Browser on your computer directly, there are also
Tips for Android
-Orbot יכול לבצע שרת proxy של אפליקציות בודדות אם הם תומכים ב-SOCKS או HTTP proxy. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot יכול לבצע שרת proxy של אפליקציות בודדות אם הם תומכים ב-SOCKS או HTTP proxy. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot מיושן לעתים קרובות ב[מאגר F-Droid](https://guardianproject.info/fdroid) ו- [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), אז שקול להוריד ישירות מ[מאגר GitHub](https://github.com/guardianproject/orbot/releases) במקום זאת.
-כל הגרסאות חתומות באמצעות אותה חתימה ולכן הן צריכות להיות תואמות זו לזו.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/he/vpn.md b/i18n/he/vpn.md
index b64c90e2..4b52795c 100644
--- a/i18n/he/vpn.md
+++ b/i18n/he/vpn.md
@@ -2,7 +2,7 @@
meta_title: "המלצות והשוואה שירותי VPN פרטיים, ללא נותני חסות או מודעות - Privacy Guides"
title: "שירותי VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. מצא כאן ספק שאינו מעוניין לרגל אחריך.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). יישומי טורנט תומכים לעתים קרובות ב-NAT-PMP באופן מקורי.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). יישומי טורנט תומכים לעתים קרובות ב-NAT-PMP באופן מקורי.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } תכונת Killswitch שבורה במחשבי Mac מבוססי אינטל
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } לקוחות ניידים
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** הוא VPN מהיר וזול עם התמקדות רצינית בשקיפות ואבטחה. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** הוא VPN מהיר וזול עם התמקדות רצינית בשקיפות ואבטחה. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
### טכנולוגיה
-אנו דורשים מכל ספקי ה - VPN המומלצים שלנו לספק קבצי תצורה של OpenVPN לשימוש בכל לקוח. **אם** VPN מספק קליינט מותאם אישית משלו, אנו זקוקים ל-killswitch כדי לחסום דליפות נתוני רשת כאשר הוא מנותק.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**מינימום כדי לעמוד בדרישות:**
-- תמיכה בפרוטוקולים חזקים כגון WireGuard & OpenVPN.
-- Killswitch מובנה בקליינטים.
-- תמיכה Multihop. Multihopping חשוב לשמור על נתונים פרטיים במקרה של פשרה צומת אחת.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- אם מסופקים לקוחות VPN, הם צריכים להיות [קוד פתוח](https://en.wikipedia.org/wiki/Open_source), כמו תוכנת ה-VPN שהם בדרך כלל מובנים בהם. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**המקרה הטוב ביותר:**
-- Killswitch עם אפשרויות להגדרה גבוהה (הפעלה/השבתה ברשתות מסוימות, על אתחול, וכו ')
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- קליינטים VPN קלים לשימוש
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. אנו מצפים כי שרתים יאפשרו חיבורים נכנסים באמצעות IPv6 ויאפשרו לך לגשת לשירותים המתארחים בכתובות IPv6.
- היכולת של [העברת יציאות מרחוק](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) מסייעת ביצירת חיבורים בעת שימוש בתוכנת שיתוף קבצים P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer))או בעת אירוח שרת (לדוגמה, Mumble).
@@ -316,11 +316,11 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
**המקרה הטוב ביותר:**
- מקבל [אפשרויות תשלום אנונימיות מרובות](advanced/payments.md).
-- לא מתקבל מידע אישי (שם משתמש שנוצר אוטומטית, אין צורך באימייל וכו').
+- No personal information accepted (auto-generated username, no email required, etc.).
### אבטחה
-VPN הוא חסר טעם אם הוא אפילו לא יכול לספק אבטחה מספקת. אנו דורשים מכל הספקים המומלצים שלנו לציית לתקני האבטחה הנוכחיים לחיבורי OpenVPN שלהם. באופן אידיאלי, הם ישתמשו ביותר תוכניות הצפנה עתידיות כברירת מחדל. כמו כן, אנו דורשים מצד שלישי עצמאי לבדוק את האבטחה של הספק, באופן אידיאלי באופן מקיף מאוד ועל בסיס חוזר ונשנה (שנתי).
+VPN הוא חסר טעם אם הוא אפילו לא יכול לספק אבטחה מספקת. We require all our recommended providers to abide by current security standards. באופן אידיאלי, הם ישתמשו ביותר תוכניות הצפנה עתידיות כברירת מחדל. כמו כן, אנו דורשים מצד שלישי עצמאי לבדוק את האבטחה של הספק, באופן אידיאלי באופן מקיף מאוד ועל בסיס חוזר ונשנה (שנתי).
**מינימום כדי לעמוד בדרישות:**
@@ -358,7 +358,7 @@ VPN הוא חסר טעם אם הוא אפילו לא יכול לספק אבטח
**מינימום כדי לעמוד בדרישות:**
-- חייבים לבצע ניתוח מידע באיחסון עצמי (כלומר, ללא Google Analytics). האתר של הספק חייב גם לציית ל [DNT (לא לעקוב)](https://en.wikipedia.org/wiki/Do_Not_Track) למי שרוצה לבטל את הסכמתו.
+- חייבים לבצע ניתוח מידע באיחסון עצמי (כלומר, ללא Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
אסור שיהיה שיווק שהוא חסר אחריות:
diff --git a/i18n/hi/about.md b/i18n/hi/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/hi/about.md
+++ b/i18n/hi/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/hi/about/contributors.md b/i18n/hi/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/hi/about/contributors.md
+++ b/i18n/hi/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/hi/about/criteria.md b/i18n/hi/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/hi/about/criteria.md
+++ b/i18n/hi/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/hi/about/executive-policy.md b/i18n/hi/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/hi/about/executive-policy.md
+++ b/i18n/hi/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/hi/about/notices.md b/i18n/hi/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/hi/about/notices.md
+++ b/i18n/hi/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/hi/about/privacytools.md b/i18n/hi/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/hi/about/privacytools.md
+++ b/i18n/hi/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/hi/about/statistics.md b/i18n/hi/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/hi/about/statistics.md
+++ b/i18n/hi/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/hi/advanced/communication-network-types.md b/i18n/hi/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/hi/advanced/communication-network-types.md
+++ b/i18n/hi/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/hi/advanced/dns-overview.md b/i18n/hi/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/hi/advanced/dns-overview.md
+++ b/i18n/hi/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/hi/advanced/tor-overview.md b/i18n/hi/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/hi/advanced/tor-overview.md
+++ b/i18n/hi/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/hi/ai-chat.md b/i18n/hi/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/hi/ai-chat.md
+++ b/i18n/hi/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/hi/alternative-networks.md b/i18n/hi/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/hi/alternative-networks.md
+++ b/i18n/hi/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/hi/android/general-apps.md b/i18n/hi/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/hi/android/general-apps.md
+++ b/i18n/hi/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/hi/basics/account-creation.md b/i18n/hi/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/hi/basics/account-creation.md
+++ b/i18n/hi/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/hi/basics/account-deletion.md b/i18n/hi/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/hi/basics/account-deletion.md
+++ b/i18n/hi/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/hi/basics/common-misconceptions.md b/i18n/hi/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/hi/basics/common-misconceptions.md
+++ b/i18n/hi/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/hi/basics/common-threats.md b/i18n/hi/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/hi/basics/common-threats.md
+++ b/i18n/hi/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/hi/basics/email-security.md b/i18n/hi/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/hi/basics/email-security.md
+++ b/i18n/hi/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/hi/basics/hardware.md b/i18n/hi/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/hi/basics/hardware.md
+++ b/i18n/hi/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/hi/basics/multi-factor-authentication.md b/i18n/hi/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/hi/basics/multi-factor-authentication.md
+++ b/i18n/hi/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/hi/basics/passwords-overview.md b/i18n/hi/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/hi/basics/passwords-overview.md
+++ b/i18n/hi/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/hi/basics/threat-modeling.md b/i18n/hi/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/hi/basics/threat-modeling.md
+++ b/i18n/hi/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/hi/browser-extensions.md b/i18n/hi/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/hi/browser-extensions.md
+++ b/i18n/hi/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/hi/calendar.md b/i18n/hi/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/hi/calendar.md
+++ b/i18n/hi/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/hi/cloud.md b/i18n/hi/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/hi/cloud.md
+++ b/i18n/hi/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/hi/cryptocurrency.md b/i18n/hi/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/hi/cryptocurrency.md
+++ b/i18n/hi/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/hi/data-broker-removals.md b/i18n/hi/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/hi/data-broker-removals.md
+++ b/i18n/hi/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/hi/desktop-browsers.md b/i18n/hi/desktop-browsers.md
index 82821366..ee50038a 100644
--- a/i18n/hi/desktop-browsers.md
+++ b/i18n/hi/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/hi/desktop.md b/i18n/hi/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/hi/desktop.md
+++ b/i18n/hi/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/hi/device-integrity.md b/i18n/hi/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/hi/device-integrity.md
+++ b/i18n/hi/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/hi/dns.md b/i18n/hi/dns.md
index 6808722d..f8a80c68 100644
--- a/i18n/hi/dns.md
+++ b/i18n/hi/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/hi/document-collaboration.md b/i18n/hi/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/hi/document-collaboration.md
+++ b/i18n/hi/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/hi/email-aliasing.md b/i18n/hi/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/hi/email-aliasing.md
+++ b/i18n/hi/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/hi/email.md b/i18n/hi/email.md
index 0eba0be3..8b57a816 100644
--- a/i18n/hi/email.md
+++ b/i18n/hi/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/hi/encryption.md b/i18n/hi/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/hi/encryption.md
+++ b/i18n/hi/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/hi/file-sharing.md b/i18n/hi/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/hi/file-sharing.md
+++ b/i18n/hi/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/hi/frontends.md b/i18n/hi/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/hi/frontends.md
+++ b/i18n/hi/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/hi/index.md b/i18n/hi/index.md
index 24891736..d3fe4a59 100644
--- a/i18n/hi/index.md
+++ b/i18n/hi/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/hi/meta/brand.md b/i18n/hi/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/hi/meta/brand.md
+++ b/i18n/hi/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/hi/meta/translations.md b/i18n/hi/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/hi/meta/translations.md
+++ b/i18n/hi/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/hi/meta/uploading-images.md b/i18n/hi/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/hi/meta/uploading-images.md
+++ b/i18n/hi/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/hi/meta/writing-style.md b/i18n/hi/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/hi/meta/writing-style.md
+++ b/i18n/hi/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/hi/mobile-browsers.md b/i18n/hi/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/hi/mobile-browsers.md
+++ b/i18n/hi/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/hi/multi-factor-authentication.md b/i18n/hi/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/hi/multi-factor-authentication.md
+++ b/i18n/hi/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/hi/notebooks.md b/i18n/hi/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/hi/notebooks.md
+++ b/i18n/hi/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/hi/os/android-overview.md b/i18n/hi/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/hi/os/android-overview.md
+++ b/i18n/hi/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/hi/os/ios-overview.md b/i18n/hi/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/hi/os/ios-overview.md
+++ b/i18n/hi/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/hi/os/linux-overview.md b/i18n/hi/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/hi/os/linux-overview.md
+++ b/i18n/hi/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/hi/os/macos-overview.md b/i18n/hi/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/hi/os/macos-overview.md
+++ b/i18n/hi/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/hi/os/windows/group-policies.md b/i18n/hi/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/hi/os/windows/group-policies.md
+++ b/i18n/hi/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/hi/os/windows/index.md b/i18n/hi/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/hi/os/windows/index.md
+++ b/i18n/hi/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/hi/passwords.md b/i18n/hi/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/hi/passwords.md
+++ b/i18n/hi/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/hi/photo-management.md b/i18n/hi/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/hi/photo-management.md
+++ b/i18n/hi/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/hi/real-time-communication.md b/i18n/hi/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/hi/real-time-communication.md
+++ b/i18n/hi/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/hi/router.md b/i18n/hi/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/hi/router.md
+++ b/i18n/hi/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/hi/security-keys.md b/i18n/hi/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/hi/security-keys.md
+++ b/i18n/hi/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/hi/tools.md b/i18n/hi/tools.md
index 44dd5a59..48348f9b 100644
--- a/i18n/hi/tools.md
+++ b/i18n/hi/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/hi/tor.md b/i18n/hi/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/hi/tor.md
+++ b/i18n/hi/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/hi/vpn.md b/i18n/hi/vpn.md
index 90a4e5e4..1b68ee82 100644
--- a/i18n/hi/vpn.md
+++ b/i18n/hi/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/hu/about.md b/i18n/hu/about.md
index 7401f604..b5f25d2d 100644
--- a/i18n/hu/about.md
+++ b/i18n/hu/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/hu/about/contributors.md b/i18n/hu/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/hu/about/contributors.md
+++ b/i18n/hu/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/hu/about/criteria.md b/i18n/hu/about/criteria.md
index d3f1dbaf..b685b270 100644
--- a/i18n/hu/about/criteria.md
+++ b/i18n/hu/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/hu/about/executive-policy.md b/i18n/hu/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/hu/about/executive-policy.md
+++ b/i18n/hu/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/hu/about/notices.md b/i18n/hu/about/notices.md
index 3a4d3b4d..bb58cc4a 100644
--- a/i18n/hu/about/notices.md
+++ b/i18n/hu/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Úgy véljük, hogy az `assets`-ekben található logók és egyéb, harmadik féltől származó képek vagy közkincsek, vagy **fair use** alatt állnak. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Ezek a logók és egyéb képek azonban egy vagy több joghatóságban továbbra is védjegyekre vonatkozó törvények hatálya alá tartozhatnak. Mielőtt felhasználnád ezt a tartalmat, kérjük, győződj meg arról, hogy a védjegyet a védjegyegy tulajdonló entitás, vagy szervezet azonosítására használatos, illetve hogy az általad tervezett felhasználás körülményei között alkalmazandó törvények értelmében jogosult vagy-e annak használatára. *A weboldal tartalmának másolásakor kizárólag te vagy felelős azért, hogy ne sértsd meg más védjegyét vagy szerzői jogát.*
+Úgy véljük, hogy az `assets`-ekben található logók és egyéb, harmadik féltől származó képek vagy közkincsek, vagy **fair use** alatt állnak. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Ezek a logók és egyéb képek azonban egy vagy több joghatóságban továbbra is védjegyekre vonatkozó törvények hatálya alá tartozhatnak. Mielőtt felhasználnád ezt a tartalmat, kérjük, győződj meg arról, hogy a védjegyet a védjegyegy tulajdonló entitás, vagy szervezet azonosítására használatos, illetve hogy az általad tervezett felhasználás körülményei között alkalmazandó törvények értelmében jogosult vagy-e annak használatára. *A weboldal tartalmának másolásakor kizárólag te vagy felelős azért, hogy ne sértsd meg más védjegyét vagy szerzői jogát.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/hu/about/privacytools.md b/i18n/hu/about/privacytools.md
index 3122b79e..4e170995 100644
--- a/i18n/hu/about/privacytools.md
+++ b/i18n/hu/about/privacytools.md
@@ -37,9 +37,9 @@ Anélkül, hogy bármilyen kapcsolatban álltunk volna a BurungHantuval, úgy d
## Az r/privacytoolsIO ellenőrzése
-A privacytools.io weboldalon folyó problémákkal egyidejűleg az r/privacytoolsIO moderációs csapatnak is kihívásokkal kellett szembenéznie a subreddit kezelésével. Az alreddit mindig is a weboldal fejlesztésétől nagyrészt függetlenül működött, de BurungHantu volt az alreddit elsődleges moderátora is, és ő volt az egyetlen moderátor, aki "Teljes irányítási" jogosultságokkal rendelkezett. u/trai_dep volt az egyetlen aktív moderátor abban az időben, és 2021. június 28-án kérvényt [küldött](https://reddit.com/comments/o9tllh) a Reddit adminisztrátorainak, amelyben kérte, hogy megkapja az elsődleges moderátori pozíciót és a teljes irányítási jogosultságokat, hogy a szükséges változtatásokat elvégezhesse a subredditen.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep volt az egyetlen aktív moderátor abban az időben, és 2021. június 28-án kérvényt [küldött](https://reddit.com/comments/o9tllh) a Reddit adminisztrátorainak, amelyben kérte, hogy megkapja az elsődleges moderátori pozíciót és a teljes irányítási jogosultságokat, hogy a szükséges változtatásokat elvégezhesse a subredditen.
-A Reddit megköveteli, hogy az alredditek aktív moderátorokkal rendelkezzenek. Ha az elsődleges moderátor hosszabb ideig (például egy évig) inaktív, az elsődleges moderátori pozíciót a soron következő moderátor töltheti be újra. Ahhoz, hogy ezt a kérést teljesítsék, BurungHantunak hosszú időn keresztül teljesen távol kellett volna maradnia minden Reddit-tevékenységtől, ami összhangban volt a más platformokon tanúsított viselkedésével.
+Reddit requires that Subreddits have active moderators. Ha az elsődleges moderátor hosszabb ideig (például egy évig) inaktív, az elsődleges moderátori pozíciót a soron következő moderátor töltheti be újra. Ahhoz, hogy ezt a kérést teljesítsék, BurungHantunak hosszú időn keresztül teljesen távol kellett volna maradnia minden Reddit-tevékenységtől, ami összhangban volt a más platformokon tanúsított viselkedésével.
> Ha Reddit-kérésen keresztül eltávolítottak moderátorként egy alredditből, az azért van, mert a válaszadás és az aktivitás hiánya miatt az r/redditrequest alreddit áthelyezésre jogosult.
>
@@ -55,7 +55,7 @@ Ez a változás [a következőket vonta maga után:](https://reddit.com/comments
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- A forráskód archiválása a GitHubon, hogy megőrizzük a korábbi munkánkat és a problémakövetőt, amelyet továbbra is használtunk az oldal jövőbeli fejlesztésének hónapjai során.
-- Bejelentések közzététele a subredditünkön és különböző más közösségekben, amelyek tájékoztatják az embereket a hivatalos változásról.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- A privacytools.io szolgáltatások, mint például a Matrix és a Mastodon hivatalos bezárása, és a meglévő felhasználók ösztönzése a lehető leghamarabbi áttérésre.
Úgy tűnt, hogy a dolgok zökkenőmentesen mennek, és az aktív közösségünk nagy része pontosan úgy váltott át az új projektünkre, ahogy reméltük.
@@ -66,11 +66,11 @@ Nagyjából egy héttel az átállást követően BurungHantu közel egy év ut
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Mi köteleztük és kértük, hogy tartsa aktívan a Matrix, Mastodon és PeerTube aldomainjeit, hogy legalább néhány hónapig nyilvános szolgáltatásként működtethessük a közösségünk számára, hogy az ezeken a platformokon lévő felhasználók könnyen át tudjanak menni más fiókokra. A szolgáltatásaink feldarabolt jellege miatt azok specifikus domain nevekhez voltak kötve, ami nagyon nehézzé tette az áttelepülést (néhány esetben lehetetlenné).
-Sajnos, mivel az r/privacytoolsIO alreddit irányítását BurungHantu kérésére nem adták át (további információk lejjebb), ezeket az aldomaineket október elején [lekapcsolták](https://reddit.com/comments/pymthv/comment/hexwrps), így a még mindig ezeket a szolgáltatásokat használó felhasználók számára megszűnt minden migrációs lehetőség.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Ezt követően BurungHantu hamis vádakat fogalmazott meg azzal kapcsolatban, hogy Jonah adományokat lopott a projektből. BurungHantunak több mint egy éve volt arra, hogy közzétegye az állítólagos esetet, mégis senkit sem tájékoztatott róla egészen a Privacy Guides migrációja utáni időpontig. BurungHantut a csapat [és a közösség](https://twitter.com/TommyTran732/status/1526153536962281474) többször kérte, hogy bizonyítsa be, és nyilatkozzon a hallgatásának okáról, de ezt nem tette meg.
-BurungHantu egy [Twitter-bejegyzést](https://twitter.com/privacytoolsIO/status/1510560676967710728) is közzétett, amelyben azt állította, hogy egy "ügyvéd" felkereste őt a Twitteren, és tanácsot adott neki, egy újabb kísérletként arra, hogy megfélemlítsen minket, hogy átadjuk neki az irányítást a subredditünk felett, és a rágalomhadjárat részeként, hogy zavarossá tegye a Privacy Guides elindítását, miközben úgy állította be magát, mintha áldozat lenne.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io most
@@ -80,7 +80,7 @@ BurungHantu egy [Twitter-bejegyzést](https://twitter.com/privacytoolsIO/status/
## Az r/privacytoolsIO most
-Az [r/PrivacyGuides](https://reddit.com/r/privacyguides) elindítása után nem volt célszerű, hogy u/trai_dep továbbra is mindkét alredditet moderálja, és mivel a közösség egyetértett az átállással, az r/privacytoolsIO egy 2021. november 1-jei bejegyzésben [ korlátozott alreditté vált](https://reddit.com/comments/qk7qrj):
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] A PrivacyGuides.org csapatának több éven át tartó nagy erőfeszítései eredményeként nőtt meg ez az aloldal. És mindannyiótok által.
>
@@ -88,11 +88,11 @@ Az [r/PrivacyGuides](https://reddit.com/r/privacyguides) elindítása után nem
A szubredditek nem tartoznak senkihez, és különösen nem tartoznak a márkatulajdonosokhoz. A közösségükhöz tartoznak, és a közösség és annak moderátorai döntöttek úgy, hogy támogatják az r/PrivacyGuides-ba való költözést.
-Az azóta eltelt hónapokban BurungHantu a Reddit szabályait [megszegve](https://reddit.com/r/redditrequest/wiki/top_mod_removal) fenyegetőzött és könyörgött, hogy adja vissza a subreddit irányítását a fiókjának:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> A moderátorok megtorlása az eltávolítási kérelmekkel kapcsolatban tilos.
-Egy olyan közösség számára, amelynek még több ezer tagja van, úgy érezzük, hogy hihetetlenül tiszteletlen lenne visszaadni az irányítást a hatalmas platform felett annak a személynek, aki több mint egy éve elhagyta azt, és aki most egy olyan weboldalt üzemeltet, amely szerintünk nagyon alacsony minőségű információt nyújt. A közösségben folytatott több éves múltbeli viták megőrzése fontosabb számunkra, ezért u/trai_dep és a többi moderátor úgy döntött, hogy az r/privacytoolsIO-t megtartjuk.
+Egy olyan közösség számára, amelynek még több ezer tagja van, úgy érezzük, hogy hihetetlenül tiszteletlen lenne visszaadni az irányítást a hatalmas platform felett annak a személynek, aki több mint egy éve elhagyta azt, és aki most egy olyan weboldalt üzemeltet, amely szerintünk nagyon alacsony minőségű információt nyújt. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective most
diff --git a/i18n/hu/about/statistics.md b/i18n/hu/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/hu/about/statistics.md
+++ b/i18n/hu/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/hu/advanced/communication-network-types.md b/i18n/hu/advanced/communication-network-types.md
index cacec261..7a5c4dca 100644
--- a/i18n/hu/advanced/communication-network-types.md
+++ b/i18n/hu/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Hátrányok:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Előnyök:**
diff --git a/i18n/hu/advanced/dns-overview.md b/i18n/hu/advanced/dns-overview.md
index 8f649832..28d5834f 100644
--- a/i18n/hu/advanced/dns-overview.md
+++ b/i18n/hu/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/hu/advanced/tor-overview.md b/i18n/hu/advanced/tor-overview.md
index 6b08821f..f40a8b0c 100644
--- a/i18n/hu/advanced/tor-overview.md
+++ b/i18n/hu/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/hu/ai-chat.md b/i18n/hu/ai-chat.md
index 54873142..68d69ac2 100644
--- a/i18n/hu/ai-chat.md
+++ b/i18n/hu/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Követelmények
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Legjobb esetben
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/hu/alternative-networks.md b/i18n/hu/alternative-networks.md
index 437d8718..32bc2fc9 100644
--- a/i18n/hu/alternative-networks.md
+++ b/i18n/hu/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/hu/android/general-apps.md b/i18n/hu/android/general-apps.md
index 9f0ae43c..9c190c78 100644
--- a/i18n/hu/android/general-apps.md
+++ b/i18n/hu/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/hu/basics/account-creation.md b/i18n/hu/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/hu/basics/account-creation.md
+++ b/i18n/hu/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/hu/basics/account-deletion.md b/i18n/hu/basics/account-deletion.md
index d141d438..61cc0ca8 100644
--- a/i18n/hu/basics/account-deletion.md
+++ b/i18n/hu/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/hu/basics/common-misconceptions.md b/i18n/hu/basics/common-misconceptions.md
index 5cd3c0e1..f0a81e3e 100644
--- a/i18n/hu/basics/common-misconceptions.md
+++ b/i18n/hu/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Az általad választott szolgáltatók adatvédelmi irányelvei és üzleti gyak
## "A bonyolult jobb"
-Gyakran látjuk, hogy az emberek túlságosan összetett adatvédelmi védelmi modelleket írnak le. Ezek a megoldások gyakran olyan problémákat tartalmaznak, mint sok különböző email fiók vagy bonyolult felállások sok mozgó alkatrésszel és feltétellel. A válaszok általában a "Mi a legjobb módja, hogy *X*-t csinálj?" kérdésre adnak választ.
+Gyakran látjuk, hogy az emberek túlságosan összetett adatvédelmi védelmi modelleket írnak le. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. A válaszok általában a "Mi a legjobb módja, hogy *X*-t csinálj?" kérdésre adnak választ.
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/hu/basics/common-threats.md b/i18n/hu/basics/common-threats.md
index 0e4011ad..a0eff0d5 100644
--- a/i18n/hu/basics/common-threats.md
+++ b/i18n/hu/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/hu/basics/email-security.md b/i18n/hu/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/hu/basics/email-security.md
+++ b/i18n/hu/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/hu/basics/hardware.md b/i18n/hu/basics/hardware.md
index d9306f15..62551db4 100644
--- a/i18n/hu/basics/hardware.md
+++ b/i18n/hu/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Figyelmeztetés
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/hu/basics/multi-factor-authentication.md b/i18n/hu/basics/multi-factor-authentication.md
index 80febdc0..6bddcae6 100644
--- a/i18n/hu/basics/multi-factor-authentication.md
+++ b/i18n/hu/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication - Többlépcsős Hitelesítés"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/hu/basics/passwords-overview.md b/i18n/hu/basics/passwords-overview.md
index a40ae39f..57a9a75b 100644
--- a/i18n/hu/basics/passwords-overview.md
+++ b/i18n/hu/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/hu/basics/threat-modeling.md b/i18n/hu/basics/threat-modeling.md
index dde4bd35..e8d2ea20 100644
--- a/i18n/hu/basics/threat-modeling.md
+++ b/i18n/hu/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/hu/browser-extensions.md b/i18n/hu/browser-extensions.md
index e7919b05..1eaa969b 100644
--- a/i18n/hu/browser-extensions.md
+++ b/i18n/hu/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/hu/calendar.md b/i18n/hu/calendar.md
index 94bfb1ff..bdbb6c61 100644
--- a/i18n/hu/calendar.md
+++ b/i18n/hu/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
A több naptár és kiterjesztett megosztási funkciók csak a fizetett előfizetőknek elérhető.
diff --git a/i18n/hu/cloud.md b/i18n/hu/cloud.md
index 4ae1ef2b..54ebb645 100644
--- a/i18n/hu/cloud.md
+++ b/i18n/hu/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Követelmények
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Végponttól végpontig terjedő titkosítást kell érvényesítenie.
- Ingyenes csomagot vagy próbaidőszakot kell kínálnia a teszteléshez.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Olyan webes felületet kell kínálnia, amely támogat alapvető fájlkezelési funkciókat.
- Lehetővé kell tennie az összes fájl/dokumentum egyszerű exportálását.
diff --git a/i18n/hu/cryptocurrency.md b/i18n/hu/cryptocurrency.md
index f5cc52a5..4c3457bb 100644
--- a/i18n/hu/cryptocurrency.md
+++ b/i18n/hu/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Követelmények
diff --git a/i18n/hu/data-broker-removals.md b/i18n/hu/data-broker-removals.md
index 991f19ed..b40f49d6 100644
--- a/i18n/hu/data-broker-removals.md
+++ b/i18n/hu/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/hu/desktop-browsers.md b/i18n/hu/desktop-browsers.md
index 340e56a3..e4aaa482 100644
--- a/i18n/hu/desktop-browsers.md
+++ b/i18n/hu/desktop-browsers.md
@@ -109,7 +109,7 @@ Ez szükséges az előrehaladott követési formák megakadályozásához, azonb
### Mullvad Leta
-A Mullvad Browser alapértelmezett [keresőmotorja](search-engines.md) a DuckDuckGo, de a **Mullvad Leta** keresőmotor is előre telepítve van, amelyhez aktív Mullvad VPN előfizetés szükséges. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Ezért nem javasoljuk a Mullvad Leta használatát, még akkor sem, ha a Mullvad nagyon kevés információt gyűjt a VPN-előfizetőiről.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Ezért nem javasoljuk a Mullvad Leta használatát, még akkor sem, ha a Mullvad nagyon kevés információt gyűjt a VPN-előfizetőiről.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/hu/desktop.md b/i18n/hu/desktop.md
index 347a001c..5a337bea 100644
--- a/i18n/hu/desktop.md
+++ b/i18n/hu/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/hu/device-integrity.md b/i18n/hu/device-integrity.md
index ef518125..d33d13dd 100644
--- a/i18n/hu/device-integrity.md
+++ b/i18n/hu/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/hu/dns.md b/i18n/hu/dns.md
index b1fe9142..0cc895c9 100644
--- a/i18n/hu/dns.md
+++ b/i18n/hu/dns.md
@@ -75,7 +75,7 @@ Az AdGuard Home egy kifinomult webes felületet kínál az betekintések megteki
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Egy titkosított DNS proxy szoftver helyi proxy-t biztosít a [titkosítatlan DN
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/hu/document-collaboration.md b/i18n/hu/document-collaboration.md
index aedcc63a..2c36f296 100644
--- a/i18n/hu/document-collaboration.md
+++ b/i18n/hu/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy kifogástalan projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/hu/email-aliasing.md b/i18n/hu/email-aliasing.md
index 016aba63..500e3560 100644
--- a/i18n/hu/email-aliasing.md
+++ b/i18n/hu/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/hu/email.md b/i18n/hu/email.md
index 4be920ec..a99a1d74 100644
--- a/i18n/hu/email.md
+++ b/i18n/hu/email.md
@@ -58,7 +58,7 @@ Az OpenPGP nem támogatja a Forward secrecy-t sem, ami azt jelenti, hogy ha a t
{ align=right }
-A **Proton Mail** egy olyan e-mail szolgáltatás, amely a magánéletre, a titkosításra, a biztonságra és az egyszerű használatra helyezi a hangsúlyt. They have been in operation since 2013. A Proton AG székhelye Genfben, Svájcban található. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+A **Proton Mail** egy olyan e-mail szolgáltatás, amely a magánéletre, a titkosításra, a biztonságra és az egyszerű használatra helyezi a hangsúlyt. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ A Proton Mail készpénzt is [elfogad](https://proton.me/support/payment-options
#### :material-check:{ .pg-green } Fiók biztonsága
-A Proton Mail támogatja a TOTP [kétfaktoros hitelesítést](https://proton.me/support/two-factor-authentication-2fa) és a FIDO2 vagy U2F szabványokat használó [hardveres biztonsági kulcsokat](https://proton.me/support/2fa-security-key). A hardveres biztonsági kulcs használatához először a TOTP kétfaktoros hitelesítés beállítása szükséges.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Adatbiztonság
@@ -117,7 +117,7 @@ Ha előfizetéssel rendelkezel, de 14 napon túli [fizetetlen számlád](https:/
#### :material-information-outline:{ .pg-blue } További funkciók
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
A Proton Mail nem kínál digitális örökség funkciót.
@@ -127,7 +127,7 @@ A Proton Mail nem kínál digitális örökség funkciót.
{ align=right }
-**A **Mailbox.org** egy olyan e-mail szolgáltatás, amelynek középpontjában a biztonság, a reklámmentesség és a 100%-ban környezetbarát energiával működő, magánhálózatról biztosított energia áll. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**A **Mailbox.org** egy olyan e-mail szolgáltatás, amelynek középpontjában a biztonság, a reklámmentesség és a 100%-ban környezetbarát energiával működő, magánhálózatról biztosított energia áll. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ A Mailbox.org lehetővé teszi a saját domain használatáz, és támogatja a [
#### :material-check:{ .pg-green } Privát fizetési módok
-A Mailbox.org nem fogad el semmilyen kriptovalutát, mivel a fizetési szolgáltatójuk, a BitPay felfüggesztette működését Németországban. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+A Mailbox.org nem fogad el semmilyen kriptovalutát, mivel a fizetési szolgáltatójuk, a BitPay felfüggesztette működését Németországban. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Fiók biztonsága
-A Mailbox.org csak a webmail esetében támogatja a [kétfaktoros hitelesítést](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa). A TOTP vagy a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) a [YubiCloudon](https://yubico.com/products/services-software/yubicloud) keresztül használható. Az olyan webes szabványok, mint a [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn), még nem támogatottak.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. A TOTP vagy a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) a [YubiCloudon](https://yubico.com/products/services-software/yubicloud) keresztül használható. Az olyan webes szabványok, mint a [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn), még nem támogatottak.
#### :material-information-outline:{ .pg-blue } Adatbiztonság
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } További funkciók
-A Mailbox.org fiók a [.onion szolgáltatásuk](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org) segítségével IMAP/SMTP-n keresztül is elérhető. A webmail felületük azonban nem érhető el a .onion szolgáltatásukon keresztül, és előfordulhat, hogy TLS-tanúsítvány hibák jelennek meg.
+A Mailbox.org fiók a [.onion szolgáltatásuk](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org) segítségével IMAP/SMTP-n keresztül is elérhető. However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Minden fiókhoz korlátozott felhőalapú tárhely tartozik, amely [titkosítható](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). A mailbox.org kínálja a [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely) aliast is, amely érvényesíti a TLS titkosítást a levelezőszerverek közötti kapcsolaton, ennek hiányában az üzenet egyáltalán nem lesz elküldve. A Mailbox.org támogatja az [Exchange ActiveSync-et](https://en.wikipedia.org/wiki/Exchange_ActiveSync) is a szabványos hozzáférési protokollok, például az IMAP és a POP3 mellett.
@@ -195,7 +195,7 @@ Ezek a szolgáltatók zéró hozzáférésű titkosítással tárolják az e-mai
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Privát fizetési módok
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Fiók biztonsága
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Adatbiztonság
@@ -297,7 +297,7 @@ Ezeket a funkciókat fontosnak tartjuk a biztonságos és optimális szolgáltat
**Alap Elvárások Minősítéshez:**
- Az email fiókok adatai alapértelmezetten zéró hozzáféréssel legyenek titkosítva.
-- Exportálási képesség [Mbox](https://en.wikipedia.org/wiki/Mbox) vagy egyedi .eml formátumban az [RFC5322](https://datatracker.ietf.org/doc/rfc5322) szabványnak megfelelően.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Lehetővé teszi a felhasználók számára, hogy saját [domainnevüket](https://en.wikipedia.org/wiki/Domain_name) használják. Az egyéni domain nevek azért fontosak a felhasználók számára, mert lehetővé teszik számukra, hogy megőrizzék a függetlenedési képességüket a szolgáltatástól, ha az rosszra fordulna, vagy ha egy másik vállalat felvásárolná, amely nem helyezi előtérbe az adatvédelmet.
- Saját infrastruktúrán működik, azaz nem harmadik féltől származó e-mail szolgáltatóra épül.
diff --git a/i18n/hu/encryption.md b/i18n/hu/encryption.md
index 2bd8f931..5d423945 100644
--- a/i18n/hu/encryption.md
+++ b/i18n/hu/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/hu/file-sharing.md b/i18n/hu/file-sharing.md
index fdc9d7de..eab4c44f 100644
--- a/i18n/hu/file-sharing.md
+++ b/i18n/hu/file-sharing.md
@@ -13,7 +13,7 @@ Fedezd fel, hogyan oszthatod meg fájljaid privát módon készülékek között
## Fájlmegosztás
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/hu/frontends.md b/i18n/hu/frontends.md
index 93a26720..7af0c9ba 100644
--- a/i18n/hu/frontends.md
+++ b/i18n/hu/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/hu/index.md b/i18n/hu/index.md
index a5737ffe..5accd4e6 100644
--- a/i18n/hu/index.md
+++ b/i18n/hu/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. A Proton AG székhelye Genfben, Svájcban található. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/hu/meta/brand.md b/i18n/hu/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/hu/meta/brand.md
+++ b/i18n/hu/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/hu/meta/translations.md b/i18n/hu/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/hu/meta/translations.md
+++ b/i18n/hu/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/hu/meta/uploading-images.md b/i18n/hu/meta/uploading-images.md
index 419c1760..66b2bbd0 100644
--- a/i18n/hu/meta/uploading-images.md
+++ b/i18n/hu/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/hu/meta/writing-style.md b/i18n/hu/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/hu/meta/writing-style.md
+++ b/i18n/hu/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/hu/mobile-browsers.md b/i18n/hu/mobile-browsers.md
index 01fe8879..c403a8d1 100644
--- a/i18n/hu/mobile-browsers.md
+++ b/i18n/hu/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/hu/multi-factor-authentication.md b/i18n/hu/multi-factor-authentication.md
index 7f850422..1cfcaef2 100644
--- a/i18n/hu/multi-factor-authentication.md
+++ b/i18n/hu/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication - Többlépcsős Hitelesítés"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/hu/notebooks.md b/i18n/hu/notebooks.md
index 8e64326f..92ab8e61 100644
--- a/i18n/hu/notebooks.md
+++ b/i18n/hu/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Kövesd nyomon jegyzeteid és naplóid anélkül, hogy harmadik félnek adnád át azokat.
+Keep track of your notes and journals without giving them to a third party.
Ha jelenleg olyan alkalmazást használsz, mint az Evernote, a Google Keep vagy a Microsoft OneNote, javasoljuk, hogy válassz egy olyan alternatívát, amely támogatja az End-to-End titksoítást.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-A **Joplin** egy ingyenes, nyílt forráskódú, teljesen felszerelt jegyzetkezelő és teendő vezető alkalmazás, amely nagyszámú, jegyzetfüzetekbe és címkékbe rendezett markdown jegyzeteket képes kezelni. End-to-End titkosítást kínál, és képes szinkronizálni a Nextcloudon, a Dropboxon és sok máson keresztül is. Evernote és nyílt szöveges jegyzetek egyszerű importálását is lehetővé teszi.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. End-to-End titkosítást kínál, és képes szinkronizálni a Nextcloudon, a Dropboxon és sok máson keresztül is. Evernote és nyílt szöveges jegyzetek egyszerű importálását is lehetővé teszi.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ A **Cryptee** egy nyílt forráskódú, webalapú End-to-End titkosított dokume
-A Cryptee 100MB tárhelyet kínál ingyenesen, fizetős lehetőséggel, ha többre lenne szükség. A regisztrációhoz nincs szükség e-mailre vagy más személyazonosításra alkalmas információra.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. A regisztrációhoz nincs szükség e-mailre vagy más személyazonosításra alkalmas információra.
## Helyi Jegyzetfüzetek
diff --git a/i18n/hu/os/android-overview.md b/i18n/hu/os/android-overview.md
index e82386cd..101c395e 100644
--- a/i18n/hu/os/android-overview.md
+++ b/i18n/hu/os/android-overview.md
@@ -84,7 +84,7 @@ Ha egy alkalmazás többnyire egy webalapú szolgáltatás, a nyomon követés t
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Ez a könyvtár tartalmazza a [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging)-et, amely [push értesítéseket](https://en.wikipedia.org/wiki/Push_technology) tud nyújtani az alkalmazásoknak. Ez [a helyzet](https://fosstodon.org/@bitwarden/109636825700482007) a Bitwardennel is. Ez nem jelenti azt, hogy a Bitwarden a Google Firebase Analytics által biztosított összes elemzési funkciót használja.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Ez a könyvtár tartalmazza a [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging)-et, amely [push értesítéseket](https://en.wikipedia.org/wiki/Push_technology) tud nyújtani az alkalmazásoknak. Ez [a helyzet](https://fosstodon.org/@bitwarden/109636825700482007) a Bitwardennel is. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/hu/os/ios-overview.md b/i18n/hu/os/ios-overview.md
index a62e65b4..ac35c70a 100644
--- a/i18n/hu/os/ios-overview.md
+++ b/i18n/hu/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/hu/os/linux-overview.md b/i18n/hu/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/hu/os/linux-overview.md
+++ b/i18n/hu/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/hu/os/macos-overview.md b/i18n/hu/os/macos-overview.md
index 8e131ddd..df380d2b 100644
--- a/i18n/hu/os/macos-overview.md
+++ b/i18n/hu/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/hu/os/windows/group-policies.md b/i18n/hu/os/windows/group-policies.md
index 4f4bf06b..0daf63fc 100644
--- a/i18n/hu/os/windows/group-policies.md
+++ b/i18n/hu/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/hu/os/windows/index.md b/i18n/hu/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/hu/os/windows/index.md
+++ b/i18n/hu/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/hu/passwords.md b/i18n/hu/passwords.md
index 5c71ebe7..643dc43e 100644
--- a/i18n/hu/passwords.md
+++ b/i18n/hu/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/hu/photo-management.md b/i18n/hu/photo-management.md
index f2ca837f..8e18e5cc 100644
--- a/i18n/hu/photo-management.md
+++ b/i18n/hu/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Ingyenes csomagot vagy próbaidőszakot kell kínálnia a teszteléshez.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Olyan webes felületet kell kínálnia, amely támogat alapvető fájlkezelési funkciókat.
- Lehetővé kell tennie az összes fájl/dokumentum egyszerű exportálását.
- Nyílt forráskódúnak kell lennie.
diff --git a/i18n/hu/real-time-communication.md b/i18n/hu/real-time-communication.md
index 05b6609c..0ce05a25 100644
--- a/i18n/hu/real-time-communication.md
+++ b/i18n/hu/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Követelmények
diff --git a/i18n/hu/router.md b/i18n/hu/router.md
index a8f45981..2997f7c7 100644
--- a/i18n/hu/router.md
+++ b/i18n/hu/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-Az **OpenWrt** egy Linux alapú operációs rendszer; elsősorban beágyazott eszközökön használatos, hálózati forgalom irányítására. Tartalmazza az util-linux, uClibc és BusyBox programokat. Az összes komponens otthoni routerekhez lett optimalizálva.
+Az **OpenWrt** egy Linux alapú operációs rendszer; elsősorban beágyazott eszközökön használatos, hálózati forgalom irányítására. Tartalmazza az util-linux, uClibc és BusyBox programokat. All the components have been optimized for home routers.
[:octicons-home-16: Honlap](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Dokumentáció}
diff --git a/i18n/hu/security-keys.md b/i18n/hu/security-keys.md
index c288dbe4..f1a65933 100644
--- a/i18n/hu/security-keys.md
+++ b/i18n/hu/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/hu/tools.md b/i18n/hu/tools.md
index b08f5076..5328e4bf 100644
--- a/i18n/hu/tools.md
+++ b/i18n/hu/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. A Proton AG székhelye Genfben, Svájcban található. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014 óta működnek. A Mailbox.org székhelye Berlinben, Németországban található. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/hu/tor.md b/i18n/hu/tor.md
index 4cb80c75..f211f46c 100644
--- a/i18n/hu/tor.md
+++ b/i18n/hu/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Néhány ilyen alkalmazás jobb, mint mások, a választás a fenyegetettségi szintedtől függ. Ha alkalmi Tor-felhasználó vagy, és nem aggódsz amiatt, hogy az internetszolgáltatód bizonyítékokat gyűjt rólad, akkor az olyan alkalmazások, mint az [Orbot](#orbot) vagy a mobil böngésző alkalmazások használata a Tor-hálózat eléréséhez valószínűleg rendben van. Az emberek számának növelése, akik mindennaposan használják a Tor-t, segít csökkenteni a Tor rossz hírnevét, és csökkenti az ISP-k (internetszolgáltatók) és kormányok által összeállított "Tor felhasználók listáinak" minőségét.
-Ha a teljes anonimitás a legfontosabb számodra, akkor **csak** az asztali Tor Browser klienst használd, ideális esetben egy [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) konfigurációban. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+Ha a teljes anonimitás a legfontosabb számodra, akkor **csak** az asztali Tor Browser klienst használd, ideális esetben egy [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) konfigurációban. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Böngésző
@@ -114,11 +114,11 @@ Korábban ajánlottuk az *Célcím elszigetelése* beállítás engedélyezésé
Tippek Androidhoz
-Az Orbot képes egyes alkalmazások forgalmát átküldeni egy proxyn, ha azok támogatják a SOCKS vagy a HTTP proxyt. A [VpnService](https://developer.android.com/reference/android/net/VpnService) segítségével az összes hálózati kapcsolatodat proxyként is képes kezelni, és a VPN killswitch segítségével is használható a :gear: **beállítások** → **Hálózat és internet** → **VPN** → :gear: → **VPN nélküli kapcsolatok blokkolása** menüpontban.
+Az Orbot képes egyes alkalmazások forgalmát átküldeni egy proxyn, ha azok támogatják a SOCKS vagy a HTTP proxyt. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Az Orbot gyakran elavult szokott lenni a Guardian Project [F-Droid adattárjában](https://guardianproject.info/fdroid) és a [Google Playen](https://play.google.com/store/apps/details?id=org.torproject.android), ezért érdemes inkább közvetlenül a [GitHub adattárból](https://github.com/guardianproject/orbot/releases) letölteni.
-Minden verzió ugyanazzal az aláírással van aláírva, így kompatibilisnek kell lenniük egymással.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/hu/vpn.md b/i18n/hu/vpn.md
index e9fbf87f..dbb85025 100644
--- a/i18n/hu/vpn.md
+++ b/i18n/hu/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Szolgáltatások"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. A Proton VPN saját szerverekkel és adatközpontokkal rendelkezik Svájcban, Izlandon és Svédországban. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. A Proton VPN saját szerverekkel és adatközpontokkal rendelkezik Svájcban, Izlandon és Svédországban. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Ha szükséged van erre a funkcióra, és Intel chipsettel rendelkező Mac-et használsz, akkor fontold meg egy másik VPN szolgáltatás használatát.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Ha szükséged van erre a funkcióra, és Intel chipsettel rendelkező Mac-et használsz, akkor fontold meg egy másik VPN szolgáltatás használatát.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-A **Mullvad** egy gyors és olcsó VPN, amely komoly hangsúlyt fektet az átláthatóságra és a biztonságra. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+A **Mullvad** egy gyors és olcsó VPN, amely komoly hangsúlyt fektet az átláthatóságra és a biztonságra. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Fontos megjegyezni, hogy egy VPN szolgáltató használata nem teszi téged anon
### Technológia
-Minden általunk ajánlott VPN-szolgáltatótól elvárjuk, hogy biztosítson OpenVPN konfigurációs fájlokat, amelyeket bármilyen kliensben használni lehet. **Ha** egy VPN saját egyedi klienst biztosít, akkor hálózati kapcsolat megszakadásakor az adatszivárgások megakadályozása miatt egy killswitch beépítését várjuk el.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Alap elvárások minősítéshez:**
-- Olyan erős protokollok támogatása, mint a WireGuard és az OpenVPN.
-- Kliensekbe beépített killswitch.
-- Multihop támogatás. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Legjobb Esetben:**
-- Killswitch jól konfigurálható beállításokkal (engedélyezés/tiltás bizonyos hálózatokon, indításkor, stb.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Könnyen használható VPN kliensek
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Elvárjuk, hogy szerverek engedélyezzék az IPv6-on keresztül érkező kapcsolatokat, és lehetővé tegyék IPv6-címeken üzemeltetett szolgáltatások elérését.
- A [távoli port forwardolás](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) képessége segíti a P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) fájlmegosztó szoftverek használatát vagy egy szerver (pl. Mumble) üzemeltetése esetén a kapcsolatok létrehozását.
@@ -316,11 +316,11 @@ Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkeveseb
**Legjobb Esetben:**
- Elfogad több [anonim fizetési lehetőséget](advanced/payments.md).
-- Nem fogad el személyes adatokat (automatikusan generált felhasználónév, nincs szükség email címre, stb.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Adatbiztonság
-Egy VPN értelmetlen, ha még megfelelő biztonságot sem tud nyújtani. Minden általunk ajánlott szolgáltatótól elvárjuk, hogy betartsa az OpenVPN kapcsolataikra vonatkozó jelenlegi biztonsági szabványokat. Ideális esetben alapértelmezés szerint jövőbelátóbb titkosítási sémákat használnának. Azt is elvárjuk, hogy egy független harmadik fél vizsgálja felül a szolgáltató biztonságát, ideális esetben nagyon átfogó módon és ismételten (évente).
+Egy VPN értelmetlen, ha még megfelelő biztonságot sem tud nyújtani. We require all our recommended providers to abide by current security standards. Ideális esetben alapértelmezés szerint jövőbelátóbb titkosítási sémákat használnának. Azt is elvárjuk, hogy egy független harmadik fél vizsgálja felül a szolgáltató biztonságát, ideális esetben nagyon átfogó módon és ismételten (évente).
**Alap elvárások minősítéshez:**
@@ -358,7 +358,7 @@ Az általunk ajánlott VPN-szolgáltatóknál felelős marketinget szeretünk l
**Alap elvárások minősítéshez:**
-- Saját üzemeltetésű analitikai rendszerrel kell rendelkeznie (azaz nem Google Analytics). A szolgáltató webhelyének szintén be kell tartania a [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) kéréseket is, a követést elutasítani kívánó személyek számára.
+- Saját üzemeltetésű analitikai rendszerrel kell rendelkeznie (azaz nem Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Nem használhat felelőtlen marketinget:
diff --git a/i18n/id/about.md b/i18n/id/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/id/about.md
+++ b/i18n/id/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/id/about/contributors.md b/i18n/id/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/id/about/contributors.md
+++ b/i18n/id/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/id/about/criteria.md b/i18n/id/about/criteria.md
index 5a952b4e..8d66e2ab 100644
--- a/i18n/id/about/criteria.md
+++ b/i18n/id/about/criteria.md
@@ -24,7 +24,7 @@ Kami memiliki persyaratan ini terkait dengan pengembang yang ingin mengajukan pr
- Harus mengungkapkan afiliasi, yaitu posisi Anda dalam proyek yang diajukan.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Jika memungkinkan, sebutkan siapa yang akan melakukan audit.
- Harus menjelaskan apa yang dibawa oleh proyek terkait privasi.
diff --git a/i18n/id/about/executive-policy.md b/i18n/id/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/id/about/executive-policy.md
+++ b/i18n/id/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/id/about/notices.md b/i18n/id/about/notices.md
index 2fddd0d0..525af55e 100644
--- a/i18n/id/about/notices.md
+++ b/i18n/id/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Kami percaya bahwa logo dan gambar lain dalam `aset` yang diperoleh dari penyedia pihak ketiga berada dalam domain publik atau **penggunaan wajar**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Namun, logo ini dan gambar lainnya mungkin masih tunduk pada undang-undang merek dagang di satu atau lebih yurisdiksi. Sebelum menggunakan konten ini, pastikan bahwa konten tersebut digunakan untuk mengidentifikasi entitas atau organisasi yang memiliki merek dagang dan bahwa Anda memiliki hak untuk menggunakannya berdasarkan hukum yang berlaku dalam situasi yang Anda inginkan. *Ketika menyalin konten dari situs web ini, Anda bertanggung jawab penuh untuk memastikan bahwa Anda tidak melanggar merek dagang atau hak cipta orang lain.*
+Kami percaya bahwa logo dan gambar lain dalam `aset` yang diperoleh dari penyedia pihak ketiga berada dalam domain publik atau **penggunaan wajar**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Namun, logo ini dan gambar lainnya mungkin masih tunduk pada undang-undang merek dagang di satu atau lebih yurisdiksi. Sebelum menggunakan konten ini, pastikan bahwa konten tersebut digunakan untuk mengidentifikasi entitas atau organisasi yang memiliki merek dagang dan bahwa Anda memiliki hak untuk menggunakannya berdasarkan hukum yang berlaku dalam situasi yang Anda inginkan. *Ketika menyalin konten dari situs web ini, Anda bertanggung jawab penuh untuk memastikan bahwa Anda tidak melanggar merek dagang atau hak cipta orang lain.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/id/about/privacytools.md b/i18n/id/about/privacytools.md
index 57eca468..13a9e5cc 100644
--- a/i18n/id/about/privacytools.md
+++ b/i18n/id/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Kontrol dari r/privacytoolsIO
-Bersamaan dengan masalah situs web yang sedang berlangsung di privacytools.io, tim moderasi r/privacytoolsIO menghadapi tantangan dalam mengelola subreddit. Subreddit selalu dioperasikan secara independen dari pengembangan situs web, tetapi BurungHantu adalah moderator utama dari subreddit tersebut, dan dia adalah satu-satunya moderator yang diberikan hak istimewa "Kendali Penuh". u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit mengharuskan subreddit memiliki moderator yang aktif. Jika moderator utama tidak aktif dalam jangka waktu yang lama (seperti satu tahun), posisi moderator utama dapat ditunjuk kembali ke moderator berikutnya. Agar permintaan ini dikabulkan, BurungHantu harus benar-benar absen dari semua aktivitas Reddit untuk jangka waktu yang lama, yang konsisten dengan perilakunya di platform lain.
+Reddit requires that Subreddits have active moderators. Jika moderator utama tidak aktif dalam jangka waktu yang lama (seperti satu tahun), posisi moderator utama dapat ditunjuk kembali ke moderator berikutnya. Agar permintaan ini dikabulkan, BurungHantu harus benar-benar absen dari semua aktivitas Reddit untuk jangka waktu yang lama, yang konsisten dengan perilakunya di platform lain.
> Jika Anda dihapus sebagai moderator dari subreddit melalui permintaan Reddit, itu karena kurangnya tanggapan dan kurangnya aktivitas Anda memenuhi syarat subreddit untuk transfer r/redditrequest.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Mengarsipkan kode sumber di GitHub untuk melestarikan pekerjaan masa lalu dan pelacak masalah kami, yang terus kami gunakan selama berbulan-bulan pengembangan dari situs ini di masa depan.
-- Mengirim pengumuman ke subreddit kami dan berbagai komunitas lain yang menginformasikan orang-orang tentang perubahan resmi.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Secara resmi menutup layanan privacytools.io, seperti Matrix dan Mastodon, dan mendorong pengguna lama untuk bermigrasi sesegera mungkin.
Segala sesuatunya tampak berjalan dengan lancar, dan sebagian besar komunitas aktif kami beralih ke proyek baru kami persis seperti yang kami harapkan.
@@ -66,11 +66,11 @@ Kira-kira seminggu setelah transisi, BurungHantu kembali daring untuk pertama ka
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Kami mewajibkan dan meminta supaya subdomain untuk Matrix, Mastodon, dan PeerTube tetap aktif agar kami dapat menjalankan layanan publik kepada komunitas kami setidaknya selama beberapa bulan, agar pengguna di platform tersebut dapat dengan mudah bermigrasi ke akun lain. Karena sifat federasi dari layanan yang kami sediakan, layanan ini terikat pada nama domain tertentu sehingga sangat sulit untuk dimigrasikan (dan dalam beberapa kasus tidak mungkin).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Setelah itu, BurungHantu membuat tuduhan palsu tentang Jonah mencuri sumbangan dari proyek tersebut. BurungHantu memiliki waktu lebih dari setahun sejak insiden yang dituduhkan terjadi, namun dia tidak pernah membuat siapa pun menyadarinya sampai setelah migrasi Privacy Guides. BurungHantu telah berulang kali diminta untuk memberikan bukti dan memberikan komentar mengenai alasan kebungkamannya oleh tim [dan komunitas](https://twitter.com/TommyTran732/status/1526153536962281474), namun belum memberikannya.
-BurungHantu juga membuat [kiriman Twitter](https://twitter.com/privacytoolsIO/status/1510560676967710728) yang menuduh bahwa seorang "pengacara" telah menghubunginya di Twitter dan memberikan nasihat, dalam upaya lain untuk menggertak kami agar memberikannya kendali atas subreddit kami, dan sebagai bagian dari kampanye kotornya untuk mengotori air di sekitar peluncuran Privacy Guides sambil berpura-pura menjadi korban.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Sekarang
@@ -80,7 +80,7 @@ Pada tanggal 25 September 2022, kami melihat keseluruhan rencana BurungHantu ter
## r/privacytoolsIO Sekarang
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] Pertumbuhan Sub ini adalah hasil dari upaya besar, selama beberapa tahun, oleh tim PrivacyGuides.org. Dan oleh Anda semua.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddit bukan milik siapa pun, dan terutama bukan milik pemegang merek. Mereka adalah bagian dari komunitas mereka, dan komunitas serta para moderatornya membuat keputusan untuk mendukung perpindahan ke r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Pembalasan dari moderator mana pun sehubungan dengan permintaan penghapusan tidak diperbolehkan.
-Untuk sebuah komunitas dengan ribuan pelanggan yang tersisa, kami merasa bahwa akan sangat tidak sopan untuk mengembalikan kendali platform besar tersebut kepada orang yang meninggalkannya selama lebih dari satu tahun, dan yang sekarang mengoperasikan situs web yang menurut kami memberikan informasi yang sangat berkualitas rendah. Melestarikan diskusi-diskusi masa lalu di komunitas tersebut lebih penting bagi kami, dan oleh karena itu u/trai_dep dan tim moderator subreddit lainnya telah membuat keputusan untuk mempertahankan r/privacytoolsIO apa adanya.
+Untuk sebuah komunitas dengan ribuan pelanggan yang tersisa, kami merasa bahwa akan sangat tidak sopan untuk mengembalikan kendali platform besar tersebut kepada orang yang meninggalkannya selama lebih dari satu tahun, dan yang sekarang mengoperasikan situs web yang menurut kami memberikan informasi yang sangat berkualitas rendah. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Sekarang
diff --git a/i18n/id/about/statistics.md b/i18n/id/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/id/about/statistics.md
+++ b/i18n/id/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/id/advanced/communication-network-types.md b/i18n/id/advanced/communication-network-types.md
index 279fc903..3370a8f0 100644
--- a/i18n/id/advanced/communication-network-types.md
+++ b/i18n/id/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Ketika dihosting sendiri, anggota server federasi dapat menemukan dan berkomunik
- Memungkinkan kontrol yang lebih besar atas data Anda saat menjalankan server Anda sendiri.
- Memungkinkan Anda untuk memilih kepada siapa Anda akan memercayakan data Anda dengan memilih di antara beberapa server "publik".
- Sering kali memungkinkan klien pihak ketiga yang dapat memberikan pengalaman yang lebih asli, disesuaikan, atau dapat diakses.
-- Perangkat lunak server dapat diverifikasi bahwa itu cocok dengan kode sumber publik, dengan asumsi Anda memiliki akses ke server atau Anda mempercayai orang yang memilikinya (misalnya, anggota keluarga).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Kekurangan:**
@@ -60,7 +60,7 @@ Ketika dihosting sendiri, anggota server federasi dapat menemukan dan berkomunik
Perpesanan P2P terhubung ke [jaringan node yang terdistribusi](https://en.wikipedia.org/wiki/Distributed_networking) untuk menyampaikan pesan ke penerima tanpa server pihak ketiga.
-Klien (peer) biasanya menemukan satu sama lain melalui penggunaan jaringan [komputasi terdistribusi](https://id.wikipedia.org/wiki/Komputasi_terdistribusi). Contohnya antara lain [Tabel Hash Terdistribusi](https://id.wikipedia.org/wiki/Tabel_Hash_Terdistribusi) (DHT), yang digunakan oleh [torrent](https://id.wikipedia.org/wiki/BitTorrent) dan [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) sebagai contoh. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Klien (peer) biasanya menemukan satu sama lain melalui penggunaan jaringan [komputasi terdistribusi](https://id.wikipedia.org/wiki/Komputasi_terdistribusi). Contohnya antara lain [Tabel Hash Terdistribusi](https://id.wikipedia.org/wiki/Tabel_Hash_Terdistribusi) (DHT), yang digunakan oleh [torrent](https://id.wikipedia.org/wiki/BitTorrent) dan [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) sebagai contoh. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Setelah peer menemukan rute ke kontaknya melalui salah satu metode ini, koneksi langsung di antara mereka dibuat. Meskipun pesan biasanya dienkripsi, seorang pengamat masih dapat menyimpulkan lokasi dan identitas pengirim dan penerima.
@@ -85,9 +85,9 @@ Jaringan P2P tidak menggunakan server, karena rekan-rekan berkomunikasi secara l
Pengirim pesan yang menggunakan [perutean anonim](https://doi.org/10.1007/978-1-4419-5906-5_628) menyembunyikan identitas pengirim, penerima, atau bukti bahwa mereka telah berkomunikasi. Secara ideal, sebuah perpesanan seharusnya menyembunyikan ketiganya.
-Ada [banyak](https://doi.org/10.1145/3182658) cara yang berbeda untuk menerapkan perutean anonim. Salah satu yang paling terkenal adalah [perutean bawang](https://en.wikipedia.org/wiki/Onion_routing) (yaitu [Tor](tor-overview.md)), yang mengkomunikasikan pesan terenkripsi melalui jaringan hamparan [virtual](https://en.wikipedia.org/wiki/Overlay_network) yang menyembunyikan lokasi setiap node serta penerima dan pengirim setiap pesan. Pengirim dan penerima tidak pernah berinteraksi secara langsung dan hanya bertemu melalui simpul pertemuan rahasia sehingga tidak ada kebocoran alamat IP atau lokasi fisik. Node tidak dapat mendekripsi pesan, atau tujuan akhir; hanya penerima yang dapat melakukannya. Setiap node perantara hanya dapat mendekripsi bagian yang menunjukkan ke mana harus mengirim pesan yang masih terenkripsi berikutnya, sampai pesan tersebut tiba di penerima yang dapat mendekripsi sepenuhnya, oleh karena itu disebut sebagai "lapisan bawang."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Salah satu yang paling terkenal adalah [perutean bawang](https://en.wikipedia.org/wiki/Onion_routing) (yaitu [Tor](tor-overview.md)), yang mengkomunikasikan pesan terenkripsi melalui jaringan hamparan [virtual](https://en.wikipedia.org/wiki/Overlay_network) yang menyembunyikan lokasi setiap node serta penerima dan pengirim setiap pesan. Pengirim dan penerima tidak pernah berinteraksi secara langsung dan hanya bertemu melalui simpul pertemuan rahasia sehingga tidak ada kebocoran alamat IP atau lokasi fisik. Node tidak dapat mendekripsi pesan, atau tujuan akhir; hanya penerima yang dapat melakukannya. Setiap node perantara hanya dapat mendekripsi bagian yang menunjukkan ke mana harus mengirim pesan yang masih terenkripsi berikutnya, sampai pesan tersebut tiba di penerima yang dapat mendekripsi sepenuhnya, oleh karena itu disebut sebagai "lapisan bawang."
-Melayani sebuah node secara sendiri dalam jaringan perutean anonim tidak memberikan manfaat privasi tambahan kepada penyedia, tetapi berkontribusi pada ketahanan seluruh jaringan terhadap serangan identifikasi untuk keuntungan semua orang.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Keuntungan:**
diff --git a/i18n/id/advanced/dns-overview.md b/i18n/id/advanced/dns-overview.md
index 134f7d20..9927f63f 100644
--- a/i18n/id/advanced/dns-overview.md
+++ b/i18n/id/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Sistem Nama Domain adalah "buku telepon internet," yang membantu peramban Anda menemukan situs web yang dicari.
---
-[Sistem Penamaan Domain (DNS)](https://id.wikipedia.org/wiki/Sistem_Penamaan_Domain) adalah 'buku telepon internet'. DNS menerjemahkan nama domain ke alamat IP sehingga peramban dan layanan lain dapat memuat sumber daya internet, melalui jaringan server yang terdesentralisasi.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS menerjemahkan nama domain ke alamat IP sehingga peramban dan layanan lain dapat memuat sumber daya internet, melalui jaringan server yang terdesentralisasi.
## Apa itu DNS?
@@ -24,7 +24,7 @@ Di bawah ini, kami mendiskusikan dan menyediakan tutorial untuk membuktikan apa
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Di bawah ini, kami mendiskusikan dan menyediakan tutorial untuk membuktikan apa
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://id.wikipedia.org/wiki/DNSCrypt) adalah salah satu metode pertama untuk mengenkripsi permintaan DNS. DNSCrypt beroperasi pada porta 443 dan bekerja dengan protokol transportasi TCP atau UDP. DNSCrypt belum pernah diajukan ke [Internet Engineering Task Force (IETF)](https://id.wikipedia.org/wiki/Internet_Engineering_Task_Force) dan juga tidak melalui proses [Request for Comments (RFC)](https://id.wikipedia.org/wiki/Request_for_Comments), sehingga belum digunakan secara luas di luar beberapa [penerapan](https://dnscrypt.info/implementations). Sebagai hasilnya, sebagian besar telah digantikan oleh [DNS melalui HTTPS](#dns-melalui-https-doh) yang lebih populer.
+[**DNSCrypt**](https://id.wikipedia.org/wiki/DNSCrypt) adalah salah satu metode pertama untuk mengenkripsi permintaan DNS. DNSCrypt beroperasi pada porta 443 dan bekerja dengan protokol transportasi TCP atau UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Sebagai hasilnya, sebagian besar telah digantikan oleh [DNS melalui HTTPS](#dns-melalui-https-doh) yang lebih populer.
### DNS melalui TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ grafik TB
ispDNS --> | Tidak | tidakAda(Tidak lakukan apa pun)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/id/advanced/tor-overview.md b/i18n/id/advanced/tor-overview.md
index 3e6fd786..1c89c3d8 100644
--- a/i18n/id/advanced/tor-overview.md
+++ b/i18n/id/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/id/ai-chat.md b/i18n/id/ai-chat.md
index ce7d8bdb..fbb8bddd 100644
--- a/i18n/id/ai-chat.md
+++ b/i18n/id/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Kriteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Kasus Terbaik
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Rekomendasi kami mungkin tidak menyertakan salah satu atau semua fungsi ini, tetapi rekomendasi yang menyertakan fungsi ini mungkin memiliki peringkat yang lebih tinggi daripada yang lain di halaman ini.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/id/alternative-networks.md b/i18n/id/alternative-networks.md
index a3ebda7c..fb05b7b2 100644
--- a/i18n/id/alternative-networks.md
+++ b/i18n/id/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/id/android/general-apps.md b/i18n/id/android/general-apps.md
index d91f99e8..800aa3a9 100644
--- a/i18n/id/android/general-apps.md
+++ b/i18n/id/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/id/basics/account-creation.md b/i18n/id/basics/account-creation.md
index 2540a7b7..52cc0357 100644
--- a/i18n/id/basics/account-creation.md
+++ b/i18n/id/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Seringkali orang mendaftar untuk layanan tanpa berpikir. Mungkin itu adalah layanan streaming sehingga Anda dapat menonton acara baru yang dibicarakan semua orang, atau akun yang memberi Anda diskon untuk tempat makanan cepat saji favorit Anda. Apa pun masalahnya, Anda harus mempertimbangkan implikasi untuk data Anda sekarang dan di kemudian hari.
+Seringkali orang mendaftar untuk layanan tanpa berpikir. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Apa pun masalahnya, Anda harus mempertimbangkan implikasi untuk data Anda sekarang dan di kemudian hari.
Ada risiko yang terkait dengan setiap layanan baru yang Anda gunakan. Pelanggaran data; pengungkapan informasi pelanggan kepada pihak ketiga; karyawan nakal yang mengakses data; semuanya adalah kemungkinan yang harus dipertimbangkan ketika memberikan informasi Anda. Anda harus yakin bahwa Anda bisa mempercayai layanan ini, itulah sebabnya kami tidak menyarankan untuk menyimpan data berharga pada apa pun kecuali pada produk yang paling matang dan telah teruji. Hal ini biasanya berarti layanan yang menyediakan E2EE dan telah menjalani audit kriptografi. Audit meningkatkan jaminan bahwa produk dirancang tanpa masalah keamanan mencolok yang disebabkan oleh pengembang yang tidak berpengalaman.
@@ -13,11 +13,11 @@ Mungkin juga sulit untuk menghapus akun pada beberapa layanan. Terkadang [menimp
## Ketentuan Layanan & Kebijakan Privasi
-ToS adalah peraturan yang Anda setujui untuk diikuti saat menggunakan layanan. Pada layanan yang lebih besar aturan-aturan ini sering kali ditegakkan oleh sistem otomatis. Terkadang sistem otomatis ini bisa membuat kesalahan. Sebagai contoh, Anda mungkin diblokir atau dikunci dari akun Anda pada beberapa layanan karena menggunakan nomor VPN atau VOIP. Mengajukan banding atas larangan semacam itu sering kali sulit, dan melibatkan proses otomatis juga, yang tidak selalu berhasil. Ini akan menjadi salah satu alasan mengapa kami tidak menyarankan menggunakan Gmail untuk email sebagai contoh. Email sangat penting untuk akses ke layanan lain yang mungkin telah Anda daftarkan.
+ToS adalah peraturan yang Anda setujui untuk diikuti saat menggunakan layanan. Pada layanan yang lebih besar aturan-aturan ini sering kali ditegakkan oleh sistem otomatis. Terkadang sistem otomatis ini bisa membuat kesalahan. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Mengajukan banding atas larangan semacam itu sering kali sulit, dan melibatkan proses otomatis juga, yang tidak selalu berhasil. Ini akan menjadi salah satu alasan mengapa kami tidak menyarankan menggunakan Gmail untuk email sebagai contoh. Email sangat penting untuk akses ke layanan lain yang mungkin telah Anda daftarkan.
-Kebijakan Privasi adalah bagaimana layanan mengatakan bahwa mereka akan menggunakan data Anda dan perlu dibaca agar Anda memahami bagaimana data Anda akan digunakan. Perusahaan atau organisasi mungkin tidak diwajibkan secara hukum untuk mengikuti semua yang tercantum dalam kebijakan (tergantung pada yurisdiksi). Kami sarankan Anda mengetahui undang-undang setempat dan apa yang diizinkan oleh penyedia layanan untuk dikumpulkan.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Perusahaan atau organisasi mungkin tidak diwajibkan secara hukum untuk mengikuti semua yang tercantum dalam kebijakan (tergantung pada yurisdiksi). Kami sarankan Anda mengetahui undang-undang setempat dan apa yang diizinkan oleh penyedia layanan untuk dikumpulkan.
-Sebaiknya cari istilah-istilah tertentu seperti "pengumpulan data", "analisis data", "cookie", "iklan", atau layanan "pihak ketiga". Kadang-kadang Anda dapat memilih untuk tidak ikut serta dalam pengumpulan data atau membagikan data Anda, tetapi yang terbaik adalah memilih layanan yang menghormati privasi Anda sejak awal.
+Sebaiknya cari istilah-istilah tertentu seperti "pengumpulan data", "analisis data", "cookie", "iklan", atau layanan "pihak ketiga". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Ingatlah bahwa Anda juga menaruh kepercayaan pada perusahaan atau organisasi tersebut dan bahwa mereka akan mematuhi kebijakan privasi mereka sendiri.
@@ -42,7 +42,7 @@ Anda akan bertanggung jawab untuk mengelola kredensial login Anda. Untuk keamana
#### Alias surel
-Jika Anda tidak ingin memberikan alamat surel asli Anda ke layanan, Anda memiliki opsi untuk menggunakan alias. Kami menjelaskannya secara lebih rinci di halaman rekomendasi layanan surel kami. Pada dasarnya, layanan alias memungkinkan Anda untuk membuat alamat surel baru yang meneruskan semua surel ke alamat utama Anda. Hal ini dapat membantu mencegah pelacakan di seluruh layanan dan membantu Anda mengelola surel pemasaran yang terkadang menyertai proses pendaftaran. Semua itu dapat disaring secara otomatis berdasarkan alias yang dikirim.
+Jika Anda tidak ingin memberikan alamat surel asli Anda ke layanan, Anda memiliki opsi untuk menggunakan alias. Kami menjelaskannya secara lebih rinci di halaman rekomendasi layanan surel kami. Pada dasarnya, layanan alias memungkinkan Anda untuk membuat alamat surel baru yang meneruskan semua surel ke alamat utama Anda. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Semua itu dapat disaring secara otomatis berdasarkan alias yang dikirim.
Jika layanan diretas, Anda mungkin akan mulai menerima surel phishing atau spam ke alamat yang Anda gunakan untuk mendaftar. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
Kami sarankan untuk menghindari layanan yang memerlukan nomor telepon untuk mendaftar. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Anda harus menghindari memberikan nomor telepon asli Anda jika Anda bisa. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+Anda harus menghindari memberikan nomor telepon asli Anda jika Anda bisa. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
Dalam banyak kasus, Anda perlu memberikan nomor yang dapat digunakan untuk menerima SMS atau telepon, terutama saat berbelanja internasional, untuk berjaga-jaga jika terjadi masalah dengan pesanan Anda saat pemeriksaan di perbatasan. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/id/basics/account-deletion.md b/i18n/id/basics/account-deletion.md
index f40ab1ac..056f32d8 100644
--- a/i18n/id/basics/account-deletion.md
+++ b/i18n/id/basics/account-deletion.md
@@ -27,7 +27,7 @@ Platform desktop juga sering kali memiliki pengelola kata sandi yang dapat memba
### Email
-Jika Anda tidak menggunakan pengelola kata sandi di masa lalu atau Anda merasa memiliki akun yang tidak pernah ditambahkan ke pengelola kata sandi Anda, opsi lainnya adalah mencari akun email yang Anda yakini telah Anda daftarkan. Pada klien email Anda, cari kata kunci seperti "verifikasi" atau "selamat datang". Hampir setiap kali Anda membuat akun daring, layanan akan mengirim tautan verifikasi atau pesan pengantar ke email Anda. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. Pada klien email Anda, cari kata kunci seperti "verifikasi" atau "selamat datang". Hampir setiap kali Anda membuat akun daring, layanan akan mengirim tautan verifikasi atau pesan pengantar ke email Anda. This can be a good way to find old, forgotten accounts.
## Menghapus Akun Lama
@@ -39,7 +39,7 @@ Ketika mencoba untuk mendapatkan kembali akses, jika situs mengembalikan pesan k
### GDPR (hanya untuk penduduk EEA)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Jika itu berlaku untuk Anda, baca kebijakan privasi untuk setiap layanan yang diberikan untuk menemukan informasi tentang cara menggunakan hak Anda untuk menghapus. Membaca kebijakan privasi terbukti penting, karena beberapa layanan memiliki opsi "Hapus Akun" yang hanya menonaktifkan akun Anda dan untuk penghapusan yang sebenarnya Anda harus mengambil tindakan tambahan. Terkadang penghapusan yang sebenarnya mungkin melibatkan pengisian survei, mengirim email ke petugas perlindungan data layanan atau bahkan membuktikan tempat tinggal Anda di EEA. Jika Anda berencana untuk menggunakan cara ini,**jangan** menimpa informasi akun - identitas Anda sebagai penduduk EEA mungkin diperlukan. Perhatikan bahwa lokasi layanan tidak masalah; GDPR berlaku untuk siapa pun yang melayani pengguna Eropa. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Jika itu berlaku untuk Anda, baca kebijakan privasi untuk setiap layanan yang diberikan untuk menemukan informasi tentang cara menggunakan hak Anda untuk menghapus. Membaca kebijakan privasi terbukti penting, karena beberapa layanan memiliki opsi "Hapus Akun" yang hanya menonaktifkan akun Anda dan untuk penghapusan yang sebenarnya Anda harus mengambil tindakan tambahan. Terkadang penghapusan yang sebenarnya mungkin melibatkan pengisian survei, mengirim email ke petugas perlindungan data layanan atau bahkan membuktikan tempat tinggal Anda di EEA. Jika Anda berencana untuk menggunakan cara ini,**jangan** menimpa informasi akun - identitas Anda sebagai penduduk EEA mungkin diperlukan. Perhatikan bahwa lokasi layanan tidak masalah; GDPR berlaku untuk siapa pun yang melayani pengguna Eropa. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/id/basics/common-misconceptions.md b/i18n/id/basics/common-misconceptions.md
index 45c03fbc..9335adf6 100644
--- a/i18n/id/basics/common-misconceptions.md
+++ b/i18n/id/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Kebijakan privasi dan praktik bisnis penyedia yang Anda pilih sangat penting, te
## "Rumit itu lebih baik"
-Kami sering melihat orang menggambarkan model ancaman privasi yang terlalu rumit. Sering kali, solusi ini mencakup masalah seperti banyak akun email yang berbeda atau pengaturan yang rumit dengan banyak bagian dan kondisi yang bergerak. Balasan biasanya berupa jawaban atas pertanyaan "Apa cara terbaik untuk melakukan *X*?"
+Kami sering melihat orang menggambarkan model ancaman privasi yang terlalu rumit. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Balasan biasanya berupa jawaban atas pertanyaan "Apa cara terbaik untuk melakukan *X*?"
Menemukan solusi "terbaik" untuk diri Anda sendiri tidak selalu berarti Anda mencari solusi yang sempurna dengan lusinan kondisi—solusi ini sering kali sulit untuk diterapkan secara realistis. Seperti yang telah kami bahas sebelumnya, keamanan sering kali mengorbankan kenyamanan. Di bawah ini, kami memberikan beberapa kiat:
1. ==Tindakan harus memiliki tujuan tertentu:== Pikirkan tentang cara melakukan apa yang Anda inginkan dengan tindakan yang paling sedikit.
2. ==Menghilangkan titik-titik kegagalan manusia:== Kita gagal, lelah, dan melupakan hal-hal. Untuk menjaga keamanan, hindari mengandalkan kondisi dan proses manual yang harus Anda ingat.
-3. ==Gunakan tingkat perlindungan yang tepat untuk apa yang Anda inginkan.== Kami sering melihat rekomendasi yang disebut sebagai solusi penegakan hukum atau solusi antisomasi. Hal ini sering kali membutuhkan pengetahuan khusus dan umumnya tidak sesuai dengan keinginan banyak orang. Tidak ada gunanya membangun model ancaman yang rumit untuk anonimitas jika Anda dapat dengan mudah dibocorkan identitasnya hanya karena sebuah kesalahan.
+3. ==Gunakan tingkat perlindungan yang tepat untuk apa yang Anda inginkan.== Kami sering melihat rekomendasi yang disebut sebagai solusi penegakan hukum atau solusi antisomasi. Hal ini sering kali membutuhkan pengetahuan khusus dan umumnya tidak sesuai dengan keinginan banyak orang. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Jadi, bagaimana ini terlihat?
@@ -94,4 +94,4 @@ Salah satu model ancaman yang paling jelas adalah model di mana orang *tahu siap
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/id/basics/common-threats.md b/i18n/id/basics/common-threats.md
index 07feb351..ae1c6bb4 100644
--- a/i18n/id/basics/common-threats.md
+++ b/i18n/id/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Model ancaman Anda bersifat pribadi bagi Anda, tetapi ini adalah beberapa hal yang dipedulikan oleh banyak pengunjung situs ini.
---
-Secara garis besar, kami mengkategorikan rekomendasi kami ke dalam [ancaman](threat-modeling.md) atau tujuan yang berlaku untuk kebanyakan orang. ==Anda mungkin tidak peduli dengan tidak ada, satu, beberapa, atau semua kemungkinan ini==, dan alat dan layanan yang Anda gunakan tergantung pada tujuan Anda. Anda mungkin juga memiliki ancaman khusus di luar kategori ini, dan itu tidak masalah! Bagian yang penting adalah mengembangkan pemahaman tentang manfaat dan kekurangan alat yang Anda pilih untuk digunakan, karena hampir tidak ada satu pun yang akan melindungi Anda dari setiap ancaman.
+Secara garis besar, kami mengkategorikan rekomendasi kami ke dalam [ancaman](threat-modeling.md) atau tujuan yang berlaku untuk kebanyakan orang. ==Anda mungkin tidak peduli dengan tidak ada, satu, beberapa, atau semua kemungkinan ini==, dan alat dan layanan yang Anda gunakan tergantung pada tujuan Anda. You may have specific threats outside these categories as well, which is perfectly fine! Bagian yang penting adalah mengembangkan pemahaman tentang manfaat dan kekurangan alat yang Anda pilih untuk digunakan, karena hampir tidak ada satu pun yang akan melindungi Anda dari setiap ancaman.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Untuk meminimalkan kerusakan *yang dapat* dilakukan oleh perangkat lunak berbaha
Sistem operasi seluler umumnya memiliki kotak pasir aplikasi yang lebih baik daripada sistem operasi desktop: Aplikasi tidak dapat memperoleh akses akar, dan memerlukan izin untuk mengakses sumber daya sistem.
-Sistem operasi desktop umumnya tertinggal dalam hal kotak pasir yang tepat. ChromeOS memiliki kemampuan kotak pasir yang mirip dengan Android, dan macOS memiliki kontrol izin sistem penuh (dan pengembang dapat memilih untuk ikut serta dalam kotak pasir untuk aplikasi). Namun demikian, sistem operasi ini mengirimkan informasi identifikasi ke OEM masing-masing. Linux cenderung tidak menyerahkan informasi kepada vendor sistem, tetapi memiliki perlindungan yang buruk terhadap eksploitasi dan aplikasi jahat. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Sistem operasi desktop umumnya tertinggal dalam hal kotak pasir yang tepat. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Namun demikian, sistem operasi ini mengirimkan informasi identifikasi ke OEM masing-masing. Linux cenderung tidak menyerahkan informasi kepada vendor sistem, tetapi memiliki perlindungan yang buruk terhadap eksploitasi dan aplikasi jahat. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Oleh karena itu, Anda seharusnya menggunakan aplikasi asli daripada klien web bi
-Bahkan dengan E2EE, penyedia layanan masih bisa membuat profil Anda berdasarkan **metadata**, yang biasanya tidak dilindungi. Meskipun penyedia layanan tidak dapat membaca pesan Anda, mereka masih dapat mengamati hal-hal penting, seperti siapa yang Anda ajak bicara, seberapa sering Anda mengirim pesan kepada mereka, dan kapan Anda biasanya aktif. Perlindungan metadata cukup jarang dilakukan, dan—jika ada dalam [model ancaman](threat-modeling.md)—Anda harus memperhatikan dengan seksama dokumentasi teknis perangkat lunak yang Anda gunakan untuk mengetahui apakah ada minimalisasi atau perlindungan metadata sama sekali.
+Bahkan dengan E2EE, penyedia layanan masih bisa membuat profil Anda berdasarkan **metadata**, yang biasanya tidak dilindungi. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Perlindungan metadata cukup jarang dilakukan, dan—jika ada dalam [model ancaman](threat-modeling.md)—Anda harus memperhatikan dengan seksama dokumentasi teknis perangkat lunak yang Anda gunakan untuk mengetahui apakah ada minimalisasi atau perlindungan metadata sama sekali.
## Program Pengawasan Massal
@@ -156,7 +156,7 @@ Pengawasan massal adalah upaya yang rumit untuk memantau "perilaku, berbagai akt
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
Bagi banyak orang, pelacakan dan pengawasan oleh perusahaan swasta merupakan masalah yang terus meningkat. Jaringan iklan yang tersebar luas, seperti yang dioperasikan oleh Google dan Facebook, menjangkau internet jauh lebih dari sekadar situs yang mereka kendalikan, melacak tindakan Anda di sepanjang jalan. Menggunakan alat seperti pemblokir konten untuk membatasi permintaan jaringan ke server mereka, dan membaca kebijakan privasi layanan yang Anda gunakan bisa membantu Anda menghindari banyak musuh dasar (meskipun tidak bisa sepenuhnya mencegah pelacakan).[^4]
-Selain itu, bahkan perusahaan di luar *AdTech* atau industri pelacakan dapat membagikan informasi Anda dengan [pialang data](https://en.wikipedia.org/wiki/Information_broker) (seperti Cambridge Analytica, Experian, atau Datalogix) atau pihak lain. Anda tidak bisa secara otomatis berasumsi bahwa data Anda aman hanya karena layanan yang Anda gunakan tidak termasuk dalam model bisnis AdTech atau pelacakan pada umumnya. Perlindungan terkuat terhadap pengumpulan data perusahaan adalah dengan mengenkripsi atau mengaburkan data Anda jika memungkinkan, sehingga menyulitkan penyedia layanan yang berbeda untuk menghubungkan data satu sama lain dan membuat profil Anda.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Anda tidak bisa secara otomatis berasumsi bahwa data Anda aman hanya karena layanan yang Anda gunakan tidak termasuk dalam model bisnis AdTech atau pelacakan pada umumnya. Perlindungan terkuat terhadap pengumpulan data perusahaan adalah dengan mengenkripsi atau mengaburkan data Anda jika memungkinkan, sehingga menyulitkan penyedia layanan yang berbeda untuk menghubungkan data satu sama lain dan membuat profil Anda.
## Membatasi Informasi Publik
diff --git a/i18n/id/basics/email-security.md b/i18n/id/basics/email-security.md
index e5c7599a..1ff06729 100644
--- a/i18n/id/basics/email-security.md
+++ b/i18n/id/basics/email-security.md
@@ -29,13 +29,13 @@ Jika Anda menggunakan domain bersama dari penyedia yang tidak mendukung WKD, sep
### Klien Email Apa yang Mendukung E2EE?
-Penyedia email yang memungkinkan Anda menggunakan protokol akses standar seperti IMAP dan SMTP dapat digunakan dengan salah satu klien email [yang kami rekomendasikan](../email-clients.md). Tergantung pada metode otentikasi, ini dapat menyebabkan penurunan keamanan jika baik penyedia atau klien email tidak mendukung SUMPAH atau aplikasi jembatan sebagai [otentikasi multi-faktor](multi-factor-authentication.md) tidak mungkin dengan otentikasi kata sandi biasa.
+Penyedia email yang memungkinkan Anda menggunakan protokol akses standar seperti IMAP dan SMTP dapat digunakan dengan salah satu klien email [yang kami rekomendasikan](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Bagaimana Cara Melindungi Kunci Pribadi Saya?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Pesan tersebut kemudian didekripsi oleh smartcard dan konten yang telah didekripsi dikirim kembali ke perangkat.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Terjadinya proses dekripsi di kartu pintar begitu menguntungkan karena hal tersebut berfungsi untuk menghindari kemungkinan mengekspos kunci pribadi Anda ke perangkat yang telah tersusupi.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Metadata email dilindungi dari pengamat luar dengan [Opportunistic TLS](https://
### Mengapa Metadata tidak bisa menjadi E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE pada awalnya tidak dibangun ke dalam protokol email, melainkan membutuhkan perangkat lunak tambahan seperti OpenPGP. Karena pesan OpenPGP masih harus bekerja dengan penyedia email tradisional, ia tidak dapat mengenkripsi metadata email, hanya isi pesan itu sendiri. Itu berarti bahwa bahkan ketika menggunakan OpenPGP, pengamat luar dapat melihat banyak informasi tentang pesan Anda, seperti siapa yang Anda kirimi email, baris subjek, ketika Anda mengirim email, dll.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE pada awalnya tidak dibangun ke dalam protokol email, melainkan membutuhkan perangkat lunak tambahan seperti OpenPGP. Karena pesan OpenPGP masih harus bekerja dengan penyedia email tradisional, ia tidak dapat mengenkripsi metadata email, hanya isi pesan itu sendiri. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/id/basics/hardware.md b/i18n/id/basics/hardware.md
index 8929718e..124ef1db 100644
--- a/i18n/id/basics/hardware.md
+++ b/i18n/id/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/id/basics/multi-factor-authentication.md b/i18n/id/basics/multi-factor-authentication.md
index 6ee122e9..0de511c2 100644
--- a/i18n/id/basics/multi-factor-authentication.md
+++ b/i18n/id/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Autentikasi Multifaktor"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA adalah mekanisme keamanan penting untuk mengamankan akun daring Anda, tetapi beberapa metode lebih kuat daripada yang lain.
---
-**Autentikasi Multifaktor** (**Multi-Factor Authentication; MFA**) adalah mekanisme keamanan yang memerlukan langkah tambahan selain memasukkan nama pengguna (atau surel) dan kata sandi Anda. Metode yang paling umum adalah kode terbatas waktu yang mungkin Anda terima dari SMS atau aplikasi.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Metode yang paling umum adalah kode terbatas waktu yang mungkin Anda terima dari SMS atau aplikasi.
Biasanya, jika seorang peretas (atau musuh) berhasil mengetahui kata sandi Anda, mereka akan mendapatkan akses ke akun pemilik kata sandi tersebut. Akun dengan MFA memaksa peretas untuk mendapatkan kata sandi (sesuatu yang Anda *tahu*) dan perangkat yang Anda miliki (sesuatu yang Anda *miliki*), seperti ponsel Anda.
@@ -26,7 +26,7 @@ Keamanan MFA notifikasi Push bergantung pada kualitas aplikasi, komponen server,
### Time-based One-time Password (TOTP)
-TOTP adalah salah satu bentuk MFA yang paling umum yang tersedia. Ketika Anda menyiapkan TOTP, Anda biasanya diminta untuk memindai [Kode QR](https://en.wikipedia.org/wiki/QR_code) yang membentuk "[rahasia bersama](https://en.wikipedia.org/wiki/Shared_secret)" dengan layanan yang ingin Anda gunakan. Rahasia bersama tersebut diamankan dalam data aplikasi autentikator, dan terkadang dilindungi oleh kata sandi.
+TOTP adalah salah satu bentuk MFA yang paling umum yang tersedia. Ketika Anda menyiapkan TOTP, Anda biasanya diminta untuk memindai [Kode QR](https://en.wikipedia.org/wiki/QR_code) yang membentuk "[rahasia bersama](https://en.wikipedia.org/wiki/Shared_secret)" dengan layanan yang ingin Anda gunakan. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Kode terbatas waktunya kemudian diperoleh dari rahasia bersama dan waktu saat ini. Karena kode hanya berlaku untuk waktu yang singkat, tanpa akses ke rahasia bersama, musuh tidak dapat membuat kode baru.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/id/basics/passwords-overview.md b/i18n/id/basics/passwords-overview.md
index 095aca78..207c4a57 100644
--- a/i18n/id/basics/passwords-overview.md
+++ b/i18n/id/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Semua [pengelola kata sandi yang kami rekomendasikan](../passwords.md) menyertak
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Sebagian besar pengelola kata sandi memungkinkan Anda untuk mengatur tanggal kedaluwarsa untuk kata sandi Anda agar lebih mudah dikelola.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Sebagian besar pengelola kata sandi memungkinkan Anda untuk mengatur tanggal kedaluwarsa untuk kata sandi Anda agar lebih mudah dikelola.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Lempar dadu enam sisi sebanyak lima kali, catat nomornya setelah setiap lemparan.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Anda akan menemukan kata `mengenkripsi`. Tuliskan kata itu.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Musuh Anda tahu bahwa Anda menggunakan metode diceware.
-- Musuh Anda mengetahui daftar kata tertentu yang Anda gunakan.
+- Your adversary knows the specific word list that you used.
- Musuh Anda mengetahui berapa banyak kata yang terkandung dalam kata sandi Anda.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Pilih sa
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/id/basics/threat-modeling.md b/i18n/id/basics/threat-modeling.md
index 28e8521e..03df6824 100644
--- a/i18n/id/basics/threat-modeling.md
+++ b/i18n/id/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Untuk mengidentifikasi apa yang dapat terjadi pada hal-hal yang Anda hargai dan
Untuk menjawab pertanyaan ini, penting untuk mengidentifikasi siapa yang mungkin ingin menargetkan Anda atau informasi Anda. ==Seseorang atau entitas yang menjadi ancaman bagi aset Anda adalah "musuh".== Contoh musuh potensial adalah atasan Anda, mantan mitra Anda, pesaing bisnis Anda, pemerintah Anda, atau peretas di jaringan publik.
-*Buatlah daftar musuh Anda atau mereka yang mungkin ingin mendapatkan aset Anda. Daftar Anda dapat mencakup individu, lembaga pemerintah, atau perusahaan.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Daftar Anda dapat mencakup individu, lembaga pemerintah, atau perusahaan.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/id/browser-extensions.md b/i18n/id/browser-extensions.md
index ad7b0d17..579a82cf 100644
--- a/i18n/id/browser-extensions.md
+++ b/i18n/id/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/id/calendar.md b/i18n/id/calendar.md
index 20d3b543..40eeefdd 100644
--- a/i18n/id/calendar.md
+++ b/i18n/id/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/id/cloud.md b/i18n/id/cloud.md
index 256d4cdd..6bd0eb4d 100644
--- a/i18n/id/cloud.md
+++ b/i18n/id/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Kriteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/id/cryptocurrency.md b/i18n/id/cryptocurrency.md
index a0c79f9c..24923600 100644
--- a/i18n/id/cryptocurrency.md
+++ b/i18n/id/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Kriteria
diff --git a/i18n/id/data-broker-removals.md b/i18n/id/data-broker-removals.md
index b9d7e347..f0d01f16 100644
--- a/i18n/id/data-broker-removals.md
+++ b/i18n/id/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/id/desktop-browsers.md b/i18n/id/desktop-browsers.md
index 77d596b3..a21b2482 100644
--- a/i18n/id/desktop-browsers.md
+++ b/i18n/id/desktop-browsers.md
@@ -109,7 +109,7 @@ Hal ini diperlukan untuk mencegah bentuk pelacakan tingkat lanjut, tetapi harus
### Mullvad Leta
-Mullvad Browser hadir dengan DuckDuckGo yang ditetapkan sebagai [mesin pencari](search-engines.md) bawaan, tetapi juga sudah terinstal dengan **Mullvad Leta**, mesin pencari yang membutuhkan langganan Mullvad VPN yang aktif untuk dapat mengaksesnya. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Karena alasan ini kami tidak menyarankan penggunaan Mullvad Leta, meskipun Mullvad mengumpulkan sangat sedikit informasi tentang pelanggan VPN mereka.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Karena alasan ini kami tidak menyarankan penggunaan Mullvad Leta, meskipun Mullvad mengumpulkan sangat sedikit informasi tentang pelanggan VPN mereka.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/id/desktop.md b/i18n/id/desktop.md
index fe9debfc..48916898 100644
--- a/i18n/id/desktop.md
+++ b/i18n/id/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/id/device-integrity.md b/i18n/id/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/id/device-integrity.md
+++ b/i18n/id/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/id/dns.md b/i18n/id/dns.md
index 1dffbedd..0d5017c2 100644
--- a/i18n/id/dns.md
+++ b/i18n/id/dns.md
@@ -75,7 +75,7 @@ AdGuard Home memiliki antarmuka web yang dipoles untuk melihat wawasan dan menge
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Perangkat lunak proxy DNS terenkripsi menyediakan proxy lokal untuk [DNS tidak t
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/id/document-collaboration.md b/i18n/id/document-collaboration.md
index b4950e5a..244f0d98 100644
--- a/i18n/id/document-collaboration.md
+++ b/i18n/id/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Kriteria kasus terbaik kami mewakili apa yang ingin kami lihat dari proyek yang sempurna dalam kategori ini. Rekomendasi kami mungkin tidak menyertakan salah satu atau semua fungsi ini, tetapi rekomendasi yang menyertakan fungsi ini mungkin memiliki peringkat yang lebih tinggi daripada yang lain di halaman ini.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/id/email-aliasing.md b/i18n/id/email-aliasing.md
index 142a1116..dda91a39 100644
--- a/i18n/id/email-aliasing.md
+++ b/i18n/id/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/id/email.md b/i18n/id/email.md
index 2caf5993..50156548 100644
--- a/i18n/id/email.md
+++ b/i18n/id/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** adalah layanan surel dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. They have been in operation since 2013. Proton AG berbasis di Genewa, Swiss. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** adalah layanan surel dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [menerima](https://proton.me/support/payment-options) uang tunai mel
#### :material-check:{ .pg-green } Keamanan Akun
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail tidak menawarkan fitur warisan digital.
@@ -127,7 +127,7 @@ Proton Mail tidak menawarkan fitur warisan digital.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Metode Pembayaran Pribadi
-Mailbox.org tidak menerima Bitcoin atau mata uang kripto lainnya sebagai karena prosesor pembayaran mereka BitPay menangguhkan operasi di Jerman. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org tidak menerima Bitcoin atau mata uang kripto lainnya sebagai karena prosesor pembayaran mereka BitPay menangguhkan operasi di Jerman. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Keamanan Akun
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Standar web seperti [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) belum didukung.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Standar web seperti [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) belum didukung.
#### :material-information-outline:{ .pg-blue } Keamanan Data
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Keamanan Akun
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum untuk Memenuhi Syarat:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/id/encryption.md b/i18n/id/encryption.md
index 68ba74e1..24b5f5c9 100644
--- a/i18n/id/encryption.md
+++ b/i18n/id/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/id/file-sharing.md b/i18n/id/file-sharing.md
index d44c2446..ae0fe3f9 100644
--- a/i18n/id/file-sharing.md
+++ b/i18n/id/file-sharing.md
@@ -13,7 +13,7 @@ Temukan cara berbagi file secara pribadi di antara perangkat Anda, dengan teman
## Berbagi File
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/id/frontends.md b/i18n/id/frontends.md
index 77318bec..5e0e1d11 100644
--- a/i18n/id/frontends.md
+++ b/i18n/id/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/id/index.md b/i18n/id/index.md
index 56ada115..83fa44fd 100644
--- a/i18n/id/index.md
+++ b/i18n/id/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG berbasis di Genewa, Swiss. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/id/meta/brand.md b/i18n/id/meta/brand.md
index 5f3414e0..d5faa5f3 100644
--- a/i18n/id/meta/brand.md
+++ b/i18n/id/meta/brand.md
@@ -12,7 +12,7 @@ Nama situs web adalah **Privacy Guides** dan **tidak boleh** diubah menjadi:
- PG.org
-Nama subreddit adalah **r/PrivacyGuides** atau **Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Panduan merek tambahan dapat ditemukan di [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/id/meta/translations.md b/i18n/id/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/id/meta/translations.md
+++ b/i18n/id/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/id/meta/uploading-images.md b/i18n/id/meta/uploading-images.md
index 5489792c..d4343a48 100644
--- a/i18n/id/meta/uploading-images.md
+++ b/i18n/id/meta/uploading-images.md
@@ -48,7 +48,7 @@ Pada tab **SVG Output** di bawah **Opsi dokumen**:
- [ ] Matikan **Hapus deklarasi XML**
- [x] Aktifkan **Hapus metadata**
- [x] Aktifkan **Hapus komentar**
-- [x] Aktifkan **Gambar raster yang disematkan**
+- [x] Turn on **Embedded raster images**
- [x] Aktifkan **Aktifkan viewboxing**
Pada tab **SVG Output** di bawah **Opsi dokumen**:
diff --git a/i18n/id/meta/writing-style.md b/i18n/id/meta/writing-style.md
index 6a0f13fb..7c42d715 100644
--- a/i18n/id/meta/writing-style.md
+++ b/i18n/id/meta/writing-style.md
@@ -64,7 +64,7 @@ Kita harus mencoba menghindari singkatan jika memungkinkan, tetapi teknologi pen
## Tulis secara ringkas
-> Kata-kata yang tidak perlu akan membuang waktu audiens Anda. Tulisan yang bagus itu seperti sebuah percakapan. Hilangkan informasi yang tidak perlu diketahui oleh audiens. Hal ini bisa menjadi sulit sebagai seorang ahli materi, jadi penting untuk memiliki seseorang yang melihat informasi dari sudut pandang audiens.
+> Kata-kata yang tidak perlu akan membuang waktu audiens Anda. Tulisan yang bagus itu seperti sebuah percakapan. Hilangkan informasi yang tidak perlu diketahui oleh audiens. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/id/mobile-browsers.md b/i18n/id/mobile-browsers.md
index fe36c8be..ec228e38 100644
--- a/i18n/id/mobile-browsers.md
+++ b/i18n/id/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/id/multi-factor-authentication.md b/i18n/id/multi-factor-authentication.md
index ed49b33a..b502658d 100644
--- a/i18n/id/multi-factor-authentication.md
+++ b/i18n/id/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Autentikasi Multifaktor"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/id/notebooks.md b/i18n/id/notebooks.md
index eb3e8aa8..6906675b 100644
--- a/i18n/id/notebooks.md
+++ b/i18n/id/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Penyedia Layanan](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/id/os/android-overview.md b/i18n/id/os/android-overview.md
index f3eb8650..544d1b8d 100644
--- a/i18n/id/os/android-overview.md
+++ b/i18n/id/os/android-overview.md
@@ -84,7 +84,7 @@ Jika sebuah aplikasi sebagian besar merupakan layanan berbasis web, pelacakan da
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. Ini [adalah kasus] (https://fosstodon.org/@bitwarden/109636825700482007) dengan Bitwarden. Itu tidak berarti bahwa Bitwarden menggunakan semua fitur analisis yang disediakan oleh Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. Ini [adalah kasus] (https://fosstodon.org/@bitwarden/109636825700482007) dengan Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Program Perlindungan Lanjutan
diff --git a/i18n/id/os/ios-overview.md b/i18n/id/os/ios-overview.md
index 1015cc91..5ed23d4c 100644
--- a/i18n/id/os/ios-overview.md
+++ b/i18n/id/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/id/os/linux-overview.md b/i18n/id/os/linux-overview.md
index d33387f2..d8092b24 100644
--- a/i18n/id/os/linux-overview.md
+++ b/i18n/id/os/linux-overview.md
@@ -10,9 +10,9 @@ Situs web kami umumnya menggunakan istilah "Linux" untuk menjelaskan distribusi
[Rekomendasi Linux kami :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Catatan Privasi
+## Security Notes
-Ada beberapa masalah privasi penting pada Linux yang harus Anda sadari. Terlepas dari kekurangan ini, distribusi Linux desktop masih bagus untuk kebanyakan orang yang ingin:
+There are some notable security concerns with Linux which you should be aware of. Terlepas dari kekurangan ini, distribusi Linux desktop masih bagus untuk kebanyakan orang yang ingin:
- Menghindari telemetri yang sering kali disertakan dengan sistem operasi berpemilik
- Menjaga [kebebasan perangkat lunak](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ Kami tidak percaya bahwa menahan paket dan menerapkan tambalan sementara adalah
Secara tradisional, distribusi Linux melakukan pembaruan dengan memperbarui paket yang diinginkan secara berurutan. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### Distribusi yang "berfokus pada keamanan"
@@ -85,7 +85,7 @@ Kami menyarankan untuk **tidak** menggunakan kernel Linux-libre, karena kernel i
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Enkripsi Kandar
-Sebagian besar distribusi Linux memiliki opsi dalam pemasang untuk mengaktifkan [LUKS](../encryption.md#linux-unified-key-setup) FDE. Jika opsi ini tidak diatur pada saat instalasi, Anda harus membuat cadangan data dan menginstal ulang, karena enkripsi diterapkan setelah [partisi diska](https://en.wikipedia.org/wiki/Disk_partitioning), tetapi sebelum [sistem berkas](https://en.wikipedia.org/wiki/File_system) diformat. Kami juga menyarankan untuk menghapus perangkat penyimpanan Anda dengan aman:
+Sebagian besar distribusi Linux memiliki opsi dalam pemasang untuk mengaktifkan [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. Kami juga menyarankan untuk menghapus perangkat penyimpanan Anda dengan aman:
- [Penghapusan Data yang Aman :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/id/os/macos-overview.md b/i18n/id/os/macos-overview.md
index feec19ef..07ebd024 100644
--- a/i18n/id/os/macos-overview.md
+++ b/i18n/id/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sumber
diff --git a/i18n/id/os/windows/group-policies.md b/i18n/id/os/windows/group-policies.md
index 4e4deeff..423b19d7 100644
--- a/i18n/id/os/windows/group-policies.md
+++ b/i18n/id/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/id/os/windows/index.md b/i18n/id/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/id/os/windows/index.md
+++ b/i18n/id/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/id/passwords.md b/i18n/id/passwords.md
index 4c84bcc4..8b1d9175 100644
--- a/i18n/id/passwords.md
+++ b/i18n/id/passwords.md
@@ -228,7 +228,7 @@ Kode sisi server Bitwarden [bersumber terbuka](https://github.com/bitwarden/serv
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ Opsi ini memungkinkan Anda untuk mengelola basis data kata sandi terenkripsi sec
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC menyimpan data ekspornya sebagai file [CSV](https://en.wikipedia.org/w
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/id/photo-management.md b/i18n/id/photo-management.md
index dbd73e7c..c9e017a6 100644
--- a/i18n/id/photo-management.md
+++ b/i18n/id/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/id/real-time-communication.md b/i18n/id/real-time-communication.md
index c6f88812..40086aef 100644
--- a/i18n/id/real-time-communication.md
+++ b/i18n/id/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Kriteria
diff --git a/i18n/id/router.md b/i18n/id/router.md
index 4a202f9b..cb5fd46a 100644
--- a/i18n/id/router.md
+++ b/i18n/id/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/id/security-keys.md b/i18n/id/security-keys.md
index 4be8099c..89d784fc 100644
--- a/i18n/id/security-keys.md
+++ b/i18n/id/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/id/tools.md b/i18n/id/tools.md
index 70294d75..fd89d6c3 100644
--- a/i18n/id/tools.md
+++ b/i18n/id/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG berbasis di Genewa, Swiss. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/id/tor.md b/i18n/id/tor.md
index bad61c70..30f4ac9d 100644
--- a/i18n/id/tor.md
+++ b/i18n/id/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ Kami sebelumnya merekomendasikan untuk mengaktifkan preferensi *Isolasi Alamat T
Tips for Android
-Orbot dapat memproksi aplikasi individual jika aplikasi tersebut mendukung proksi SOCKS atau HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot dapat memproksi aplikasi individual jika aplikasi tersebut mendukung proksi SOCKS atau HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot sering kali ketinggalan versi di [repositori F-Droid] (https://guardianproject.info/fdroid) dan [Google Play] (https://play.google.com/store/apps/details?id=org.torproject.android) milik Guardian Project, jadi pertimbangkan untuk mengunduh langsung dari [repositori GitHub] (https://github.com/guardianproject/orbot/releases).
-Semua versi ditandatangani menggunakan tanda tangan yang sama sehingga seharusnya kompatibel satu sama lain.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/id/vpn.md b/i18n/id/vpn.md
index 675337cb..735a85f2 100644
--- a/i18n/id/vpn.md
+++ b/i18n/id/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "Layanan VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Temukan penyedia di sini yang tidak memata-matai Anda.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN memiliki server dan pusat data mereka sendiri di Swiss, Islandia, dan Swedia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN memiliki server dan pusat data mereka sendiri di Swiss, Islandia, dan Swedia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Fitur killswitch rusak pada Mac berbasis Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Jika Anda memerlukan fitur ini, dan Anda menggunakan Mac dengan chipset Intel, Anda sebaiknya mempertimbangkan untuk menggunakan layanan VPN lain.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Jika Anda memerlukan fitur ini, dan Anda menggunakan Mac dengan chipset Intel, Anda sebaiknya mempertimbangkan untuk menggunakan layanan VPN lain.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Klien Ponsel
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** adalah VPN yang cepat dan murah dengan fokus serius pada transparansi dan keamanan. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** adalah VPN yang cepat dan murah dengan fokus serius pada transparansi dan keamanan. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Penting untuk dicatat bahwa menggunakan penyedia VPN tidak akan membuat Anda men
### Teknologi
-Kami mewajibkan semua penyedia VPN yang kami rekomendasikan untuk menyediakan berkas konfigurasi OpenVPN untuk digunakan pada klien mana pun. **Jika** VPN menyediakan klien khusus mereka sendiri, kami memerlukan killswitch untuk memblokir kebocoran data jaringan saat terputus.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum untuk Memenuhi Syarat:**
-- Dukungan untuk protokol yang kuat seperti WireGuard & OpenVPN.
-- Killswitch yang terpasang pada klien.
-- Dukungan multihop. Multihopping penting untuk menjaga kerahasiaan data jika terjadi kompromi pada satu node.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- Jika klien VPN tersedia, klien tersebut seharusnya [bersumber terbuka](https://id.wikipedia.org/wiki/Perangkat_lunak_sumber_terbuka), seperti perangkat lunak VPN yang umumnya sudah terpasang di dalamnya. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Kasus Terbaik:**
-- Killswitch dengan opsi yang sangat mudah dikonfigurasi (aktifkan/nonaktifkan pada jaringan tertentu, saat boot, dll.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Klien VPN yang mudah digunakan
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Kami berharap server akan mengizinkan koneksi masuk melalui IPv6 dan memungkinkan Anda untuk mengakses layanan yang dihosting pada alamat IPv6.
- Kemampuan [penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) membantu dalam membuat koneksi ketika menggunakan perangkat lunak berbagi file P2P ([Peer-to-Peer](https://id.wikipedia.org/wiki/Peer-to-peer)) atau hosting server (misalnya, Mumble).
@@ -316,11 +316,11 @@ Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data ses
**Kasus Terbaik:**
- Menerima beberapa opsi [pembayaran anonim](advanced/payments.md).
-- Tidak ada informasi pribadi yang diterima (nama pengguna yang dibuat secara otomatis, tidak perlu surel, dll.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Keamanan
-VPN tidak ada gunanya jika tidak bisa menyediakan keamanan yang memadai. Kami mewajibkan semua penyedia yang kami rekomendasikan untuk mematuhi standar keamanan saat ini untuk koneksi OpenVPN mereka. Secara ideal, mereka akan menggunakan skema enkripsi yang lebih tahan terhadap masa depan secara bawaan. Kami juga mewajibkan pihak ketiga yang independen untuk mengaudit keamanan penyedia layanan, secara ideal dengan cara yang sangat komprehensif dan secara berulang (tahunan).
+VPN tidak ada gunanya jika tidak bisa menyediakan keamanan yang memadai. We require all our recommended providers to abide by current security standards. Secara ideal, mereka akan menggunakan skema enkripsi yang lebih tahan terhadap masa depan secara bawaan. Kami juga mewajibkan pihak ketiga yang independen untuk mengaudit keamanan penyedia layanan, secara ideal dengan cara yang sangat komprehensif dan secara berulang (tahunan).
**Minimum untuk Memenuhi Syarat:**
@@ -358,7 +358,7 @@ Dengan penyedia VPN yang kami rekomendasikan, kami ingin melihat pemasaran yang
**Minimum untuk Memenuhi Syarat:**
-- Harus menyediakan analitik sendiri (yaitu, tanpa Google Analytics). Situs penyedia juga harus mematuhi [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) untuk orang-orang yang ingin menolak pelacakan.
+- Harus menyediakan analitik sendiri (yaitu, tanpa Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Tidak boleh melakukan pemasaran yang tidak bertanggung jawab:
diff --git a/i18n/it/about.md b/i18n/it/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/it/about.md
+++ b/i18n/it/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/it/about/contributors.md b/i18n/it/about/contributors.md
index e5c31a61..b9e12f4c 100644
--- a/i18n/it/about/contributors.md
+++ b/i18n/it/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-Questo progetto segue la specifica [all-contributors](https://github.com/all-contributors/all-contributors). Contributi di **qualsiasi** tipo sono benvenuti per essere aggiunti a [questa lista](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), compresi i contributi a Privacy Guides al di fuori di questa repository e i contributi che non sono legati ai contenuti (come la condivisione di idee per Privacy Guides, la promozione del progetto, la risposta alle domande sul forum, ecc.).
+Questo progetto segue la specifica [all-contributors](https://github.com/all-contributors/all-contributors). Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Tipo | Descrizione |
| ----- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
diff --git a/i18n/it/about/criteria.md b/i18n/it/about/criteria.md
index b9a03a16..2aa9990f 100644
--- a/i18n/it/about/criteria.md
+++ b/i18n/it/about/criteria.md
@@ -24,7 +24,7 @@ Abbiamo questi requisiti per quanto riguarda gli sviluppatori che desiderano inv
- Deve indicare l'affiliazione, cioè, la sua posizione entro il progetto inviato.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Se possibile, ti preghiamo di menzionare chi condurrà il controllo.
- Deve spiegare ciò che il progetto offre in termini di privacy.
diff --git a/i18n/it/about/executive-policy.md b/i18n/it/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/it/about/executive-policy.md
+++ b/i18n/it/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/it/about/notices.md b/i18n/it/about/notices.md
index 0dd1aa22..2f5fd2a4 100644
--- a/i18n/it/about/notices.md
+++ b/i18n/it/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Crediamo che i loghi e altre immagini in `assets`, ottenute da fornitori di terze parti, siano nel dominio pubblico o dell'**utilizzo equo e solidale**. In breve, la [dottrina dell'utilizzo equo e solidale](https://copyright.gov/fair-use/more-info.html) legale consente l'utilizzo di immagini coperte da copyright, per identificare la materia del soggetto, per scopi di commento pubblico. Tuttavia, questi loghi e altre immagini potrebbero ancora essere soggetti a leggi sui marchi, in una o più giurisdizioni. Prima di utilizzare tali contenuti, ti preghiamo di assicurarti che sia utilizzato per identificare l'entità o l'organizzazione che possiede il marchio registrato, e che tu abbia il diritto a utilizzarlo, sotto le leggi che si applicano nelle circostanze del tuo utilizzo previsto. *Copiando i contenuti da questo sito web, sei l'unico responsabile della garanzia di non violare il marchio o copyright altrui.*
+Crediamo che i loghi e altre immagini in `assets`, ottenute da fornitori di terze parti, siano nel dominio pubblico o dell'**utilizzo equo e solidale**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Tuttavia, questi loghi e altre immagini potrebbero ancora essere soggetti a leggi sui marchi, in una o più giurisdizioni. Prima di utilizzare tali contenuti, ti preghiamo di assicurarti che sia utilizzato per identificare l'entità o l'organizzazione che possiede il marchio registrato, e che tu abbia il diritto a utilizzarlo, sotto le leggi che si applicano nelle circostanze del tuo utilizzo previsto. *Copiando i contenuti da questo sito web, sei l'unico responsabile della garanzia di non violare il marchio o copyright altrui.*
Contribuendo al nostro sito web, lo fai secondo le licenze suddette, concedendo a Privacy Guides una licenza perpetua, globale, non esclusiva, trasferibile, esente da royalty e irrevocabile, con il diritto di sublicenziare tali diritti, tramite più livelli di sublicenze, per riprodurre, modificare, mostrare, eseguire e distribuire il tuo contributo, come parte del nostro progetto.
diff --git a/i18n/it/about/privacytools.md b/i18n/it/about/privacytools.md
index 57e89ebd..0ee2ebc7 100644
--- a/i18n/it/about/privacytools.md
+++ b/i18n/it/about/privacytools.md
@@ -37,9 +37,9 @@ Alla fine di luglio 2021, abbiamo [informato](https://web.archive.org/web/202107
## Controllo di r/privacytoolsIO
-Simultaneamente ai problemi relativi al sito web di privacytools.io, il team di moderazione di r/privacytoolsIO stava affrontando problemi con la gestione del subreddit. Il subreddit è stato sempre operato per lo più in modo indipendente dallo sviluppo del sito web, ma BurungHantu era il moderatore principale del subreddit, nonché l'unico moderatore con privilegi di "Pieno Controllo". u/trai_dep era il solo moderatore attivo al tempo, e [ha pubblicato](https://reddit.com/comments/o9tllh) una richiesta agli amministratori di Reddit il 28 giugno 2021, chiedendo di poter ricevere la posizione di moderatore principale, con i privilegi di pieno controllo, per poter apportare le modifiche necessarie alla Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep era il solo moderatore attivo al tempo, e [ha pubblicato](https://reddit.com/comments/o9tllh) una richiesta agli amministratori di Reddit il 28 giugno 2021, chiedendo di poter ricevere la posizione di moderatore principale, con i privilegi di pieno controllo, per poter apportare le modifiche necessarie alla Subreddit.
-Reddit richiede che i subreddit abbiano dei moderatori attivi. Se il moderatore principale è inattivo per un lungo periodo di tempo (come un anno), la posizione di moderazione principale è riassegnabile, al moderatore successivo in lista. Affinché la richiesta venisse accolta, BurungHantu sarebbe dovuto essere completamente assente da qualsiasi attività di Reddit per un lungo periodo di tempo, cosa coerente con i suoi comportamenti su altre piattaforme.
+Reddit requires that Subreddits have active moderators. Se il moderatore principale è inattivo per un lungo periodo di tempo (come un anno), la posizione di moderazione principale è riassegnabile, al moderatore successivo in lista. Affinché la richiesta venisse accolta, BurungHantu sarebbe dovuto essere completamente assente da qualsiasi attività di Reddit per un lungo periodo di tempo, cosa coerente con i suoi comportamenti su altre piattaforme.
> Se sei stato rimosso come moderatore da un subreddit, tramite la richiesta di Reddit, è perché la tua mancanza di risposta e di attività, ha qualificato il subreddit per un trasferimento r/redditrequest.
>
@@ -55,7 +55,7 @@ Questa modfica [ha comportato:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- L'archiviazione del codice sorgente su GitHub per preservare il nostro lvoro precedente e tracciatore dei problemi, che abbiamo continuato a utilizzare per mesi di sviluppo futuro di questo sito.
-- La pubblicazione di annunci al nostro subreddit e varie altre community, informando le persone del cambiamento ufficiale.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- La chiusura ufficiale dei servizi di privacytools.io, come Matrix e Mastodon, e l'incoraggiamento degli utenti esistenti a migrare il prima possibile.
Tutto sembrava andare bene e, gran parte della nostra community attiva, ha effettuato il passaggio al nuovo progetto, esattamente come speravamo.
@@ -66,11 +66,11 @@ Approssimativamente una settimana dopo la transizione, BurungHantu è tornato on
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Abbiamo accettato e richiesto che mantenesse i sottodomini per Matrix, Mastodon e PeerTube, attivi, perché gestissimo un servizio pubblico alla nostra community, per almeno qualche mese, per consentire agli utenti di tali piattaforme di migrare facilmente ad altri profili. A causa della natura federata dei servizi che fornivamo, erano legati a nomi di dominio specifici, complicando la migrazione (e, in alcuni casi, rendendola impossibile).
-Sfortunatamente, poiché il controllo della Subreddit r/privacytoolsIO non era stato restituito a BurungHantu su sua richiesta (seguono ulteriori informazioni), quei sottodomini sono stati [tagliati fuori](https://reddit.com/comments/pymthv/comment/hexwrps) all'inizio di ottobre, terminando qualsiasi possibilità di migrazione a qualsiasi utente utilizzasse ancora quei servizi.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Successivamente, BurungHantu ha accusato Jonah di aver rubato le donazioni dal progetto. BurungHantu ha avuto oltre un anno da quando il presunto incidente si sarebbe verificato, tuttavia, non ha mai informato nessuno fino in seguito alla migrazione a Privacy Guides. A BurungHantu è stato chiesto ripetutamente di fornire prove e di commentare sul motivo del proprio silenzio dal team [e dalla community](https://twitter.com/TommyTran732/status/1526153536962281474), cosa che non ha fatto.
-Inoltre, BurungHntu ha pubblicato un [post di Twitter](https://twitter.com/privacytoolsIO/status/1510560676967710728), sostenendo che un "avvocato" lo avesse contattato su Twitter e avesse fornito consiglio, in un altro tentativo di intimidirci così da permettergli di assumere il controllo del nostro subreddit, e come parte di questa campagna diffamatoria per confondere le acque sul lancio di Privacy Guides, pretenendo di essere una vittima.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io ora
@@ -80,7 +80,7 @@ Dal 25 settembre 2022, stiamo vedendo i piani generali di BurungHantu realizzars
## r/privacytoolsIO ora
-Dopo il lancio di [r/PrivacyGuides](https://reddit.com/r/privacyguides), era improponibile per u/trai_dep continuare a moderare entrambe le subreddit, e con la community d'accordo con la transizione, r/privacytoolsIO [è stata resa](https://reddit.com/comments/qk7qrj) una sub limitata in un post, l'1 novembre 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] La crescita di questo subreddit è stata la conseguenza di un grande sforzo, durato diversi anni, da parte del team di PrivacyGuides.org. E da ognuno di voi.
>
@@ -88,11 +88,11 @@ Dopo il lancio di [r/PrivacyGuides](https://reddit.com/r/privacyguides), era imp
I subreddit non appartengono a nessuno e, specialmente, non ai titolari dei marchi. Appartengono alle proprie community, che, insieme ai propri moderatori hanno preso la decisione di supportare la transizione a r/PrivacyGuides.
-Nei mesi successivi, BurungHantu ha minacciato e implorato la restituzione del controllo della subreddit al suo profilo, in [violazione](https://reddit.com/r/redditrequest/wiki/top_mod_removal) delle regole di Reddit:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Le ritorsioni da qualsiasi moderatore relativamente alle richieste di rimozione, sono vietate.
-Per un community con migliaia di iscritti rimanenti, crediamo che sarebbe incredibilmente irrispettoso restituire il controllo di tale enorme piattaforma alla persona che l'ha abbandonata per oltre un anno, e che ora gestisce un sito web che crediamo fornisca informazioni di bassissima qualità. Preservare gli anni di discussioni passate in quella community è per noi più importante e, dunque, u/trai_dep e il resto del team di moderazione del subreddit, hanno deciso di mantenere r/privacytoolsIO così com'è.
+Per un community con migliaia di iscritti rimanenti, crediamo che sarebbe incredibilmente irrispettoso restituire il controllo di tale enorme piattaforma alla persona che l'ha abbandonata per oltre un anno, e che ora gestisce un sito web che crediamo fornisca informazioni di bassissima qualità. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective ora
diff --git a/i18n/it/about/statistics.md b/i18n/it/about/statistics.md
index 1ca39d86..94989c39 100644
--- a/i18n/it/about/statistics.md
+++ b/i18n/it/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
Con questo processo:
-- Le tue informazioni non vengono mai condivise con terzi e rimangono su server da noi controllati
+- Your information is never shared with a third party, it stays on servers we control
- I tuoi dati personali non vengono mai salvati, raccogliamo dati solo in forma aggregata
- Non viene utilizzato JavaScript lato client
diff --git a/i18n/it/advanced/communication-network-types.md b/i18n/it/advanced/communication-network-types.md
index 0695d1d6..fd593f2e 100644
--- a/i18n/it/advanced/communication-network-types.md
+++ b/i18n/it/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Quando ospitati autonomamente, i membri di un server federato possono scoprire e
- Consente un maggiore controllo sui propri dati, gestendo il proprio server.
- Ti consente di scegliere a chi affidare i tuoi dati, scegliendo tra svariati server "pubblici".
- Consente spesso i client di terze parti, che possono fornire un'esperienza più nativa, personalizzata o accessibile.
-- Si può verificare che il software del server corrisponda al codice sorgente pubblico, supponendo di avere accesso al server o che ti fidi della persona che vi ha accesso (es., un familiare).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Svantaggi:**
@@ -60,7 +60,7 @@ Quando ospitati autonomamente, i membri di un server federato possono scoprire e
La messaggistica P2P si connette a una [rete distribuita](https://en.wikipedia.org/wiki/Distributed_networking) di noti per trasmettere un messaggio al destinatario, senza un server di terze parti.
-I client (pari), solitamente, si trovano utilizzando una rete di [calcolo distribuita](https://en.wikipedia.org/wiki/Distributed_computing). Esempi di ciò includono le [Tabelle di Hash Distribuite](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), utilizzate ad esempio dai [torrent](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) e da [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System). Un altro approccio sono le reti basate sulla prossimità, dove una connessione è stabilita via WiFi o Bluetooth (ad esempio, Briar o il protocollo social netwtork [Scuttlebutt](https://scuttlebutt.nz)).
+I client (pari), solitamente, si trovano utilizzando una rete di [calcolo distribuita](https://en.wikipedia.org/wiki/Distributed_computing). Esempi di ciò includono le [Tabelle di Hash Distribuite](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), utilizzate ad esempio dai [torrent](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) e da [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System). Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Una volta che un paro ha trovato un percorso al suo contatto tramite uno di questi metodi, una connessione diretta tra di essi è creata. Sebbene i messaggi siano solitamente crittografati, un osservatore potrà comunque dedurre la posizione e l'identità del mittente e del destinatario.
@@ -85,9 +85,9 @@ Le reti P2P non utilizzano i server, poiché i pari comunicano direttamente tra
La messaggistica che utilizza l'[instradamento anonimo](https://doi.org/10.1007/978-1-4419-5906-5_628) nasconde l'identità del mittente, del destinatario o le prove che stessero comunicando. Idealmente, un servizio di messaggistica dovrebbe nascondere tutte e tre le cose.
-Esistono [molti](https://doi.org/10.1145/3182658) modi differenti per implementare l'instradamento autonomo. Uno dei più famosi è l'[instradamento onion](https://en.wikipedia.org/wiki/Onion_routing) (cioè, [Tor](tor-overview.md)), che comunic i messaggi crittografati attraverso una [rete di copertura](https://en.wikipedia.org/wiki/Overlay_network), che nasconde la posizione di ogni nodo, oltre che il mittente e destinatario di ogni messaggio. Il mittente e il destinatario non interagiscono mai direttamente e si incontrano esclusivamente tramite un nodo di incontro segreto, così che non si verifichi alcuna fuga di indirizzi IP, o di posizioni fisiche. I nodi non possono decrittografare i messaggi, né la destinazione finale; soltanto il destinatario può farlo. Ogni nodo intermedio può decrittografare soltanto una parte, che indica dove inviare il messaggio ancora crittografato, finché non raggiunge il destinatario, che può decrittografarlo interamente, da cui gli "strati a cipolla."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Uno dei più famosi è l'[instradamento onion](https://en.wikipedia.org/wiki/Onion_routing) (cioè, [Tor](tor-overview.md)), che comunic i messaggi crittografati attraverso una [rete di copertura](https://en.wikipedia.org/wiki/Overlay_network), che nasconde la posizione di ogni nodo, oltre che il mittente e destinatario di ogni messaggio. Il mittente e il destinatario non interagiscono mai direttamente e si incontrano esclusivamente tramite un nodo di incontro segreto, così che non si verifichi alcuna fuga di indirizzi IP, o di posizioni fisiche. I nodi non possono decrittografare i messaggi, né la destinazione finale; soltanto il destinatario può farlo. Ogni nodo intermedio può decrittografare soltanto una parte, che indica dove inviare il messaggio ancora crittografato, finché non raggiunge il destinatario, che può decrittografarlo interamente, da cui gli "strati a cipolla."
-L'hosting autonomo di un nodo è una rete di instradamento anonimo che non fornisce a chi ospita benefici sulla privacy aggiuntivi, quanto piuttosto contributi alla resilienza dell'intera rete, nei confronti degli attacchi d'identificazione, a vantaggio di tutti.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Vantaggi:**
diff --git a/i18n/it/advanced/dns-overview.md b/i18n/it/advanced/dns-overview.md
index d2ff334a..79003379 100644
--- a/i18n/it/advanced/dns-overview.md
+++ b/i18n/it/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Il Sistema dei Nomi di Dominio è la "rubrica dell'Internet", aiutando il tuo browser a trovare il sito web che sta cercando.
---
-Il [Sistema dei Nomi di Dominio](https://en.wikipedia.org/wiki/Domain_Name_System) (DNS) è la 'rubrica dell'Internet'. Il DNS traduce i nomi di dominio in indirizzi IP, così che i browser e altri servizi possano caricare le risorse di Internet, tramite una rete decentralizzata di server.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. Il DNS traduce i nomi di dominio in indirizzi IP, così che i browser e altri servizi possano caricare le risorse di Internet, tramite una rete decentralizzata di server.
## Cos'è il DNS?
@@ -24,7 +24,7 @@ Di seguito, discutiamo e forniamo un tutorial per provare ciò che un osservator
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. Quindi, possiamo utilizzare [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) o [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) per inviare la ricerca DNS a entrambi i server. I software come i browser web, svolgono automaticamente tali ricerche, a meno che non siano configurati per utilizzare il DNS crittografato.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. I software come i browser web, svolgono automaticamente tali ricerche, a meno che non siano configurati per utilizzare il DNS crittografato.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Di seguito, discutiamo e forniamo un tutorial per provare ciò che un osservator
nslookup privacyguides.org 8.8.8.8
```
-3. Successivamente, vogliamo [analizzare](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) i risultati:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Il DNS cifrato può fare riferimento a uno dei diversi protocolli, i più comuni
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) fu uno dei primi metodi per la crittografia delle richieste DNS. DNSCrypt opera sulla porta 443 e funziona con entrambi i protocolli di trasporto TCP e UDP. DNSCrypt non è stato mai inviato alla [Task Force Ingegneristica di Internet (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force), né ha superato il processo di [Richiesta dei Commenti (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments), quindi non è stato utilizzato ampiamente, al di fuori di poche [implementazioni](https://dnscrypt.info/implementations). Di conseguenza, è stato ampiamente sostituito dal più popolare [DNS-over-HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) fu uno dei primi metodi per la crittografia delle richieste DNS. DNSCrypt opera sulla porta 443 e funziona con entrambi i protocolli di trasporto TCP e UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Di conseguenza, è stato ampiamente sostituito dal più popolare [DNS-over-HTTPS](#dns-over-https-doh).
### DNS-over-TLS (DoT)
@@ -118,7 +118,7 @@ In questo esempio registreremo cosa si verifica quando effettuiamo una richiesta
3. Dopo aver effettuato la richiesta, possiamo interrompere la cattura del pacchetto con CTRL + C.
-4. Analizza i risultati su Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Quando effettuiamo una ricerca DNS, generalmente è perché desideriamo accedere
Il metodo più semplice per determinare l'attività di navigazione, potrebbe essere quello di esaminare gli indirizzi IP accessibili ai tuoi dispositivi. Ad esempio, se l'osservatore sa che `privacyguides.org` si trova a `198.98.54.105` e il tuo dispositivo sta richiedendo dei dati da `198.98.54.105`, è molto probabile che tu stia visitando Privacy Guides.
-Questo metodo è utile soltanto quando l'indirizzo IP appartiene a un server che ospita soltanto alcuni siti web. Non è molto utile se il sito è ospitato su una piattaforma condivisa (es., GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, ecc.). Inoltre, non è molto utile se il server è ospitato dietro un [proxy inverso](https://en.wikipedia.org/wiki/Reverse_proxy), molto comune sull'Internet moderno.
+Questo metodo è utile soltanto quando l'indirizzo IP appartiene a un server che ospita soltanto alcuni siti web. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Inoltre, non è molto utile se il server è ospitato dietro un [proxy inverso](https://en.wikipedia.org/wiki/Reverse_proxy), molto comune sull'Internet moderno.
### Indicazione del Nome del Server (SNI)
-L'Indicazione del Nome del Server è tipicamente utilizzata quando un indirizzo IP ospita molti siti web. Potrebbe trattarsi di un servizio come Cloudflare, o di qualche altra protezione dagli [attacchi di Denial-of-service](https://en.wikipedia.org/wiki/Denial-of-service_attack).
+Server Name Indication is typically used when an IP address hosts many websites. Potrebbe trattarsi di un servizio come Cloudflare, o di qualche altra protezione dagli [attacchi di Denial-of-service](https://en.wikipedia.org/wiki/Denial-of-service_attack).
-1. Riavvia la cattura con `tshark`. Abbiamo aggiunto un filtro con il nostro indirizzo IP, così che tu non catturi molti pacchetti:
+1. Riavvia la cattura con `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Non fare nulla)
```
-Il DNS Criittografato con unaa terza parte dovrebbe sempre essere utilizzato per aggirare i reindirizzamenti e il [blocco DNS](https://en.wikipedia.org/wiki/DNS_blocking) di base, quando puoi assicurarti che non sussisteranno conseguenze, o se sei interessato a un fornitore che svolge del filtraggio rudimentale.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Elenco dei server DNS consigliati](../dns.md ""){.md-button}
diff --git a/i18n/it/advanced/tor-overview.md b/i18n/it/advanced/tor-overview.md
index e43eb28b..cb12be71 100644
--- a/i18n/it/advanced/tor-overview.md
+++ b/i18n/it/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor funziona instradando il traffico tramite questi server gestiti da volontari,
Prima di connetterti a Tor, dovresti considerare attentamente cosa vuoi ottenere utilizzando Tor e a chi vuoi nascondere la tua attività in rete.
-Se vivi in un Paese libero, accedi a contenuti banali tramite Tor, non sei preoccupato che il tuo ISP o gli amministratori della rete locale sappiano che stai usando Tor e vuoi aiutare [a de-stigmatizzare](https://2019.www.torproject.org/about/torusers.html.en) l'uso di Tor, puoi probabilmente connetterti a Tor direttamente tramite mezzi standard come [Tor Browser](../tor.md) senza preoccupazioni.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
Se hai la possibilità di accedere a un provider VPN affidabile e **qualsiasi** dei seguenti punti è vero, quasi certamente dovresti connetterti a Tor attraverso una VPN:
diff --git a/i18n/it/ai-chat.md b/i18n/it/ai-chat.md
index 46ccbbf0..84522559 100644
--- a/i18n/it/ai-chat.md
+++ b/i18n/it/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteri
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Caso migliore
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. I nostri consigli potrebbero non includere tutte o alcune di queste funzionalità, ma quelli che le includono potrebbero essere preferiti ad altri su questa pagina.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/it/alternative-networks.md b/i18n/it/alternative-networks.md
index 22bdc6ac..5805b9eb 100644
--- a/i18n/it/alternative-networks.md
+++ b/i18n/it/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/it/android/general-apps.md b/i18n/it/android/general-apps.md
index c96c81d2..1f804374 100644
--- a/i18n/it/android/general-apps.md
+++ b/i18n/it/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Nota
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/it/basics/account-creation.md b/i18n/it/basics/account-creation.md
index 0075bcef..942ff827 100644
--- a/i18n/it/basics/account-creation.md
+++ b/i18n/it/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: La creazione di account online è praticamente una necessità di internet, adotta questi accorgimenti per assicurare di rimanere privato.
---
-Spesso le persone si iscrivono a servizi senza riflettere. Forse è un servizio di streaming per guardare quella nuova serie di cui tutti parlano, o di un profilo che ti offre uno sconto per il tuo fast food preferito. In ogni caso, dovresti considerare le implicazioni per i tuoi dati, ora e in futuro.
+Spesso le persone si iscrivono a servizi senza riflettere. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. In ogni caso, dovresti considerare le implicazioni per i tuoi dati, ora e in futuro.
A ogni nuovo servizio che utilizzi, sono associati dei rischi. Violazioni dei dati; divulgazione di informazioni sui clienti a terze parti; dipendenti disonesti che accedono ai dati; sono tutte possibilità che devono essere considerate, fornendo le proprie informazioni. Devi essere sicuro di poterti fidare del servizio, per cui non consigliamo l'archiviazione di dati preziosi su nulla, se non sui prodotti più maturi e testati. Ciò, solitamente, preclude i servizi che forniscono E2EE e hanno subito un controllo crittografico. Un controllo incrementa la garanzia che il prodotto sia stato progettato senza problemi evidenti di sicurezza, causati da uno sviluppatore inesperto.
@@ -13,11 +13,11 @@ Inoltre, può essere difficile eliminare i profili, su alcuni servizi. Talvolta,
## Termini di Servizio e Politica sulla Privacy
-I ToS sono le regole che accetti di seguire, utilizzando il servizio. Spesso, nei servizi più grandi, tali regole sono imposte da sistemi automatizzati. Talvolta, questi sistemi automatizzati possono commettere degli errori. Ad esempiio, potresti essere bannato o bloccato dal tuo profilo su alcuni servizi, utilizzando una VPN o un numero VoIP. Fare appello a tali ban è spesso difficile, e richiede anch'esso un procedimento automatizzato, che non ha sempre successo. Ad esempio, questa è una delle motivazioni per cui non suggeriamo di utilizzare Gmail per l'email. L'email è fondamentale per accedere ad altri servizi cui potresti esserti iscritto.
+I ToS sono le regole che accetti di seguire, utilizzando il servizio. Spesso, nei servizi più grandi, tali regole sono imposte da sistemi automatizzati. Talvolta, questi sistemi automatizzati possono commettere degli errori. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Fare appello a tali ban è spesso difficile, e richiede anch'esso un procedimento automatizzato, che non ha sempre successo. Ad esempio, questa è una delle motivazioni per cui non suggeriamo di utilizzare Gmail per l'email. L'email è fondamentale per accedere ad altri servizi cui potresti esserti iscritto.
-La Politica sulla Privacy è come il servizio dichiara che utilizzerà i tuoi dati, e vale la pena di leggerla, così da meglio comprendere come saranno utilizzati i tuoi dati. Un'azienda od organizzazione, potrebbe non essere legalmente obbligata a seguire tutto ciò che è contenuto nella politica (a seconda della giurisdizione). Ti consigliamo di avere un'idea di quali leggi locali esistono e di ciò che consentono a un fornitore di raccogliere.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Un'azienda od organizzazione, potrebbe non essere legalmente obbligata a seguire tutto ciò che è contenuto nella politica (a seconda della giurisdizione). Ti consigliamo di avere un'idea di quali leggi locali esistono e di ciò che consentono a un fornitore di raccogliere.
-Consigliamo di cercare termini particolari, quali servizi di "raccolta dei dati", "analisi dei dati", "cookie", "pubblicità/annunci" o "terze parti". Talvolta, potrai rifiutare la raccolta o la condivisione dei tuoi dati, ma è sempre meglio scegliere un servizio che rispetti la tua privacy, fin dall'inizio.
+Consigliamo di cercare termini particolari, quali servizi di "raccolta dei dati", "analisi dei dati", "cookie", "pubblicità/annunci" o "terze parti". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Tieni a mente che stai anche riponendo la tua fiducia nell'azienda od organizzazione, affinché si conformeranno alla propria politica sulla privacy.
@@ -42,7 +42,7 @@ Sarai responsabile della gestione delle tue credenziali di accesso. Per una magg
#### Alias email
-Se non desideri fornire il tuo indirizzo email reale a un servizio, puoi utilizzare un alias. Li abbiamo descritti in maggiore dettaglio sulla nostra pagina di consigli dei servizi email. In breve, i servizi di alias ti consentono di generare nuovi indirizzi email, che inoltrano tutte le email al tuo indirizzo principale. Ciò può contribuire a impedire il tracciamento tra i vari servizi, nonché a gestire le email di marketing che talvolta accompagnano il processo d'iscrizione. Questi possono essere filtrati automaticamente in base all'alias a cui sono inviati.
+Se non desideri fornire il tuo indirizzo email reale a un servizio, puoi utilizzare un alias. Li abbiamo descritti in maggiore dettaglio sulla nostra pagina di consigli dei servizi email. In breve, i servizi di alias ti consentono di generare nuovi indirizzi email, che inoltrano tutte le email al tuo indirizzo principale. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Questi possono essere filtrati automaticamente in base all'alias a cui sono inviati.
Se un servizio dovesse essere violato, potresti iniziare a ricevere email di phishing o spam all'indirizzo utilizzato per iscriverti. Utilizzare alias univoci per ogni servizio può assisterti nell'identificare esattamente quale servizio è stato violato.
@@ -76,7 +76,7 @@ Anche le applicazioni dannose, in particolare sui dispositivi mobili in cui l'ap
Consigliamo di evitare i servizi che richiedono un numero telefonico per iscriversi. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Dovresti evitare di dare il tuo vero numero di telefono, se possibile. Alcuni servizi consentiranno l'utilizzo di numeri VoIP, tuttavia, questi, innescano spesso dei sistemi di rilevamento delle frodi, causando il blocco di un profilo, quindi, li sconsigliamo per i profili importanti.
+Dovresti evitare di dare il tuo vero numero di telefono, se possibile. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In molti casi dovrai fornire un numero che può ricevere SMS o chiamate, in particolare facendo acquisti internazionali, nel caso in cui si verifichi un problema con il tuo ordine ai controlli doganali. È comune che i servizi utilizzino il tuo numero come metodo di verifica; non consentire di essere bloccato da un profilo importante, perché volevi essere furbo e hai inserito un numero falso!
diff --git a/i18n/it/basics/account-deletion.md b/i18n/it/basics/account-deletion.md
index 423e0891..70c58d0b 100644
--- a/i18n/it/basics/account-deletion.md
+++ b/i18n/it/basics/account-deletion.md
@@ -27,7 +27,7 @@ Le piattaforme desktop dispongono spesso di un gestore di password che può aiut
### Email
-Se non hai mai utilizzato un gestore di password in passato, o pensi di possedere account mai aggiunti a esso, un'altra opzione è cercare gli account email con cui credi di esserti iscritto. Sul tuo client email, cerca parole chiave come "verifica" o "benvenuto." Quasi ogni volta che create un account online, il servizio vi manderà un link di verifica o un messaggio introduttivo alla vostra email. Questo può essere un ottimo modo per trovare vecchi profili dimenticati.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. Sul tuo client email, cerca parole chiave come "verifica" o "benvenuto." Quasi ogni volta che create un account online, il servizio vi manderà un link di verifica o un messaggio introduttivo alla vostra email. Questo può essere un ottimo modo per trovare vecchi profili dimenticati.
## Eliminazione dei vecchi profili
@@ -39,7 +39,7 @@ Quando tenti di recuperare l'account, se il sito restituisce un messaggio di err
### GDPR (solo per i residenti nello SEE)
-I residenti SEE hanno ulteriori diritti relativi alla cancellazione dei dati, specificati all'[Articolo 17](https://gdpr-info.eu/art-17-gdpr) del GDPR. Se applicabile, leggi la politica sulla privacy per qualsiasi dato servizio, per trovare le informazioni su come esercitare il tuo diritto alla cancellazione. Leggere la politica sulla privacy può rivelarsi importante, poiché alcuni servizi hanno un'opzione "Elimina Profilo" che disabilita il tuo profilo, mentre per l'eliminazione reale devi intraprendere ulteriori azioni. Talvolta, l'eliminazione effettiva potrebbe richiedere la compilazione di sondaggi, il contatto del responsabile della protezione dei dati, o persino la dimostrazione della tua residenza nel SEE. Se intendi procedere in questo modo, **non** sovrascrivere le informazioni del profilo: la tua identità come residente del SEE potrebbe venirti richiesta. Nota che la posizione geografica del servizio non ha alcuna importanza; il RGPD si applica a chiunque serva utenti europei. Se il servizio non rispetta il tuo diritto alla cancellazione, puoi contattare l'[Autorità di Protezione dei Dati](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) nazionale, e potresti anche avere diritto a un risarcimento in denaro.
+I residenti SEE hanno ulteriori diritti relativi alla cancellazione dei dati, specificati all'[Articolo 17](https://gdpr-info.eu/art-17-gdpr) del GDPR. Se applicabile, leggi la politica sulla privacy per qualsiasi dato servizio, per trovare le informazioni su come esercitare il tuo diritto alla cancellazione. Leggere la politica sulla privacy può rivelarsi importante, poiché alcuni servizi hanno un'opzione "Elimina Profilo" che disabilita il tuo profilo, mentre per l'eliminazione reale devi intraprendere ulteriori azioni. Talvolta, l'eliminazione effettiva potrebbe richiedere la compilazione di sondaggi, il contatto del responsabile della protezione dei dati, o persino la dimostrazione della tua residenza nel SEE. Se intendi procedere in questo modo, **non** sovrascrivere le informazioni del profilo: la tua identità come residente del SEE potrebbe venirti richiesta. Nota che la posizione geografica del servizio non ha alcuna importanza; il RGPD si applica a chiunque serva utenti europei. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Sovrascrivere informazioni del profilo
diff --git a/i18n/it/basics/common-misconceptions.md b/i18n/it/basics/common-misconceptions.md
index 087d7cda..187c1df1 100644
--- a/i18n/it/basics/common-misconceptions.md
+++ b/i18n/it/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Le politiche sulla privacy e le pratiche aziendali dei fornitori che scegli sono
## "Complicato è meglio"
-Spesso, vediamo le persone descrivere i modelli di minaccia per la privacy come eccessivamente complessi. Spesso queste soluzioni includono problemi come l'uso di molteplici account di posta elettronica o di configurazioni complicate con molte parti mobili e condizioni. Solitamente, si tratta solitamente di risposte a "Qual è il metodo migliore per fare *X*?"
+Spesso, vediamo le persone descrivere i modelli di minaccia per la privacy come eccessivamente complessi. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Solitamente, si tratta solitamente di risposte a "Qual è il metodo migliore per fare *X*?"
Trovare la soluzione "migliore" per te non significa necessariamente che ne stai cercando una infallibile con dozzine di condizioni: queste soluzioni sono spesso difficili da gestire in modo realistico. Come discusso in precedenza, la sicurezza va spesso a scapito della comodità. Di seguito, forniamo alcuni suggerimenti:
1. ==Le azioni devono servire uno scopo in particolare:== pensa a come fare ciò che desideri con il minor numero possibile di azioni.
2. ==Rimuovi i punti di fallimento umani:== Falliamo, ci stanchiamo e dimentichiamo le cose. Per mantenere la sicurezza, evita di affidarti a condizioni e procedimenti manuali che devi ricordare.
-3. ==Utilizza il giusto livello di protezione per ciò che intendi fare.== Spesso, vediamo consigli delle cosiddette soluzioni a prova di autorità o citazione in giudizio. Spesso, richiedono conoscenze specialistiche e, generalmente, non sono ciò che la gente desidera. Non ha senso creare un intricato modello di minaccia per l'anonimato, se puoi essere facilmente deanonimizzato da una semplice svista.
+3. ==Utilizza il giusto livello di protezione per ciò che intendi fare.== Spesso, vediamo consigli delle cosiddette soluzioni a prova di autorità o citazione in giudizio. Spesso, richiedono conoscenze specialistiche e, generalmente, non sono ciò che la gente desidera. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Quindi, come potrebbe apparire?
@@ -94,4 +94,4 @@ Uno dei modelli di minaccia più chiari è quello in cui le persone *ti conoscon
L'uso di Tor può aiutare in questo senso. Vale anche la pena di notare che un maggiore anonimato è possibile attraverso la comunicazione asincrona: La comunicazione in tempo reale è vulnerabile all'analisi dei modelli di digitazione (ad es. più di un paragrafo di testo, distribuito su un forum, via e-mail, ecc.)
-[^1]: Un notevole attacco alla supply chain si è verificato nel marzo 2024, quando un manutentore malintenzionato ha aggiunto una backdoor offuscata in `xz`, una popolare libreria di compressione. La backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) era destinata a consentire a un soggetto sconosciuto l'accesso remoto alla maggior parte dei server Linux tramite SSH, ma è stata scoperta prima che fosse ampiamente diffusa.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. La backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) era destinata a consentire a un soggetto sconosciuto l'accesso remoto alla maggior parte dei server Linux tramite SSH, ma è stata scoperta prima che fosse ampiamente diffusa.
diff --git a/i18n/it/basics/common-threats.md b/i18n/it/basics/common-threats.md
index 95eb9591..84d84de1 100644
--- a/i18n/it/basics/common-threats.md
+++ b/i18n/it/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Il tuo modello di minaccia è personale, ma queste sono alcuni aspetti che stanno a cuore a molti visitatori di questo sito web.
---
-In linea di massima, le nostre raccomandazioni sono suddivise in [minacce](threat-modeling.md) o obiettivi che si applicano alla maggior parte delle persone. ==Potresti essere interessato a nessuna, una, alcune o tutte queste possibilità==, e gli strumenti e servizi che utilizzi dipendono dai tuoi obiettivi. Potreste avere minacce specifiche anche al di fuori di queste categorie, il che è perfettamente normale! La parte importante è lo sviluppo di una comprensione dei benefici e difetti degli strumenti che scegli di utilizzare, poiché virtualmente nessuno di essi ti proteggerà da ogni minaccia.
+In linea di massima, le nostre raccomandazioni sono suddivise in [minacce](threat-modeling.md) o obiettivi che si applicano alla maggior parte delle persone. ==Potresti essere interessato a nessuna, una, alcune o tutte queste possibilità==, e gli strumenti e servizi che utilizzi dipendono dai tuoi obiettivi. You may have specific threats outside these categories as well, which is perfectly fine! La parte importante è lo sviluppo di una comprensione dei benefici e difetti degli strumenti che scegli di utilizzare, poiché virtualmente nessuno di essi ti proteggerà da ogni minaccia.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Per minimizzare i danni che un software malevolo *potrebbe* causare, dovresti ut
I sistemi operativi per mobile, generalmente, presentano un migliore sandboxing delle applicazioni, rispetto ai sistemi operativi per desktop: le app possono ottenere l'accesso di root e richiedono l'autorizzazione per accedere alle risorse di sistema.
-Generalmente, i sistemi operativi per desktop sono in ritardo, per l'adeguato sandboxing. ChromeOS ha funzionalità di sandboxing simili ad Android e macOS ha il pieno controllo delle autorizzazioni di sistema (e gli sviluppatori possono optare per il sandboxing delle applicazioni). Tuttavia, questi sistemi operativi trasmettono le informazioni identificativi ai rispettivi OEM. Linux tende a non inviare le informazioni ai fornitori del sistema, ma presenta una scarsa protezione da exploit e applicazioni dannose. Ciò si può in qualche modo mitigare con distribuzioni specializzate che fanno significativo utilizzo di macchine virtuali o contenitori, come [Qubes OS](../desktop.md#qubes-os).
+Generalmente, i sistemi operativi per desktop sono in ritardo, per l'adeguato sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Tuttavia, questi sistemi operativi trasmettono le informazioni identificativi ai rispettivi OEM. Linux tende a non inviare le informazioni ai fornitori del sistema, ma presenta una scarsa protezione da exploit e applicazioni dannose. Ciò si può in qualche modo mitigare con distribuzioni specializzate che fanno significativo utilizzo di macchine virtuali o contenitori, come [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Dunque, dovresti utilizzare le applicazioni native, invece dei client web, quand
-Anche con l'E2EE, i fornitori dei servizi possono comunque profilarti secondo i **metadati**, che tipicamente non sono protetti. Sebbene il fornitore del servizio non possa leggere i tuoi messaggi, può comunque osservare cose importanti, come con chi stai parlando, quanto spesso gli invii messaggi e quando sei tipicamente attivo. La protezione dei metadati è abbastanza rara e, se rientra nel tuo [modello di minaccia](threat-modeling.md), dovresti prestare molta attenzione alla documentazione tecnica del software che stai utilizzando, per scoprire se è prevista alcuna minimizzazione o protezione dei metadati.
+Anche con l'E2EE, i fornitori dei servizi possono comunque profilarti secondo i **metadati**, che tipicamente non sono protetti. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. La protezione dei metadati è abbastanza rara e, se rientra nel tuo [modello di minaccia](threat-modeling.md), dovresti prestare molta attenzione alla documentazione tecnica del software che stai utilizzando, per scoprire se è prevista alcuna minimizzazione o protezione dei metadati.
## Programmi di sorveglianza di massa
@@ -156,7 +156,7 @@ La sorveglianza di massa consiste nell'intricato sforzo di monitorare il "compor
Se vuoi saperne di più sui metodi di sorveglianza e su come vengono attuati nella tua città, puoi anche dare un'occhiata a [Atlas of Surveillance](https://atlasofsurveillance.org/) della [Electronic Frontier Foundation](https://eff.org/).
-In Francia puoi consultare il [sito web di Technopolice](https://technopolice.fr/villes) gestito dall'associazione non-profit La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ Se sei preoccupato per i programmi di sorveglianza di massa, puoi usare strategi
Per molti, il tracciamento e la sorveglianza dalle aziende private è una preoccupazione crescente. Le reti pubblicitarie pervasive, come quelle gestite da Google e Facebook, si estendono su Internet ben oltre i siti che controllano, tracciando le tue azioni lungo il percorso. Utilizzare strumenti come i blocchi di contenuti per limitare le richieste di rete ai loro server e leggere le politiche sulla privacy dei servizi che utilizzi, può aiutarti a evitare molti avversari di base (sebbene non possa prevenire completamente il tracciamento).[^4]
-Inoltre, anche le aziende esterne al settore *AdTech* o di tracciamento, possono condividere le tue informazioni con gli [intermediari di dati](https://en.wikipedia.org/wiki/Information_broker) (come Cambridge Analytica, Experian o Datalogix), o altre parti. Non puoi supporre automaticamente che i tuoi dati siano sicuri semplicemente perché il servizio che stai utilizzando non ricade nel tipico modello aziendale dell'AdTech o di tracciamento. La protezione più forte contro la raccolta aziendale dei dati è crittografare od offuscare i tuoi dati quando possibile, complicando per i diversi fornitori, la correlazione dei dati tra loro e la costruzione di un profilo su di te.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Non puoi supporre automaticamente che i tuoi dati siano sicuri semplicemente perché il servizio che stai utilizzando non ricade nel tipico modello aziendale dell'AdTech o di tracciamento. La protezione più forte contro la raccolta aziendale dei dati è crittografare od offuscare i tuoi dati quando possibile, complicando per i diversi fornitori, la correlazione dei dati tra loro e la costruzione di un profilo su di te.
## Limitare le Informazioni Pubbliche
diff --git a/i18n/it/basics/email-security.md b/i18n/it/basics/email-security.md
index 8a932414..cd31d0e7 100644
--- a/i18n/it/basics/email-security.md
+++ b/i18n/it/basics/email-security.md
@@ -29,13 +29,13 @@ Se utilizzi un dominio condiviso da un fornitore che non supporta WKD, come @gma
### Quali client email supportano E2EE?
-I fornitori email che ti consentono di utilizzare i protocolli d'accesso standard come IMAP e SMTP, sono utilizzabili con qualsiasi [client email che consigliamo](../email-clients.md). In base al metodo d'autenticazione, ciò potrebbe comportare una riduzione della sicurezza se il fornitore o il client email non supportano OATH o un'applicazione di collegamento (bridge), poiché l'[autenticazione a più fattori](multi-factor-authentication.md) non è possibile con l'autenticazione con password semplice.
+I fornitori email che ti consentono di utilizzare i protocolli d'accesso standard come IMAP e SMTP, sono utilizzabili con qualsiasi [client email che consigliamo](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Come proteggo le mie chiavi private?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Il messaggio, quindi, viene decrittografato dalla smartcart e il contenuto decrittografato è reinviato al dispositivo.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-È preferibile che la decodifica avvenga sulla smartcard per evitare di esporre la tua chiave privata a un dispositivo compromesso.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Panoramica sui metadati email
@@ -49,4 +49,4 @@ I metadati dell'email sono protetti dagli osservatori esterni con il [TLS opport
### Perché i metadati non possono essere E2EE?
-I metadati dell'email sono fondamentali per le funzionalità di base dell'email (da dove proviene e dove deve andare). Originariamente, l'E2EE non è stata integrata nei protocolli email, richiedendo piuttosto dei software aggiuntivi, come OpenPGP. Poiché i messaggi di OpenPGP devono continuare a funzionare con i fornitori email tradizionali, esso non può crittografare i metadati email, ma soltanto il corpo del messaggio. Ciò significa che, anche utilizzando OpenPGP, gli osservatori esterni possono visualizzare molte informazioni sui tuoi messaggi, come a chi stai scrivendo, l'oggetto, quando stai inviando l'email, etc.
+I metadati dell'email sono fondamentali per le funzionalità di base dell'email (da dove proviene e dove deve andare). Originariamente, l'E2EE non è stata integrata nei protocolli email, richiedendo piuttosto dei software aggiuntivi, come OpenPGP. Poiché i messaggi di OpenPGP devono continuare a funzionare con i fornitori email tradizionali, esso non può crittografare i metadati email, ma soltanto il corpo del messaggio. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/it/basics/hardware.md b/i18n/it/basics/hardware.md
index 2f96be35..809267b0 100644
--- a/i18n/it/basics/hardware.md
+++ b/i18n/it/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Avviso
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/it/basics/multi-factor-authentication.md b/i18n/it/basics/multi-factor-authentication.md
index 131d950e..7ba447e3 100644
--- a/i18n/it/basics/multi-factor-authentication.md
+++ b/i18n/it/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Autenticazione a Fattori Multipli"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: L'AFM è un meccaanismo di sicurezza fondamentale per proteggere i tuoi profili online, ma alcuni metodi sono più efficaci di altri.
---
-L'**Autenticazione a Fattori Multipli** (**AFM**) è un meccanismo di sicurezza che richiede ulteriori passaggi oltre all'inserimento del tuo nome utente (o email) e la password. Il metodo più comune è quello dei codici a tempo limitato, che potresti ricevere via SMS o da un'app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Il metodo più comune è quello dei codici a tempo limitato, che potresti ricevere via SMS o da un'app.
Solitamente, se un hacker (o avversario) è in grado di scoprire la tua password, otterrebbe l'accesso al tuo profilo, cui appartiene tale password. Un proflo con l'AFM forza l'hacker ad avere sia la password (qualcosa che *conosci*) che un dispositivo che possiedi (qualcosa che *possiedi*), come il tuo telefono.
@@ -26,7 +26,7 @@ La sicurezza dell'AFM con notifiche push dipende dalla qualità dell'app, dalla
### Time-based One-time Password (TOTP)
-La TOTP è una delle forme di AFM più comuni disponibili. Quando configuri la TOTP, devi generalmente scansionare un [Codice QR](https://en.wikipedia.org/wiki/QR_code), che stabilisce un "[codice segreto](https://en.wikipedia.org/wiki/Shared_secret)" con il servizio che intendi utilizzare. Questo è protetto tra i dati dell'app d'autenticazione ed è talvolta protetto da una password.
+La TOTP è una delle forme di AFM più comuni disponibili. Quando configuri la TOTP, devi generalmente scansionare un [Codice QR](https://en.wikipedia.org/wiki/QR_code), che stabilisce un "[codice segreto](https://en.wikipedia.org/wiki/Shared_secret)" con il servizio che intendi utilizzare. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Il codice a tempo limitato deriva dal codice segreto e dall'ora corrente. Poiché il codice è valido soltanto per un breve periodo di tempo, senza l'accesso al codice segreto condiviso, un avversario non può generare nuovi codici.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 e WebAuthn hanno proprietà di sicurezza e privacy superiori, rispetto a qualsiasi metodo AFM.
-Tipicamente, per i servizi web è utilizzato con WebAuthn, parte dei [consigli W3C](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Utilizza l'autenticazione a chiave pubblica ed è più sicuro dei codici segreti condivisi utilizzati dai metodi di Yubico OTP e TOTP, poiché include il nome originale (solitamente, il nome di dominio), durante l'autenticazione. L'attestazione è fornita per proteggerti dagli attacchi di phishing, poiché ti aiuta a determinare che stai utilizzando il servizio autentico e non una copia falsa.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Utilizza l'autenticazione a chiave pubblica ed è più sicuro dei codici segreti condivisi utilizzati dai metodi di Yubico OTP e TOTP, poiché include il nome originale (solitamente, il nome di dominio), durante l'autenticazione. L'attestazione è fornita per proteggerti dagli attacchi di phishing, poiché ti aiuta a determinare che stai utilizzando il servizio autentico e non una copia falsa.
Diversamente da Yubico OTP, WebAuthn non utilizza alcun ID pubblico, quindi la chiave **non** è identificabile tra siti web differenti. Inoltre, non utilizza alcun server su cloud di terze parti per l'autenticazione. Tutte le comunicazioni sono completate tra la chiave e il sito web cui stai accedendo. Inoltre, FIDO utilizza un contatore che incrementa all'utilizzo, per impedire il riutilizzo della sessione e la clonazione delle chiavi.
@@ -116,15 +116,15 @@ Se utilizzi gli SMS per l'AFM, utilizza un operatore che non cambi il tuo numero
## Altri posti per configurare l'AFM
-Oltre a proteggere i tuoi accessi ai siti web, l'autenticazione a più fattori è utilizzabile per proteggere i tuoi accessi locali, le chiavi SSH o persino i database di password.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS [supporta nativamente](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) l'autenticazione con smart card (PIV). Se possiedi una smartcard o una chiave di sicurezza hardware che supporta l'interfaccia PIV, come YubiKey, consigliamo di seguire la documentazione del tuo fornitore di sicurezza con smartcard/hardware e di configurare l'autenticazione a due fattori per il tuo computer macOS.
+macOS [supporta nativamente](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) l'autenticazione con smart card (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico ha una guida all'[Utilizzo della tua YubiKey come Smart Card su macOS](https://support.yubico.com/hc/articles/360016649059), che può aiutarti a configurarla su macOS.
-Dopo aver configurato la tua smartcard/chiave di sicurezza, consigliamo di eseguire questo comando nel Terminale:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ L'AFM SSH può anche essere configurata utilizzando TOTP. DigitalOcean ha fornit
### KeePass (e KeePassXC)
-I database di KeePass e KeePassXC possono essere protetti utilizzando la Challenge-Response o HOTP come autenticazione di secondo fattore. Yubico ha fornito un documento per KeePass [Utilizza la tua YubiKey con KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) e ce n'è anche uno sul sito [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico ha fornito un documento per KeePass [Utilizza la tua YubiKey con KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) e ce n'è anche uno sul sito [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
diff --git a/i18n/it/basics/passwords-overview.md b/i18n/it/basics/passwords-overview.md
index 99d00ed1..93856a63 100644
--- a/i18n/it/basics/passwords-overview.md
+++ b/i18n/it/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Tutti i [gestori di password consigliati](../passwords.md) da noi, includono un
Dovresti evitare di modificare troppo spesso le password che devi ricordare (come la password generale del tuo gestore di password), a meno che tu non abbia motivo di credere che siano state compromesse, poiché modificarle troppo spesso ti espone al rischio di dimenticarle.
-Per quanto riguard le password che non devi ricordare (come quelle memorizzate nel tuo gestore di password), se il tuo [modello di minaccia](threat-modeling.md) lo richiede, consigliamo di modificare le password dei profili importaanti (specialmente profili privi di autenticazione a più fattori), ogni paio di mesi, nel caso in cui siano state compromesse in una violazione di dati non ancora resa pubblica. Gran parte dei gestori di password ti consentono di impostare una data di scadenza per la tua password, rendendola più facile da gestire.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Gran parte dei gestori di password ti consentono di impostare una data di scadenza per la tua password, rendendola più facile da gestire.
Controllo delle violazioni dei dati
@@ -54,13 +54,13 @@ Per generare una passphrase diceware utilizzando un vero dado, segui questi pass
Nota
-Queste istruzioni suppongono che tu stia utilizzando l'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) per generare la frase segreta, che richiede cinque lanci di dadi per parola. Altri elenchi di parole potrebbero richiedere maggiori o minori lanci per parola e potrebbero richiedere una quantità di parole differenti, per ottenere la stessa entropia.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Lancia un dado a sei facce per cinque volte, annotando il numero dopo ogni lancio.
-2. Ad esempio, supponiamo tu abbia ottenuto `2-5-2-6-6`. Cerca nell'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) per la parola che corrisponde a `25266`.
+2. Ad esempio, supponiamo tu abbia ottenuto `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Troverai la parola `encrypt`. Annotala.
@@ -75,25 +75,25 @@ Queste istruzioni suppongono che tu stia utilizzando l'[EFF's large wordlist](ht
Se non hai accesso a dadi reali o preferiresti non utilizzarli, puoi utilizzare il generatore di password integrato del gestore di password, poiché molti di essi offrono l'opzione di generare frasi segrete Diceware, oltre alle password regolari.
-Consigliamo di utilizzare l'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) per generare le tue frasi segrete Diceware, poiché offre la stessa sicurezza dell'elenco originale, contenendo parole più facili da memorizzare. Esistono anche [altri elenchi di parole in lingue differenti](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), se non desideri che la tua frase segreta sia in inglese.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Spiegazione dell'entropia e della forza delle passphrase diceware
-Per dimostrare quanto siano forti le passphrase diceware, useremo la già citata passphrase di sette parole (`viewable fastness reluctant squishy seventeen shown pencil`) e l'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) come esempio.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
Un parametro per determinare la forza di una passphrase diceware è la sua entropia. L'entropia per parola in una passphrase diceware è calcolata come e l'entropia complessiva della passphrase è calcolata come:
Pertanto, ogni parola nell'elenco di cui sopra risulta in ~12.9 bit di entropia () e una passphrase di sette parole derivata da essa ha ~90,47 bit di entropia ().
-L'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contiene 7776 parole uniche. Per calcolare la quantità di passphrase possibili, tutto ciò che dobbiamo fare è , o nel nostro caso, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. Per calcolare la quantità di passphrase possibili, tutto ciò che dobbiamo fare è , o nel nostro caso, .
-Mettiamo tutto questo in prospettiva: una passphrase di sette parole che utilizza l'[EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) è una delle possibili ~1.719.070.799.748.422.500.000.000.000.000 passphrase.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
In media, è necessario tentare il 50% di tutte le combinazioni possibili per indovinare la tua frase segreta. Tenendo ciò a mente, anche se il malintenzionato è capace di circa 1.000.000.000.000 tentativi al secondo, gli ci vorrebbero comunque circa 27.255.689 aanni per indovinare la tua frase segreta. Questo vale solo se le seguenti cose sono vere:
- Il tuo avversario sa che hai utilizzato il metodo Diceware.
-- Il tuo avversario conosce l'elenco di parole specifico utilizzato.
+- Your adversary knows the specific word list that you used.
- Il tuo avversario sa quante parole contiene la tua frase segreta.
@@ -113,7 +113,7 @@ Esistono molte buone opzioni da cui scegliere, sia basate su cloud che locali. S
Non inserire le tue password e i token TOTP nello stesso gestore di password
-Quando si utilizzano [codici TOTP come autenticazione a più fattori] (multi-factor-authentication.md#time-based-one-time-password-totp), la migliore prassi di sicurezza è quella di conservare i codici TOTP in una [app separata](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Memorizzare i token TOTP nello stesso luogo delle tue password, sebbene comodo, riduce i profili a un singolo fattore, nel caso in cui un malintenzionato ottenga l'accesso al tuo gestore di password.
diff --git a/i18n/it/basics/threat-modeling.md b/i18n/it/basics/threat-modeling.md
index 1c64f724..fea5d492 100644
--- a/i18n/it/basics/threat-modeling.md
+++ b/i18n/it/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Una "risorsa" è qualcosa che valorizzi e desideri proteggere. Nel contesto dell
Per rispondere a questa domanda, è importante identificare chi potrebbe voler prendere di mira te o le tue informazioni. ==Una persona o entità rappresentante una minaccia per le tue risorse è un "avversario".== Esempi di potenziali avversari sono il tuo capo, il tuo ex collega, la tua competizione aziendale, il tuo governo o un hacker su una rete pubblica.
-*Crea un elenco dei tuoi avversari o di coloro che potrebbero voler entrare in possesso delle tue risorse. Il tuo elenco può includere individui, agenzie governative o aziende.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Il tuo elenco può includere individui, agenzie governative o aziende.*
A seconda di chi sono i tuoi avversari, questo elenco potrebbe essere qualcosa che vorrai distruggere dopo aver finito di sviluppare il tuo modello di minaccia.
diff --git a/i18n/it/browser-extensions.md b/i18n/it/browser-extensions.md
index 23202f00..fba2f051 100644
--- a/i18n/it/browser-extensions.md
+++ b/i18n/it/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/it/calendar.md b/i18n/it/calendar.md
index 9e5dfde8..68dabfb1 100644
--- a/i18n/it/calendar.md
+++ b/i18n/it/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offre un calendario gratuito e criptato su tutte le piattaforme da loro supportate. Le caratteristiche includono: E2EE automatica di tutti i dati, funzioni di condivisione, importazione/esportazione, autenticazione a più fattori e [altro](https://tuta.com/it/calendar-app-comparison).
+**Tuta** offre un calendario gratuito e criptato su tutte le piattaforme da loro supportate. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Calendari multipli e funzionalità di condivisione estese sono limitate agli abbonati a pagamento.
diff --git a/i18n/it/cloud.md b/i18n/it/cloud.md
index f3767288..91ae60d1 100644
--- a/i18n/it/cloud.md
+++ b/i18n/it/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteri
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Deve imporre la crittografia end-to-end.
- Deve offrire un piano gratuito o un periodo di prova per testarlo.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Deve offrire un'interfaccia web che supporti le funzionalità di base per la gestione dei file.
- Deve consentire un'esportazione facile di tutti i file/documenti.
diff --git a/i18n/it/cryptocurrency.md b/i18n/it/cryptocurrency.md
index f769347b..35a30d72 100644
--- a/i18n/it/cryptocurrency.md
+++ b/i18n/it/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteri
diff --git a/i18n/it/data-broker-removals.md b/i18n/it/data-broker-removals.md
index 5a8180ca..70e5064c 100644
--- a/i18n/it/data-broker-removals.md
+++ b/i18n/it/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/it/desktop-browsers.md b/i18n/it/desktop-browsers.md
index cffca915..74ec9ade 100644
--- a/i18n/it/desktop-browsers.md
+++ b/i18n/it/desktop-browsers.md
@@ -109,7 +109,7 @@ Ciò è necessario per impedire forme avanzate di tracciamento, a costo della co
### Mullvad Leta
-Mullvad Browser integra DuckDuckGo come [motore di ricerca](search-engines.md) predefinito, ma include anche **Mullvad Leta**, un motore di ricerca che richiede un abbonamento attivo alla VPN di Mullvad, per potervi accedere. Mullvad Leta interroga direttamente l'API di ricerca a pagamento di Google, motivo per cui è limitata agli abbonati paganti. Tuttavia, è possibile per Mullvad correlare le query di ricerca e gli account VPN Mullvad a causa di questa limitazione. Per questo motivo sconsigliamo l'uso di Mullvad Leta, anche se Mullvad raccoglie pochissime informazioni sui propri abbonati alla VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta interroga direttamente l'API di ricerca a pagamento di Google, motivo per cui è limitata agli abbonati paganti. Tuttavia, è possibile per Mullvad correlare le query di ricerca e gli account VPN Mullvad a causa di questa limitazione. Per questo motivo sconsigliamo l'uso di Mullvad Leta, anche se Mullvad raccoglie pochissime informazioni sui propri abbonati alla VPN.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox ci invia i dati sulla tua versione e lingua di Firefox; sistema operativo del dispositivo e configurazione hardware; memoria, informazioni essenziali su arresti anomali ed errori; risultati di processi automatizzati quali aggiornamenti, navigazione sicura e attivazione. Quando Firefox ci invia i dati, il tuo indirizzo IP è raccolto temporaneamente come parte dei registri del nostro server.
-Inoltre, il servizio Mozilla Accounts raccoglie [alcuni dati tecnici](https://mozilla.org/privacy/mozilla-accounts). Se utilizzi un account Mozilla puoi disattivare questa funzione:
+Inoltre, il servizio Mozilla Accounts raccoglie [alcuni dati tecnici](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Apri le [impostazioni del tuo profilo su accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Deseleziona ** Raccolta e utilizzo dati ** > **Aiutaci a migliorare gli account Firefox**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Seleziona **Attiva in tutte le finestre**
-Ciò previene che ti connetta involontariamente a un sito web in HTTP semplice. I siti senza HTTPS sono poco comuni oggigiorno, quindi, ciò dovrebbe avere un impatto minimo o zero sulla tua navigazione quotidiana.
+Ciò previene che ti connetta involontariamente a un sito web in HTTP semplice. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave consente di selezionare filtri aggiuntivi per i contenuti nella pagina int
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/it/desktop.md b/i18n/it/desktop.md
index 4681649b..08788729 100644
--- a/i18n/it/desktop.md
+++ b/i18n/it/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. È inoltre possibile aggiungere più versioni in base alle necessità.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS è una distribuzione indipendente basata sul gestore di pacchetti Nix, inc
Il gestore di pacchetti di NixOS conserva ogni versione di ogni pacchetto in una cartella diversa del **Nix Store**. A causa di ciò puoi avere versioni differenti dello stesso pacchetto installate sul tuo sistema. Dopo che il contenuto del pacchetto è stato scritto nella cartella, questa viene resa di sola lettura.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. Puoi anche *testare* la nuova generazione passandovi durante l'esecuzione, ma non impostarla come quella corrente di sistema. Se qualcosa nel processo d'aggiornamento si corrompe, basta riavviare e tornare automaticamente a una versione funzionante del sistema.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. Puoi anche *testare* la nuova generazione passandovi durante l'esecuzione, ma non impostarla come quella corrente di sistema. Se qualcosa nel processo d'aggiornamento si corrompe, basta riavviare e tornare automaticamente a una versione funzionante del sistema.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/it/device-integrity.md b/i18n/it/device-integrity.md
index 47f71953..e68f83dd 100644
--- a/i18n/it/device-integrity.md
+++ b/i18n/it/device-integrity.md
@@ -28,7 +28,7 @@ Ciò significa che un aggressore dovrebbe reinfettare regolarmente il dispositiv
Se uno dei seguenti strumenti indica una potenziale compromissione da parte di spyware come Pegasus, Predator o KingsPawn, consigliamo di contattare:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Forze dell'ordine locali
**Non possiamo aiutarti più di così in maniera diretta.** Siamo lieti di discutere della tua situazione o delle circostanze specifiche e di revisionare i tuoi risultati negli spazi della nostra [community](https://discuss.privacyguides.net), ma è improbabile che potremo aiutarti più di quanto è scritto su questa pagina.
@@ -129,7 +129,7 @@ MVT ti consente di eseguire scansioni/analisi più approfondite, se il tuo dispo
-iMazing automatizza e ti guida interattivamente al procedimento di utilizzo di [MVT](#mobile-verification-toolkit) per scansionare il tuo dispositivo, in cerca di indicatori pubblicamente accessibili di compromissione, pubblicati da vari ricercatori delle minacce. Tutte le informazioni e gli avvisi che si applicano a MVT, si applicano anche a questo strumento, quindi, ti suggeriamo di familiarizzare con le note su MVT, nelle sezioni precedenti.
+iMazing automatizza e ti guida interattivamente al procedimento di utilizzo di [MVT](#mobile-verification-toolkit) per scansionare il tuo dispositivo, in cerca di indicatori pubblicamente accessibili di compromissione, pubblicati da vari ricercatori delle minacce. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## Verifica su dispositivo
diff --git a/i18n/it/dns.md b/i18n/it/dns.md
index 1ca0a022..333b41cf 100644
--- a/i18n/it/dns.md
+++ b/i18n/it/dns.md
@@ -75,7 +75,7 @@ AdGuard Home dispone di un'interfaccia web raffinata per visualizzare i dettagli
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ I software proxy per il DNS crittografato forniscono un proxy locale a cui inolt
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/it/document-collaboration.md b/i18n/it/document-collaboration.md
index 6fa57d5c..63f90154 100644
--- a/i18n/it/document-collaboration.md
+++ b/i18n/it/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
I nostri criteri ottimali rappresentano ciò che vorremmo vedere dal progetto perfetto in questa categoria. I nostri consigli potrebbero non includere tutte o alcune di queste funzionalità, ma quelli che le includono potrebbero essere preferiti ad altri su questa pagina.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/it/email-aliasing.md b/i18n/it/email-aliasing.md
index 538ccf12..60f14470 100644
--- a/i18n/it/email-aliasing.md
+++ b/i18n/it/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/it/email.md b/i18n/it/email.md
index 806a6330..51d37146 100644
--- a/i18n/it/email.md
+++ b/i18n/it/email.md
@@ -58,7 +58,7 @@ Inoltre, OpenPGP non supporta la Forward Secrecy, ciò significa che se la chiav
{ align=right }
-**Proton Mail** è un servizio di posta elettronica incentrato su privacy, crittografia, sicurezza e facilità d'uso. They have been in operation since 2013. Proton AG ha sede a Ginevra, Svizzera. Il piano gratuito di Proton Mail prevede 500 MB di spazio di archiviazione per la posta, che può essere aumentato gratuitamente fino a 1 GB.
+**Proton Mail** è un servizio di posta elettronica incentrato su privacy, crittografia, sicurezza e facilità d'uso. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accetta](https://proton.me/support/payment-options) contanti per po
#### :material-check:{ .pg-green } Sicurezza dell'account
-Proton Mail supporta l'[autenticazione a due fattori](https://proton.me/support/two-factor-authentication-2fa) TOTP e le [chiavi di sicurezza hardware](https://proton.me/support/2fa-security-key), utilizzando gli standard FIDO2 o U2F. L'utilizzo di una chiave di sicurezza hardware richiede prima la configurazione dell'autenticazione a due fattori TOTP.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Sicurezza dei dati
@@ -117,7 +117,7 @@ Se hai un account a pagamento e il tuo [abbonamento non viene pagato](https://pr
#### :material-information-outline:{ .pg-blue } Funzionalità aggiuntive
-Il piano [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) di Proton Mail consente anche l'accesso ad altri servizi Proton, oltre a fornire molteplici domini personalizzati, alias "hide-my-email" illimitati e 500 GB di archiviazione.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail non offre una funzionalità di eredità digitale.
@@ -127,7 +127,7 @@ Proton Mail non offre una funzionalità di eredità digitale.
{ align=right }
-**Mailbox.org** è un servizio email incentrato sull'essere sicuro, privo di pubblicità e alimentato privatamente da energia ecologica al 100%. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. I profili partono da 2 GB di archiviazione, i quali possono essere aumentati se necessario.
+**Mailbox.org** è un servizio email incentrato sull'essere sicuro, privo di pubblicità e alimentato privatamente da energia ecologica al 100%. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org consente di utilizzare il proprio dominio e supporta gli indirizzi d
#### :material-check:{ .pg-green } Metodi di pagamento privati
-Mailbox.org non accetta criptovalute a causa della sospensione delle attività del suo elaboratore di pagamenti BitPay, in Germania. Tuttavia, accettano contanti per posta, pagamento in contanti su conto corrente, bonifico bancario, carta di credito, PayPal e un paio di fornitori specifici per la Germania: paydirekt e Sofortüberweisung.
+Mailbox.org non accetta criptovalute a causa della sospensione delle attività del suo elaboratore di pagamenti BitPay, in Germania. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Sicurezza dell'account
-Mailbox.org supporta l'[autenticazione a due fattori](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) solo per la sua webmail. È possibile utilizzare TOTP o una [YubiKey](https://en.wikipedia.org/wiki/YubiKey) tramite [YubiCloud](https://yubico.com/products/services-software/yubicloud). Gli standard Web come [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) non sono ancora supportati.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. È possibile utilizzare TOTP o una [YubiKey](https://en.wikipedia.org/wiki/YubiKey) tramite [YubiCloud](https://yubico.com/products/services-software/yubicloud). Gli standard Web come [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) non sono ancora supportati.
#### :material-information-outline:{ .pg-blue } Sicurezza dei dati
@@ -172,7 +172,7 @@ Alla scadenza del contratto, l'account sarà impostato come account utente limit
#### :material-information-outline:{ .pg-blue } Funzionalità aggiuntive
-È possibile accedere al proprio account Mailbox.org tramite IMAP/SMTP utilizzando il [ servizio .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Tuttavia, l'interfaccia webmail non è accessibile tramite il loro servizio .onion e potresti riscontrare errori del certificato TLS.
+È possibile accedere al proprio account Mailbox.org tramite IMAP/SMTP utilizzando il [ servizio .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Tutti gli account sono dotati di uno spazio di archiviazione cloud limitato che [può essere crittografato](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org offre anche l'alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), che applica la crittografia TLS alla connessione tra i server di posta, altrimenti il messaggio non verrà inviato affatto. Mailbox.org supporta anche [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync), oltre ai protocolli di accesso standard come IMAP e POP3.
@@ -195,7 +195,7 @@ Questi fornitori memorizzano le tue email con la crittografia a conoscenza zero,
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Gli account gratuiti partono da 1 GB di spazio di archiviazione.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Gli account Tuta a pagamento possono utilizzare 15 o 30 alias a seconda del pian
#### :material-information-outline:{ .pg-blue } Metodi di pagamento privati
-Tuta accetta direttamente solo carte di credito e PayPal, tuttavia le [criptovalute](cryptocurrency.md) possono essere utilizzate per acquistare carte regalo grazie alla [collaborazione](https://tuta.com/support/#cryptocurrency) con Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Sicurezza dell'account
-Tuta supporta l'[autenticazione a due fattori](https://tuta.com/support#2fa) con TOTP o U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Sicurezza dei dati
@@ -297,7 +297,7 @@ Consideriamo queste funzionalità come importanti per poter fornire un servizio
**Requisiti minimi:**
- Crittografia dei dati degli account email a riposo con crittografia ad "accesso zero".
-- Possibilità di esportazione come [Mbox](https://en.wikipedia.org/wiki/Mbox) o singoli .eml con standard [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Consente agli utenti di utilizzare il proprio [nome di dominio](https://en.wikipedia.org/wiki/Domain_name). I nomi di dominio personalizzati sono importanti per gli utenti, poiché consentono loro di mantenere la propria autonomia dal servizio, dovesse diventare negativo o essere acquisito da un'altra azienda che non dà priorità alla privacy.
- Opera su un'infrastruttura proprietaria, cioè, non basata su fornitori del servizio email di terze parti.
diff --git a/i18n/it/encryption.md b/i18n/it/encryption.md
index f280261c..916e037d 100644
--- a/i18n/it/encryption.md
+++ b/i18n/it/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt è un fork del progetto abbandonato TrueCrypt. Secondo i suoi sviluppa
Crittografando con VeraCrypt, puoi selezionare [funzioni di hash](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme) differenti. Ti suggeriamo di selezionare **soltanto** [SHA-512](https://en.wikipedia.org/wiki/SHA-512), e il cifrario a blocchi [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
-Truecrypt è stato [controllato numerose volte](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), così come VeraCrypt, [controllato separatamente](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Esegui il backup di 'BitLocker-Recovery-Key.txt' sul tuo desktop, in un disposit
{ align=right }
-**FileVault** è la soluzione per la crittografia rapida dei volumi, integrata su macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** è la soluzione per la crittografia rapida dei volumi, integrata su macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/it/file-sharing.md b/i18n/it/file-sharing.md
index 8467a8d2..6e420534 100644
--- a/i18n/it/file-sharing.md
+++ b/i18n/it/file-sharing.md
@@ -13,7 +13,7 @@ Scopri come condividere privatamente i tuoi file tra i tuoi dispositivi, con i t
## Condivisione di file
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/it/frontends.md b/i18n/it/frontends.md
index c4853206..4b4f91f8 100644
--- a/i18n/it/frontends.md
+++ b/i18n/it/frontends.md
@@ -251,9 +251,9 @@ Di default, LibreTube blocca tutte le inserzioni di YouTube. Inoltre, LibreTube
-{ align=right }
+{ align=right }
-**NewPipe** è un'applicazione Android gratuita e open source per [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com) e [PeerTube](https://joinpeertube.org/it) (1).
+**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
Il tuo elenco delle iscrizioni e le playlist sono salvate localmente sul tuo dispositivo Android.
diff --git a/i18n/it/index.md b/i18n/it/index.md
index 11e3b7f6..4091fd2a 100644
--- a/i18n/it/index.md
+++ b/i18n/it/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG ha sede a Ginevra, Svizzera. Il piano gratuito di Proton Mail prevede 500 MB di spazio di archiviazione per la posta, che può essere aumentato gratuitamente fino a 1 GB.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. I profili partono da 2 GB di archiviazione, i quali possono essere aumentati se necessario.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Gli account gratuiti partono da 1 GB di spazio di archiviazione.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/it/meta/brand.md b/i18n/it/meta/brand.md
index c4060531..e4c86972 100644
--- a/i18n/it/meta/brand.md
+++ b/i18n/it/meta/brand.md
@@ -12,7 +12,7 @@ Il nome del sito web è **Privacy Guides** e **non** dovrebbe essere modificato
- PG.org
-Il nome del subreddit è **r/PrivacyGuides** o **il Subreddit di Privacy Guides**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Ulteriori linee guida sul marchio si possono trovare su [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/it/meta/translations.md b/i18n/it/meta/translations.md
index 10c8db39..a6bad22c 100644
--- a/i18n/it/meta/translations.md
+++ b/i18n/it/meta/translations.md
@@ -27,8 +27,8 @@ Per gli esempi come gli ammonimenti precedenti, le virgolette, es.: `" "` devono
## Alternative a larghezza intera e sintassi di Markdown
-Sistemi di scrittura CJK tendono a utilizzare varianti alternative "a larghezza intera" di simboli comuni. Si tratta di caratteri differenti e non utilizzabili per la sintassi di Markdown.
+Sistemi di scrittura CJK tendono a utilizzare varianti alternative "a larghezza intera" di simboli comuni. These are different characters and cannot be used for Markdown syntax.
-- I link devono utilizzare le parentesi regolari, cioè `(` (Parentesi Sinistra U+0028) e `)` (Parentesi Destra U+0029) e non `(` (Parentesi Sinistra a Larghezza Intera U+FF08) o `)` (Parentesi Destra a Larghezza Intera U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Il testo tra virgolette rientrato deve utilizzare `:` (Due punti U+003A) e non `:` (Due Punti a Larghezza Intera U+FF1A)
- Le immagini devono utilizzare `!` (Punto Esclamativo U+0021) e non `!` (Punto Esclamativo a Larghezza Intera U+FF01)
diff --git a/i18n/it/meta/uploading-images.md b/i18n/it/meta/uploading-images.md
index 0e1946cf..6ca893ec 100644
--- a/i18n/it/meta/uploading-images.md
+++ b/i18n/it/meta/uploading-images.md
@@ -48,7 +48,7 @@ Nella scheda **Output SVG**, in **Opzioni documento**:
- [ ] Disattiva **Rimuovi dichiarazione XML**
- [x] Attiva **Rimuovi metadati**
- [x] Attiva **Rimuovi commenti**
-- [x] Attiva **Incorpora immagini raster**
+- [x] Turn on **Embedded raster images**
- [x] Attiva **Attiva anteprima**
Nella scheda **Output SVG**, in **Formattazione**:
diff --git a/i18n/it/meta/writing-style.md b/i18n/it/meta/writing-style.md
index 50c45bc6..043553a6 100644
--- a/i18n/it/meta/writing-style.md
+++ b/i18n/it/meta/writing-style.md
@@ -64,7 +64,7 @@ Dovremmo provare a evitare le abbreviazioni quadno possibile, ma la tecnologia
## Sii conciso
-> Le parole inutili fanno perdere tempo al tuo pubblico. Una buona scrittura è come una conversazione. Ometti le informazioni che il pubblico non necessita di sapere. Ciò può risultare difficile per un esperto in materia, quindi, è importante far leggere a qualcuno le informazioni, dalla prospettiva del pubblico.
+> Le parole inutili fanno perdere tempo al tuo pubblico. Una buona scrittura è come una conversazione. Ometti le informazioni che il pubblico non necessita di sapere. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Fonte: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/it/mobile-browsers.md b/i18n/it/mobile-browsers.md
index 00cb4d96..978457de 100644
--- a/i18n/it/mobile-browsers.md
+++ b/i18n/it/mobile-browsers.md
@@ -247,7 +247,7 @@ Ciò previene che ti connetta involontariamente a un sito web in HTTP semplice.
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** è il browser predefinito di iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** è il browser predefinito di iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Apri Safari e tocca sul pulsante Schede, nell'angolo inferiore destro. Then, exp
- [x] Seleziona **Privata**
-La modalità di Navigazione Privata di Safari offre ulteriori protezioni della privacy. La Navigazione Privata utilizza una nuova sessione [effimera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) per ogni scheda, a significare che le schede sono isolate l'una dall'altra. Inoltre, la Navigazione Privata, presenta altri piccoli benefici per la privacy, come il mancato invio dell'indirizzo di una pagina web ad Apple, utilizzando la funzionalità di traduzione di Safari.
+La modalità di Navigazione Privata di Safari offre ulteriori protezioni della privacy. La Navigazione Privata utilizza una nuova sessione [effimera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) per ogni scheda, a significare che le schede sono isolate l'una dall'altra. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Ciò può essere sconveniente.
diff --git a/i18n/it/multi-factor-authentication.md b/i18n/it/multi-factor-authentication.md
index 82186703..3efa2cec 100644
--- a/i18n/it/multi-factor-authentication.md
+++ b/i18n/it/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Autenticazione a più fattori"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: Questi strumenti ti assistono nella protezione dei tuoi account Internet con l'autenticazione a più fattori, senza inviare i tuoi codici segreti a terze parti.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Esempio
-Sostituisci `[SUBREDDIT]` con il subreddit a cui desideri iscriverti.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/it/notebooks.md b/i18n/it/notebooks.md
index 5d0a4a23..ff7abe00 100644
--- a/i18n/it/notebooks.md
+++ b/i18n/it/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Fornitori di Servizi](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Monitora le tue note e i tuoi diari senza doverli dare a una terza parte.
+Keep track of your notes and journals without giving them to a third party.
Se stai utilizzando un'applicazione come Evernote, Google Keep o Microsoft OneNote, suggeriamo di selezionare qui un'alternativa, che supporti l'E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** è un'applicazione gratuita, open source e completa di appunti e liste, che può gestire molte note in Markdown, organizzate in blocchi note e tag. Offre l'E2EE e può sincronizzarsi con Nextcloud, Dropbox e molto altro. Offre anche la possibilità di importare facilmente note da Evernote e note in testo semplice.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Offre l'E2EE e può sincronizzarsi con Nextcloud, Dropbox e molto altro. Offre anche la possibilità di importare facilmente note da Evernote e note in testo semplice.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin non [supporta](https://github.com/laurent22/joplin/issues/289) la protezi
-Cryptee offre 100MB di archiviazione gratuiti, con opzioni a pagamento se necessiti di più spazio. L'iscrizione non richiede un'email o altre informazioni personalmente identificabili.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. L'iscrizione non richiede un'email o altre informazioni personalmente identificabili.
## Note locali
diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md
index 91abc67b..5c316cc6 100644
--- a/i18n/it/os/android-overview.md
+++ b/i18n/it/os/android-overview.md
@@ -84,7 +84,7 @@ Se un'app è prevalentemente un servizio basato su web, il tracciamento potrebbe
Nota
-Le applicazioni che rispettano la privacy come [Bitwarden](https://reports.exodus-privacy.eu.org/it/reports/com.x8bit.bitwarden/latest/) possono mostrare alcuni tracker come [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/it/trackers/49/). Questa libreria include [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) che può fornire [notifiche push](https://en.wikipedia.org/wiki/Push_technology) nelle app. Questo [è il caso] (https://fosstodon.org/@bitwarden/109636825700482007) di Bitwarden. Ciò non significa che Bitwarden sta utilizzando tutte le funzionalità analitiche fornite da Google Firebase Analytics.
+Le applicazioni che rispettano la privacy come [Bitwarden](https://reports.exodus-privacy.eu.org/it/reports/com.x8bit.bitwarden/latest/) possono mostrare alcuni tracker come [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/it/trackers/49/). Questa libreria include [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) che può fornire [notifiche push](https://en.wikipedia.org/wiki/Push_technology) nelle app. Questo [è il caso] (https://fosstodon.org/@bitwarden/109636825700482007) di Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### Killswitch per VPN
+### VPN kill switch
Android 7 e successivi supporta un kill switch VPN, disponibile senza la necessità d'installare applicazioni di terze parti. Questa funzionalità può prevenire fughe, se la VPN è disconnessa. Si trova in :gear: **Impostazioni** → **Rete e Internet** → **VPN** → :gear: → **Blocca connessioni senza VPN**.
@@ -124,7 +124,7 @@ I dispositivi Android moderni dispongono di interruttori globali per disabilitar
## Servizi di Google
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. Comunque, consigliamo di evitare interamente i servizi di Google, o di limitare Google Play Services a un profilo dell'utente/di lavoro specifico, combinando un controllore del dispositivo come *Shelter*, con il Google Play di GrapheneOS.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Programma di protezione avanzata
diff --git a/i18n/it/os/ios-overview.md b/i18n/it/os/ios-overview.md
index ef6a65d8..c28bd81b 100644
--- a/i18n/it/os/ios-overview.md
+++ b/i18n/it/os/ios-overview.md
@@ -125,7 +125,7 @@ Se non desideri che qualcuno possa controllare il tuo telefono con Siri, quando
#### Face ID/Touch ID e Passcode
-Impostare una password forte sul tuo telefono è il passo più importante che puoi intraprendere per la sicurezza fisica del dispositivo. In questo caso dovrai trovare un compromesso tra la sicurezza e la comodità: una password più lunga sarà noiosa da digitare ogni volta, ma una password o un PIN più breve sarà più facile da indovinare. Configurare Face ID o TouchID insieme a una password forte, può costituire un buon compromesso tra utilizzabilità e sicurezza.
+Impostare una password forte sul tuo telefono è il passo più importante che puoi intraprendere per la sicurezza fisica del dispositivo. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Configurare Face ID o TouchID insieme a una password forte, può costituire un buon compromesso tra utilizzabilità e sicurezza.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ Se desideri utilizzare Face ID o Touch ID, puoi ora procedere alla configurazion
Se utilizzi la biometria, dovresti sapere come disattivarla rapidamente in caso d'emergenza. Tenere premuto il tasto laterale o di accensione e *uno dei* tasti del volume, finché non visualizzi il cursore Scorri per Spegnere, disabiliterà la biometria, richiedendo il codice d'accesso per sbloccare. Inoltre, il tuo codice di sicurezza sarà richiesto al riavvio del dispositivo.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Assicurati di provare in anticipo, così da sapere quale metodo funziona per il tuo dispositivo.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/it/os/linux-overview.md b/i18n/it/os/linux-overview.md
index 948695cf..c6709a7d 100644
--- a/i18n/it/os/linux-overview.md
+++ b/i18n/it/os/linux-overview.md
@@ -10,9 +10,9 @@ Il nostro sito web utilizza generalmente il termine "Linux" per descrivere le di
[Consigli su Linux :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Note sulla Privacy
+## Security Notes
-Esistono alcune notevoli preoccupazioni sulla privacy con Linux, di cui dovresti essere consapevole. Nonostante tali svantaggi, le distribuzioni di Linux per desktop sono comunque ottime per gran parte delle persone che desiderano:
+There are some notable security concerns with Linux which you should be aware of. Nonostante tali svantaggi, le distribuzioni di Linux per desktop sono comunque ottime per gran parte delle persone che desiderano:
- Evitare la telemetria fornita dai sistemi operativi proprietari
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ Non crediamo che trattenere i pacchetti e applicare patch provvisorie sia una bu
Tradizionalmente, le distribuzioni di Linux si aggiornano tramite l'aggiornamento sequenziale dei pacchetti desiderati. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### Distribuzioni "Incentrate sulla sicurezza"
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Crittografia delle Unità
-Molte delle distribuzioni Linux offrono un opzione nel proprio programma d'installazione per abilitare la FDE di [LUKS](../encryption.md#linux-unified-key-setup). Se questa opzione non viene impostata durante l'installazione, dovrai fare il backup dei tuoi dati e reinstallare, in quanto la crittografia viene applicata dopo [la partizione del disco](https://en.wikipedia.org/wiki/Disk_partitioning), ma prima della formattazione dei [file di sistema](https://en.wikipedia.org/wiki/File_system). Inoltre, suggeriamo di svuotare il tuo dispositivo di archiviazione:
+Molte delle distribuzioni Linux offrono un opzione nel proprio programma d'installazione per abilitare la FDE di [LUKS](../encryption.md#linux-unified-key-setup). If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. Inoltre, suggeriamo di svuotare il tuo dispositivo di archiviazione:
- [Cancellazione sicura dei dati :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ Esistono altri identificatori di sistema a cui dovresti prestare attenzione. Dov
Fedora Project [conteggia](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) quanti sistemi univoci accedono ai suoi mirror, utilizzando una variabile [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description), invece di un ID univoco. Fedora lo fa per determinare il carico e fornire server migliori per gli aggiornamenti, quando necessario.
-Quest'[opzione](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) è disabilitata di default. Consigliamo di aggiungere `countme=false` a `/etc/dnf/dnf.conf` nel caso in cui venga abilitato in futuro. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+Quest'[opzione](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) è disabilitata di default. Consigliamo di aggiungere `countme=false` a `/etc/dnf/dnf.conf` nel caso in cui venga abilitato in futuro. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/it/os/macos-overview.md b/i18n/it/os/macos-overview.md
index 2517c58b..ea963257 100644
--- a/i18n/it/os/macos-overview.md
+++ b/i18n/it/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS è il sistema operativo desktop di Apple che opera con il lor
**macOS** è un sistema operativo Unix sviluppato da Apple per i propri computer Mac. Per migliorare la privacy su macOS, puoi disabilitare le funzionalità di telemetria e rafforzare le impostazioni di privacy e sicurezza esistenti.
-I più datati Mac e Hackintosh basati su Intel non supportano tutte le funzionalità di sicurezza offerte da macOS. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+I più datati Mac e Hackintosh basati su Intel non supportano tutte le funzionalità di sicurezza offerte da macOS. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Note sulla Privacy
@@ -14,7 +14,7 @@ Esistono alcune notevoli preoccupazioni sulla privacy con macOS, che dovremmo co
### Blocco di Attivazione
-I nuovissimi dispositivi di Apple silicon sono configurabili senza una connessione a Internet. Tuttavia, recuperare o ripristinare il tuo Mac **richiederà** una connessione a Internet, affinché i server di Apple possano verificarlo rispetto al database del Blocco di Attivazione, dei dispositivi perduti o rubati.
+Brand-new Apple Silicon devices can be set up without an internet connection. Tuttavia, recuperare o ripristinare il tuo Mac **richiederà** una connessione a Internet, affinché i server di Apple possano verificarlo rispetto al database del Blocco di Attivazione, dei dispositivi perduti o rubati.
### Controlli di Revoca dell'App
@@ -122,7 +122,7 @@ Decidi se desideri annunci personalizzati secondo il tuo utilizzo.
##### FileVault
-Sui dispositivi moderni con un Secure Enclave (Chip di Sicurezza Apple T2, Apple silicon), i tuoi dati sono sempre crittografati, ma sono automaticamente decrittografati da una chiave hardware, se il tuo dispositivo non rileva di esser stato manomesso. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
Sui vecchi computer Mac basati su Intel, FileVault è la sola forma di crittografia del disco disponibile di default, e dovrebbe sempre essere abilitata.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS presenta due forme di difesa dai malware:
1. In primo luogo, la protezione dal lancio di malware è fornita dal processo di revisione dell'App Store per le applicazioni presenti su di esso, o *Notarizzazione* (parte di *Gatekeeper*), un procedimento in cui le app di terze parti sono scansionate in cerca di malware noti da Apple, prima di poter essere eseguite. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. La protezione da altri malware e rimedi da malware esistenti sul tuo sistema è fornita da *XProtect*, un software antivirus più tradizionale, integrato su macOS.
-Sconsigliamo di installare software antivirus di terze parti, poiché, tipicamente, non hanno accesso a livello di sistema, necessario per funzionare propriamente, a causa di limitazioni di Apple sulle app di terze parti, e poiché garantire gli alti livelli d'accesso da essi richiesti, causa spesso un rischio sulla sicurezza e privacy maggiore al tuo computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backup
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Sicurezza Hardware
-Molte funzionalità di sicurezza moderne su macOS, come Avvio Sicuro, la mitigazione degli exploit a livello hardware, i controlli d'integrità dell'OS e la crittografia basata sui file, si affidano ad Apple silicon e i più nuovi hardware di Apple hanno sempre la [migliore sicurezza](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). Incoraggiamo esclusivamente l'utilizzo di Apple silicon, e non dei precedenti computer Mac o Hackintosh basati su Intel.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Alcune di queste funzionalità di sicurezza moderne sono disponibili sui vecchi computer Mac con processore Intel con l'Apple T2 Security Chip, ma questo chip è suscettibile all'exploit *checkm8* che potrebbe comprometterne la sicurezza.
@@ -256,7 +256,7 @@ I computer Mac sono configurabili per avviarsi in tre modalità di sicurezza: *S
#### Secure Enclave
-Secure Enclave è un chip di sicurezza integrato nei dispositivi con Apple silicon, responsabile della memorizzazione e generazione delle chiavi crittografiche per i dati inattivi, nonché per i dati di Face ID e Touch ID. Contiene la propria ROM di avvio separata.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. Contiene la propria ROM di avvio separata.
Puoi pensare a Secure Enclave come un hub di sicurezza del tuo dispositivo: include un motore crittografico AES e un meccanismo per memorizzare in sicurezza le tue chiavi crittografiche, ed è separato dal resto del sistema quindi, anche se il processore principale è compromesso, dovrebbe ancora essere sicuro.
@@ -268,7 +268,7 @@ I tuoi dati biometrici non abbandonano mai il tuo dispositivo; sono memorizzati
#### Disconnessione del Microfono Hardware
-Tutti i portatili con Apple silicon o il chip T2, includono una disconnessione hardware per il microfono integrato, alla chiusura dello schermo. Ciò significa che non vi è modo per un utente malevolo, di ascoltare dal microfono del tuo Mac, anche se il sistema operativo è compromesso.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. Ciò significa che non vi è modo per un utente malevolo, di ascoltare dal microfono del tuo Mac, anche se il sistema operativo è compromesso.
Nota che la fotocamera non presenta una disconnessione hardware, poiché la sua inquadratura è comunque oscurata, alla chiusura dello schermo.
@@ -287,7 +287,7 @@ Quando è necessario utilizzare uno di tali processori, Apple opera da fornitore
#### Protezioni di Accesso Diretto alla Memoria
-Apple silicon separa ogni componente che richieda l'accesso diretto alla memoria. Ad esempio, una porta di Thunderbolt non può accedere alla memoria designata per il Kernel.
+Apple Silicon separates each component that requires direct memory access. Ad esempio, una porta di Thunderbolt non può accedere alla memoria designata per il Kernel.
## Fonti
diff --git a/i18n/it/os/windows/group-policies.md b/i18n/it/os/windows/group-policies.md
index f72dedc8..0bd71623 100644
--- a/i18n/it/os/windows/group-policies.md
+++ b/i18n/it/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Impostazioni dei criteri di gruppo
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Al di fuori della modifica del registro stesso, il **Local Group Policy Editor** è il modo più potente per modificare molti aspetti del sistema senza installare strumenti di terze parti. La modifica di queste impostazioni richiede [Pro Edition](index.md#windows-editions) o superiore.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. La modifica di queste impostazioni richiede [Pro Edition](index.md#windows-editions) o superiore.
-Queste impostazioni devono essere impostate su una nuova installazione di Windows. L'impostazione di questi parametri sull'installazione esistente dovrebbe funzionare, ma potrebbe introdurre un comportamento imprevedibile ed è a rischio dell'utente.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
Tutte queste impostazioni sono accompagnate da una spiegazione nell'editor dei Criteri di gruppo che ne illustra esattamente le funzioni, di solito in modo molto dettagliato. Prestate attenzione a queste descrizioni mentre apportate le modifiche, in modo da sapere esattamente cosa vi stiamo raccomandando. Abbiamo anche spiegato alcune delle nostre scelte qui di seguito, quando la spiegazione inclusa in Windows è inadeguata.
@@ -68,7 +68,7 @@ Impostare la forza di cifratura per il criterio di Windows 7 continua ad applica
- Richiedi un'autenticazione aggiuntiva all'avvio: **Abilitato**
- Permetti i PIN migliorati per l'avvio: **Abilitato**
-Nonostante i nomi di questi criteri, questo non _richiede_ di fare nulla per impostazione predefinita, ma sbloccherà l'_opzione_ di avere una configurazione più complessa (come la richiesta di un PIN all'avvio oltre al TPM) nella procedura guidata di Bitlocker.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Contenuto cloud
diff --git a/i18n/it/os/windows/index.md b/i18n/it/os/windows/index.md
index fd6b8385..2caf26ee 100644
--- a/i18n/it/os/windows/index.md
+++ b/i18n/it/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Note sulla Privacy
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Edizioni di Windows
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/it/passwords.md b/i18n/it/passwords.md
index 0d7bbea0..848215ba 100644
--- a/i18n/it/passwords.md
+++ b/i18n/it/passwords.md
@@ -228,7 +228,7 @@ Il codice utilizzato dai server di Bitwarden è [open-source](https://github.com
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Le applicazioni e i componenti di Proton Pass lasciano un'impressione piuttosto positiva in termini di sicurezza.
@@ -327,7 +327,7 @@ Queste opzioni ti consentono di gestire localmente un database di password critt
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/it/photo-management.md b/i18n/it/photo-management.md
index ec868bf2..e018cd66 100644
--- a/i18n/it/photo-management.md
+++ b/i18n/it/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** è un servizio di backup delle foto crittografato end-to-end che supporta i backup automatici su iOS e Android. Il loro codice è completamente open source, sia dal lato del client che del server. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** è un servizio di backup delle foto crittografato end-to-end che supporta i backup automatici su iOS e Android. Il loro codice è completamente open source, sia dal lato del client che del server. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Deve offrire un piano gratuito o un periodo di prova per testarlo.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Deve offrire un'interfaccia web che supporti le funzionalità di base per la gestione dei file.
- Deve consentire un'esportazione facile di tutti i file/documenti.
- Deve essere open source.
diff --git a/i18n/it/real-time-communication.md b/i18n/it/real-time-communication.md
index bea71ca4..23cb8998 100644
--- a/i18n/it/real-time-communication.md
+++ b/i18n/it/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteri
diff --git a/i18n/it/router.md b/i18n/it/router.md
index 0a0847b3..07a7525f 100644
--- a/i18n/it/router.md
+++ b/i18n/it/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** è un sistema operativo basato su Linux, utilizzato principalmente su dispositivi incorporati per instradare il traffico di rete. Include util-linux, uClibc e BusyBox. Tutti i componenti sono stati ottimizzati per i router domestici.
+**OpenWrt** è un sistema operativo basato su Linux, utilizzato principalmente su dispositivi incorporati per instradare il traffico di rete. Include util-linux, uClibc e BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Home](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentazione}
diff --git a/i18n/it/security-keys.md b/i18n/it/security-keys.md
index c559bac4..b445b43a 100644
--- a/i18n/it/security-keys.md
+++ b/i18n/it/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-Una **chiave di sicurezza** fisica aggiunge un livello di protezione molto forte ai tuoi account online. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+Una **chiave di sicurezza** fisica aggiunge un livello di protezione molto forte ai tuoi account online. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/it/tools.md b/i18n/it/tools.md
index afc82333..2e5817cc 100644
--- a/i18n/it/tools.md
+++ b/i18n/it/tools.md
@@ -180,7 +180,7 @@ Se stai cercando maggiore **sicurezza**, dovresti sempre assicurarti di connette
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG ha sede a Ginevra, Svizzera. Il piano gratuito di Proton Mail prevede 500 MB di spazio di archiviazione per la posta, che può essere aumentato gratuitamente fino a 1 GB.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ Se stai cercando maggiore **sicurezza**, dovresti sempre assicurarti di connette
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. I profili partono da 2 GB di archiviazione, i quali possono essere aumentati se necessario.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Sono operativi dal 2014. Mailbox.org ha sede a Berlino, in Germania. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ Se stai cercando maggiore **sicurezza**, dovresti sempre assicurarti di connette
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Gli account gratuiti partono da 1 GB di spazio di archiviazione.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,8 +220,8 @@ Se stai cercando maggiore **sicurezza**, dovresti sempre assicurarti di connette
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
-- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -644,15 +644,15 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
-- { .twemoji loading=lazy } [Qubes OS (Distribuzione Xen VM)](desktop.md#qubes-os)
-- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
-- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
-- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
-- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
-- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
-- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
+- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
+- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
+- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
+- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
+- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/it/tor.md b/i18n/it/tor.md
index 4acee73b..c0ae4d00 100644
--- a/i18n/it/tor.md
+++ b/i18n/it/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Alcune di queste app sono migliori di altre e, anche in questo caso, la scelta dipende dal proprio modello di minaccia. Se sei un utente casuale di Tor e non sei preoccupato dal fatto che il tuo ISP raccolga prove contro di te, utilizzare app come [Orbot](#orbot) o le app browser per mobile per accedere alla rete di Tor va probabilmente bene. Incrementare il numero di persone che utilizzano Tor su una base giornaliera, aiuta a ridurre il cattivo stigma nei confronti di Tor, e riduce la qualità degli "elenchi di utenti di Tor", che gli ISP e i governi potrebbero compilare.
-Se l'anonimato più completo è fondamentale per la tua situazione, dovresti utilizzare **soltanto** il client del Browser Tor per desktop, idealmente in una configurazione [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+Se l'anonimato più completo è fondamentale per la tua situazione, dovresti utilizzare **soltanto** il client del Browser Tor per desktop, idealmente in una configurazione [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ Abbiamo precedentemente consiglito di abilitare la preferenza *Isola Indirizzo d
Suggerimenti per Android
-Orbot può delegare le singole app, se supportano il proxy SOCKS o HTTP. Può anche effettuare il proxy di tutte le connessioni di rete utilizzando [VpnService](https://developer.android.com/reference/android/net/VpnService) e può essere utilizzato con il killswitch VPN in :gear: **Impostazioni** → **Rete & Internet** → **VPN** → :gear: → **Blocca connessioni senza VPN**.
+Orbot può delegare le singole app, se supportano il proxy SOCKS o HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot è spesso obsoleto sul [repository di F-Droid](https://guardianproject.info/fdroid) di Guardian Project e su [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), quindi, piuttosto, cerca di scaricarlo direttamente dal [repository di GitHub](https://github.com/guardianproject/orbot/releases).
-Tutte le versioni sono firmate utilizzando la medesima firma, quindi, dovrebbero essere compatibili tra loro.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/it/vpn.md b/i18n/it/vpn.md
index fbeaeb9a..7d3e9959 100644
--- a/i18n/it/vpn.md
+++ b/i18n/it/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Consigli e confronto sui servizi VPN privati, senza sponsor o pubblicità - Privacy Guides"
title: "Servizi VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Trova qui un fornitore che non ti spii.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Port Forwarding Remoto
-Al momento, Proton VPN supporta soltanto il [port forwarding](https://protonvpn.com/support/port-forwarding) remoto effimero, tramite NAT-PMP, con 60 secondi di tempo di noleggio. L'app per Windows fornisce un'opzione facilmente accessibile, mentre su altri sistemi operativi dovrai eseguire il tuo [client NAT-PMP](https://protonvpn.com/support/port-forwarding-manual-setup). Le applicazioni torrent supportano spesso NAT-PMP in modo nativo.
+Al momento, Proton VPN supporta soltanto il [port forwarding](https://protonvpn.com/support/port-forwarding) remoto effimero, tramite NAT-PMP, con 60 secondi di tempo di noleggio. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Le applicazioni torrent supportano spesso NAT-PMP in modo nativo.
#### :material-information-outline:{ .pg-blue } Anti-censura
-Proton VPN ha il suo [protocollo Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) che *può* aiutare in situazioni in cui protocolli VPN come OpenVPN o Wireguard sono bloccati con varie tecniche rudimentali. Stealth incapsula il tunnel VPN in una sessione TLS, in modo da sembrare traffico Internet generico.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth incapsula il tunnel VPN in una sessione TLS, in modo da sembrare traffico Internet generico.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ Oltre a fornire file di configurazione OpenVPN standard, Proton VPN dispone di c
#### :material-information-outline:{ .pg-blue } Note aggiuntive
-I client VPN di Proton supportano l'autenticazione a due fattori su tutte le piattaforme. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco dei contenuti e il blocco di malware noti con il loro servizio DNS. Inoltre, Proton VPN offre anche server "Tor" che ti consentono di connetterti facilmente ai siti onion, ma consigliamo comunque di utilizzare [il Tor Browser ufficiale](tor.md#tor-browser) per questo scopo.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco dei contenuti e il blocco di malware noti con il loro servizio DNS. Inoltre, Proton VPN offre anche server "Tor" che ti consentono di connetterti facilmente ai siti onion, ma consigliamo comunque di utilizzare [il Tor Browser ufficiale](tor.md#tor-browser) per questo scopo.
-##### :material-alert-outline:{ .pg-orange } La funzione Killswitch non funziona sui Mac basati su Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-Arresti anomali del sistema [potrebbero verificarsi](https://protonvpn.com/support/macos-t2-chip-kill-switch) sui Mac basati su Intel quando si utilizza la funzionalità killswitch VPN. Se necessiti di questa funzionalità e stai utilizzando un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Se necessiti di questa funzionalità e stai utilizzando un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN.
### IVPN
@@ -183,7 +183,7 @@ IVPN in precedenza supportava il port forwarding, ma ha rimosso l'opzione a [giu
#### :material-check:{ .pg-green } Anti-censura
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Attualmente questa funzione è disponibile solo su Desktop e [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Dispone di due modalità in cui può utilizzare [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) su connessioni QUIC o TCP. QUIC è un protocollo moderno con un migliore controllo della congestione e quindi può essere più veloce con una latenza ridotta. La modalità TCP fa apparire i dati come normale traffico HTTP.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). Dispone di due modalità in cui può utilizzare [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) su connessioni QUIC o TCP. QUIC è un protocollo moderno con un migliore controllo della congestione e quindi può essere più veloce con una latenza ridotta. La modalità TCP fa apparire i dati come normale traffico HTTP.
#### :material-check:{ .pg-green } Client Mobile
@@ -191,7 +191,7 @@ Oltre a fornire file di configurazione OpenVPN standard, IVPN dispone di client
#### :material-information-outline:{ .pg-blue } Note aggiuntive
-I client di IVPN supportano l'autenticazione a due fattori. Inoltre, IVPN fornisce la funzionaalità "[AntiTracker](https://ivpn.net/antitracker)", che blocca le reti e tracker pubblicitari dal livello della rete.
+IVPN clients support two-factor authentication. Inoltre, IVPN fornisce la funzionaalità "[AntiTracker](https://ivpn.net/antitracker)", che blocca le reti e tracker pubblicitari dal livello della rete.
### Mullvad
@@ -199,7 +199,7 @@ I client di IVPN supportano l'autenticazione a due fattori. Inoltre, IVPN fornis
{ align=right }
-**Mullvad** è una VPN veloce ed economica con una grande attenzione alla trasparenza e alla sicurezza. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** è una VPN veloce ed economica con una grande attenzione alla trasparenza e alla sicurezza. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Servizio Onion" }
@@ -260,7 +260,7 @@ Mullvad supportava in precedenza il port forwarding, ma ha rimosso questa opzion
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad è molto trasparente su quali nodi [possiede o fitta](https://mullvad.ne
### Tecnologia
-Richiediamo a tutti i nostri fornitori di VPN consigliati di fornire i file di configurazione di OpenVPN, da utilizzare su qualsiasi client. **Se** una VPN fornisce il proprio client personalizzato, richiediamo un'Interruttore d'Emergenza per bloccare le fughe di dati della rete, quando disconnessa.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Requisiti minimi:**
-- Supporto per protocolli forti come WireGuard & OpenVPN.
-- Killswitch integrato nei client.
-- Supporto multihop. Il multihopping è importante per mantenere i dati privati nel caso in cui un nodo venisse compromesso.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- Se vengono forniti client VPN, devono essere [open source](https://en.wikipedia.org/wiki/Open_source), come il software VPN che generalmente hanno incorporato. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Caso migliore:**
-- Interruttore d'Emergenza con opzioni altamente configurabili (abilitare/disabilitare su certe reti, all'avvio, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Client VPN facili da usare
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Ci aspettiamo che i server accettino connessioni in arrivo via IPv6 e che ti permettano di accedere a servizi su indirizzi IPv6.
- La capacità di [port forwarding remoto](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assiste nel creare connessioni, utilizzando software di condivisione di file P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) od ospitando un server (es. Mumble).
@@ -316,11 +316,11 @@ Preferiamo che i provider da noi consigliati raccolgano il minor numero di dati
**Caso migliore:**
- Accetta più [opzioni di pagamento anonime](advanced/payments.md).
-- Non sono accettate le informazioni personali (nome utente generato automaticamente, nessun'email necessaria, ecc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Sicurezza
-Una VPN è inutile se non è nemmeno in grado di fornire una sicurezza adeguata. Richiediamo a tutti i nostri provider consigliati di rispettare gli standard di sicurezza attuali per le loro connessioni di OpenVPN. L'ideale sarebbe utilizzare schemi di crittografia a prova di futuro per impostazione predefinita. Richiediamo inoltre che una terza parte indipendente verifichi la sicurezza del fornitore, idealmente in modo molto completo e su base ripetuta (annuale).
+Una VPN è inutile se non è nemmeno in grado di fornire una sicurezza adeguata. We require all our recommended providers to abide by current security standards. L'ideale sarebbe utilizzare schemi di crittografia a prova di futuro per impostazione predefinita. Richiediamo inoltre che una terza parte indipendente verifichi la sicurezza del fornitore, idealmente in modo molto completo e su base ripetuta (annuale).
**Requisiti minimi:**
@@ -358,7 +358,7 @@ Con i fornitori VPN che consigliamo, vorremmo vedere del marketing responsabile.
**Requisiti minimi:**
-- Deve ospitare autonomamente i dati analitici (cioè, senza Google Analytics). Il sito del fornitore deve inoltre conformarsi con [DNT (Non Tracciare](https://en.wikipedia.org/wiki/Do_Not_Track), per le persone che desiderano rinunciare.
+- Deve ospitare autonomamente i dati analitici (cioè, senza Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Non deve avere alcun marketing irresponsabile:
diff --git a/i18n/ja/about.md b/i18n/ja/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/ja/about.md
+++ b/i18n/ja/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/ja/about/contributors.md b/i18n/ja/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/ja/about/contributors.md
+++ b/i18n/ja/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/ja/about/criteria.md b/i18n/ja/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/ja/about/criteria.md
+++ b/i18n/ja/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/ja/about/executive-policy.md b/i18n/ja/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/ja/about/executive-policy.md
+++ b/i18n/ja/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/ja/about/notices.md b/i18n/ja/about/notices.md
index eeb8e9e4..17d0983a 100644
--- a/i18n/ja/about/notices.md
+++ b/i18n/ja/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/ja/about/privacytools.md b/i18n/ja/about/privacytools.md
index 0956c4d4..b6cf43c5 100644
--- a/i18n/ja/about/privacytools.md
+++ b/i18n/ja/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## r/privacytoolsIO の管理
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.ioの現在
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIOの現在
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollectiveの現在
diff --git a/i18n/ja/about/statistics.md b/i18n/ja/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/ja/about/statistics.md
+++ b/i18n/ja/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/ja/advanced/communication-network-types.md b/i18n/ja/advanced/communication-network-types.md
index 3d7bd11a..87083638 100644
--- a/i18n/ja/advanced/communication-network-types.md
+++ b/i18n/ja/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**デメリット:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**メリット:**
diff --git a/i18n/ja/advanced/dns-overview.md b/i18n/ja/advanced/dns-overview.md
index 33566a0e..7dbc33b4 100644
--- a/i18n/ja/advanced/dns-overview.md
+++ b/i18n/ja/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: ドメインネームシステム(DNS)は「インターネットの電話帳」であり、ブラウザが探しているウェブサイトを見つけるのに役立ちます。
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## DNSとは?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "LinuxとmacOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Wiresharkで結果を分析:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/ja/advanced/tor-overview.md b/i18n/ja/advanced/tor-overview.md
index bcc04f59..10447fc4 100644
--- a/i18n/ja/advanced/tor-overview.md
+++ b/i18n/ja/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/ja/ai-chat.md b/i18n/ja/ai-chat.md
index bb201c5d..c4bcf059 100644
--- a/i18n/ja/ai-chat.md
+++ b/i18n/ja/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## 規準
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### 満たされることが望ましい基準
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. 私たちが推薦するプロジェクトは、この機能の一部または全部を含んでいないかもしれませんが、もし含んでいれば、このページで他のプロジェクトよりも上位にランクされるかもしれません。
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/ja/alternative-networks.md b/i18n/ja/alternative-networks.md
index 2066f924..5c039cc0 100644
--- a/i18n/ja/alternative-networks.md
+++ b/i18n/ja/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/ja/android/general-apps.md b/i18n/ja/android/general-apps.md
index 1dd0c16f..c0f53a13 100644
--- a/i18n/ja/android/general-apps.md
+++ b/i18n/ja/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/ja/basics/account-creation.md b/i18n/ja/basics/account-creation.md
index fce338a9..d5b7bcce 100644
--- a/i18n/ja/basics/account-creation.md
+++ b/i18n/ja/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## 利用規約 & プライバシーポリシー
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### 電子メールのエイリアス
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/ja/basics/account-deletion.md b/i18n/ja/basics/account-deletion.md
index e63a6342..234531cb 100644
--- a/i18n/ja/basics/account-deletion.md
+++ b/i18n/ja/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### メール
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. メールクライアントで、「認証」や「ようこそ」などのキーワードを検索してみてください。 Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. メールクライアントで、「認証」や「ようこそ」などのキーワードを検索してみてください。 Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## 古いアカウントを削除
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR(EEA居住者のみ)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### アカウント情報を上書きする
diff --git a/i18n/ja/basics/common-misconceptions.md b/i18n/ja/basics/common-misconceptions.md
index 7af3f284..3d8b3e05 100644
--- a/i18n/ja/basics/common-misconceptions.md
+++ b/i18n/ja/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ja/basics/common-threats.md b/i18n/ja/basics/common-threats.md
index 2463558f..26dddcf0 100644
--- a/i18n/ja/basics/common-threats.md
+++ b/i18n/ja/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## 大量監視プログラム
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/ja/basics/email-security.md b/i18n/ja/basics/email-security.md
index 66102aee..fe692baa 100644
--- a/i18n/ja/basics/email-security.md
+++ b/i18n/ja/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## 電子メールのメタデータの概要
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### メタデータをE2EEにできない理由
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/ja/basics/hardware.md b/i18n/ja/basics/hardware.md
index b2d5bb50..4786d207 100644
--- a/i18n/ja/basics/hardware.md
+++ b/i18n/ja/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/ja/basics/multi-factor-authentication.md b/i18n/ja/basics/multi-factor-authentication.md
index f68af953..6cc1a795 100644
--- a/i18n/ja/basics/multi-factor-authentication.md
+++ b/i18n/ja/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "多要素認証(Multi-Factor Authentication)"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTPは、最も一般的なMFAの形式の一つです。 When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTPは、最も一般的なMFAの形式の一つです。 When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass(およびKeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/ja/basics/passwords-overview.md b/i18n/ja/basics/passwords-overview.md
index 240eba86..90dceb26 100644
--- a/i18n/ja/basics/passwords-overview.md
+++ b/i18n/ja/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/ja/basics/threat-modeling.md b/i18n/ja/basics/threat-modeling.md
index 21cb0c3b..01a67b13 100644
--- a/i18n/ja/basics/threat-modeling.md
+++ b/i18n/ja/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: セキュリティ、プライバシー、使いやすさのバラ
この質問に答えるには、あなたやあなたの情報を狙う可能性のある人物や組織を特定することが重要です。 =あなたの資産に脅威をあたえる人物や組織は「敵対者」です。==例えば、あなたの上司、元パートナー、ビジネス上の競争相手、政府、公共ネットワーク上のハッカーなどが敵対者になる可能性があります。
-*あなたの敵対者やあなたの資産を手に入れたいと考える人の一覧を作成します。 一覧には個人、政府機関、企業が含まれる可能性があります。*
+*Make a list of your adversaries or those who might want to get hold of your assets. 一覧には個人、政府機関、企業が含まれる可能性があります。*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/ja/browser-extensions.md b/i18n/ja/browser-extensions.md
index 6993edbe..0e375379 100644
--- a/i18n/ja/browser-extensions.md
+++ b/i18n/ja/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/ja/calendar.md b/i18n/ja/calendar.md
index a5eb9254..458a35b5 100644
--- a/i18n/ja/calendar.md
+++ b/i18n/ja/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/ja/cloud.md b/i18n/ja/cloud.md
index a296ace3..fe5e0aaf 100644
--- a/i18n/ja/cloud.md
+++ b/i18n/ja/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## 規準
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/ja/cryptocurrency.md b/i18n/ja/cryptocurrency.md
index 5fbeb3c9..b08ee439 100644
--- a/i18n/ja/cryptocurrency.md
+++ b/i18n/ja/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## 規準
diff --git a/i18n/ja/data-broker-removals.md b/i18n/ja/data-broker-removals.md
index a5dcbd87..02aa98f2 100644
--- a/i18n/ja/data-broker-removals.md
+++ b/i18n/ja/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/ja/desktop-browsers.md b/i18n/ja/desktop-browsers.md
index 4dc17a79..c6d4e425 100644
--- a/i18n/ja/desktop-browsers.md
+++ b/i18n/ja/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad Browserは常にプライベートブラウジングモードで動作
### Mullvad Leta
-Mullvad Browserでは、デフォルトの[検索エンジン](search-engines.md)としてDuckDuckGoが設定されていますが、**Mullvad Leta**も予めインストールされています。この検索エンジンにアクセスするには、Mullvad VPNの有効なサブスクリプションが必要です。 Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. MullvadはVPN加入者について非常に少ない情報しか収集していませんが、以上の理由より、Mullvad Letaの使用は推奨されません。
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. MullvadはVPN加入者について非常に少ない情報しか収集していませんが、以上の理由より、Mullvad Letaの使用は推奨されません。
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox は、Firefoxのバージョンと言語、デバイスのオペレーティングシステムとハードウェア構成、メモリー、クラッシュやエラーに関する基本情報、アップデート、セーフブラウジング、アクティベーションなどの自動処理の結果に関するデータを送信します。 Firefoxが私たちにデータを送信するとき、あなたのIPアドレスは一時的に私たちのサーバーログの一部として収集されます。
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. [accounts.firefox.comのプロフィール設定](https://accounts.firefox.com/settings#data-collection)を開く
2. **データの収集と使用** > **Firefoxアカウントの改善を支援する**のチェックを外す
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] **すべてのウィンドウで HTTPS-Only モードを有効にする**を選択する
-これにより、意図せずにプレーンテキストのHTTPでウェブサイトに接続することを防ぎます。 現在ではHTTPSを使用していないサイトは珍しいため、日常的なブラウジングにほとんど影響を及ぼさないはずです。
+これにより、意図せずにプレーンテキストのHTTPでウェブサイトに接続することを防ぎます。 Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/ja/desktop.md b/i18n/ja/desktop.md
index 4690a78f..918324d3 100644
--- a/i18n/ja/desktop.md
+++ b/i18n/ja/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/ja/device-integrity.md b/i18n/ja/device-integrity.md
index 29446150..62ba436c 100644
--- a/i18n/ja/device-integrity.md
+++ b/i18n/ja/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/ja/dns.md b/i18n/ja/dns.md
index 66d4a505..e82eaaa8 100644
--- a/i18n/ja/dns.md
+++ b/i18n/ja/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/ja/document-collaboration.md b/i18n/ja/document-collaboration.md
index 273524d0..4915e6aa 100644
--- a/i18n/ja/document-collaboration.md
+++ b/i18n/ja/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
満たされることが望ましい基準には、このカテゴリーの完璧なプロジェクトに私たちが望むものを示しています。 私たちが推薦するプロジェクトは、この機能の一部または全部を含んでいないかもしれませんが、もし含んでいれば、このページで他のプロジェクトよりも上位にランクされるかもしれません。
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/ja/email-aliasing.md b/i18n/ja/email-aliasing.md
index f023ab5e..c2057089 100644
--- a/i18n/ja/email-aliasing.md
+++ b/i18n/ja/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/ja/email.md b/i18n/ja/email.md
index 91e92a11..054f2b61 100644
--- a/i18n/ja/email.md
+++ b/i18n/ja/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** は、プライバシー、暗号化、セキュリティ、使いやすさを重視したメールサービスです。 They have been in operation since 2013. Proton AGはスイスのジュネーブに拠点を置いています。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** は、プライバシー、暗号化、セキュリティ、使いやすさを重視したメールサービスです。 They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mailは標準的なクレジット・デビットカード、 [Bitcoin](a
#### :material-check:{ .pg-green } アカウントのセキュリティ
-Proton Mailは TOTP [二要素認証](https://proton.me/support/two-factor-authentication-2fa) およびFIDO2またはU2F規格を使用した [ハードウェアセキュリティキー](https://proton.me/support/2fa-security-key) をサポートしています。 ハードウェアセキュリティキーを使用するには、先にTOTP二要素認証の設定が必要です。
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } データのセキュリティ
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } 追加機能
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mailにはデジタル遺産の機能はありません。
@@ -127,7 +127,7 @@ Proton Mailにはデジタル遺産の機能はありません。
{ align=right }
-**Mailbox.org** は安全、広告なし、プライベートでいることを重視した、100%エコエネルギーで運営されているメールサービスです。 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** は安全、広告なし、プライベートでいることを重視した、100%エコエネルギーで運営されているメールサービスです。 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } プライベートな支払い方法
-Mailbox.orgは決済プロセッサBitPayがドイツでの業務を停止したために暗号通貨を受け付けていません。 However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.orgは決済プロセッサBitPayがドイツでの業務を停止したために暗号通貨を受け付けていません。 However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } アカウントのセキュリティ
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) などのウェブ標準はまだサポートされていません。
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) などのウェブ標準はまだサポートされていません。
#### :material-information-outline:{ .pg-blue } データのセキュリティ
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } 追加機能
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). ただし .onionサービスからwebメールのインターフェイスにアクセスすることはできず、TLS証明書のエラーが発生する可能性があります。
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.orgはIMAPやPOP3のような標準的なアクセスプロトコルに加え、 [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) もサポートしています。
@@ -195,7 +195,7 @@ Mailbox.orgの全てのプランにはデジタル遺産機能があります。
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } プライベートな支払い方法
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } アカウントのセキュリティ
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } データのセキュリティ
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**最低条件:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/ja/encryption.md b/i18n/ja/encryption.md
index 57c81ffb..6b03cf94 100644
--- a/i18n/ja/encryption.md
+++ b/i18n/ja/encryption.md
@@ -115,7 +115,7 @@ VeraCryptは、終了したTrueCryptプロジェクトのフォークです。
VeraCryptで暗号化する場合、異なる[ハッシュ関数](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme)から選択できます。 しかし、[SHA-512](https://en.wikipedia.org/wiki/SHA-512)**のみ**を選ぶことを推奨します。[AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)ブロック暗号以外を使うべきではありません。
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/ja/file-sharing.md b/i18n/ja/file-sharing.md
index 7beba6eb..96402d80 100644
--- a/i18n/ja/file-sharing.md
+++ b/i18n/ja/file-sharing.md
@@ -13,7 +13,7 @@ cover: file-sharing.webp
## ファイル共有
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/ja/frontends.md b/i18n/ja/frontends.md
index bcb7cb6d..12b0f99c 100644
--- a/i18n/ja/frontends.md
+++ b/i18n/ja/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/ja/index.md b/i18n/ja/index.md
index b22f49c7..1b9da21d 100644
--- a/i18n/ja/index.md
+++ b/i18n/ja/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AGはスイスのジュネーブに拠点を置いています。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/ja/meta/brand.md b/i18n/ja/meta/brand.md
index 2ccd31bb..655a28db 100644
--- a/i18n/ja/meta/brand.md
+++ b/i18n/ja/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-Subredditの名前は**r/PrivacyGuides**または**the Privacy Guides Subreddit**です。
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
その他のブランドガイドラインについては、[github.com/privacyguides/brand](https://github.com/privacyguides/brand)を参照してください。
diff --git a/i18n/ja/meta/translations.md b/i18n/ja/meta/translations.md
index 097d402d..03a01e61 100644
--- a/i18n/ja/meta/translations.md
+++ b/i18n/ja/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/ja/meta/uploading-images.md b/i18n/ja/meta/uploading-images.md
index 8ddedc4d..d2228cb2 100644
--- a/i18n/ja/meta/uploading-images.md
+++ b/i18n/ja/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/ja/meta/writing-style.md b/i18n/ja/meta/writing-style.md
index 02b2694b..a1c8891b 100644
--- a/i18n/ja/meta/writing-style.md
+++ b/i18n/ja/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/ja/mobile-browsers.md b/i18n/ja/mobile-browsers.md
index 2579c75b..12f2e1b1 100644
--- a/i18n/ja/mobile-browsers.md
+++ b/i18n/ja/mobile-browsers.md
@@ -247,7 +247,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/ja/multi-factor-authentication.md b/i18n/ja/multi-factor-authentication.md
index ae36cb59..6073c27f 100644
--- a/i18n/ja/multi-factor-authentication.md
+++ b/i18n/ja/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "多要素認証(Multi-Factor Authentication)"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/ja/notebooks.md b/i18n/ja/notebooks.md
index 2fdadb17..186eef19 100644
--- a/i18n/ja/notebooks.md
+++ b/i18n/ja/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-第三者による閲覧を防止しながら、メモや日記を保存できます。
+Keep track of your notes and journals without giving them to a third party.
現在、Evernote、Google Keep、Microsoft OneNoteなどを使用している場合は、ここに掲載されたエンドツーエンド暗号化対応のアプリケーションに移行することをおすすめします。
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin**は、ノートやタグを管理し大量のMarkdownノートを扱える、フリー、オープンソース、フル機能のノートおよびToDoアプリケーションです。 エンドツーエンド暗号化対応で、NextcloudやDropboxなどを通じて同期できます。 また、Evernoteやプレーンテキストノートを簡単にインポートできます。
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. エンドツーエンド暗号化対応で、NextcloudやDropboxなどを通じて同期できます。 また、Evernoteやプレーンテキストノートを簡単にインポートできます。
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Crypteeは100MBのストレージを無料で提供しています。さらに必要な場合は有料オプションを利用できます。 サインアップには電子メールやその他の個人情報は必要ありません。
+Cryptee offers 100 MB of storage for free, with paid options if you need more. サインアップには電子メールやその他の個人情報は必要ありません。
## ローカルノート
diff --git a/i18n/ja/os/android-overview.md b/i18n/ja/os/android-overview.md
index 882cf860..e6560e1d 100644
--- a/i18n/ja/os/android-overview.md
+++ b/i18n/ja/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN キルスイッチ
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. この機能を使うと、VPNが切断された場合に漏洩を防ぐことができます。 It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google サービス
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### 高度な保護機能プログラム
diff --git a/i18n/ja/os/ios-overview.md b/i18n/ja/os/ios-overview.md
index 6bca5d29..f53a3138 100644
--- a/i18n/ja/os/ios-overview.md
+++ b/i18n/ja/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/ja/os/linux-overview.md b/i18n/ja/os/linux-overview.md
index 2d54677c..f5b0b2b0 100644
--- a/i18n/ja/os/linux-overview.md
+++ b/i18n/ja/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## プライバシーに関する注意事項
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### ドライブの暗号化
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/ja/os/macos-overview.md b/i18n/ja/os/macos-overview.md
index 28ff709f..667dc57d 100644
--- a/i18n/ja/os/macos-overview.md
+++ b/i18n/ja/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS**は、AppleがMacコンピュータ用に開発したUnixオペレーティングシステムです。 To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## プライバシーに関する注意事項
@@ -14,7 +14,7 @@ macOSには、考慮すべきプライバシー上の懸念がいくつかあり
### アクティベーションロック
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOSには、2種類のマルウェア防御機能が付属しています。
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### バックアップ
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### ハードウェアセキュリティ
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### ハードウェアマイクの切断
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### ダイレクトメモリアクセス保護
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## ソース
diff --git a/i18n/ja/os/windows/group-policies.md b/i18n/ja/os/windows/group-policies.md
index 9d46701a..6f7ea71d 100644
--- a/i18n/ja/os/windows/group-policies.md
+++ b/i18n/ja/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/ja/os/windows/index.md b/i18n/ja/os/windows/index.md
index 8cbcf883..b8636757 100644
--- a/i18n/ja/os/windows/index.md
+++ b/i18n/ja/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## プライバシーに関する注意事項
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/ja/passwords.md b/i18n/ja/passwords.md
index 3f031b59..5f6f5ed7 100644
--- a/i18n/ja/passwords.md
+++ b/i18n/ja/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/ja/photo-management.md b/i18n/ja/photo-management.md
index 844ca34c..36892137 100644
--- a/i18n/ja/photo-management.md
+++ b/i18n/ja/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- オープンソースであること。
diff --git a/i18n/ja/real-time-communication.md b/i18n/ja/real-time-communication.md
index f469bc9d..c038a828 100644
--- a/i18n/ja/real-time-communication.md
+++ b/i18n/ja/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## 規準
diff --git a/i18n/ja/router.md b/i18n/ja/router.md
index 9d4c964d..8b293f61 100644
--- a/i18n/ja/router.md
+++ b/i18n/ja/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/ja/security-keys.md b/i18n/ja/security-keys.md
index 60535535..887f8c71 100644
--- a/i18n/ja/security-keys.md
+++ b/i18n/ja/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/ja/tools.md b/i18n/ja/tools.md
index ba9a2aaa..6cc870cf 100644
--- a/i18n/ja/tools.md
+++ b/i18n/ja/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AGはスイスのジュネーブに拠点を置いています。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014年から運営をされています。 Mailbox.orgはドイツのベルリンに拠点を置いています。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/ja/tor.md b/i18n/ja/tor.md
index ae12f7d2..152ab49f 100644
--- a/i18n/ja/tor.md
+++ b/i18n/ja/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/ja/vpn.md b/i18n/ja/vpn.md
index 2d82a3c6..43e080f7 100644
--- a/i18n/ja/vpn.md
+++ b/i18n/ja/vpn.md
@@ -2,7 +2,7 @@
meta_title: "プライベートVPNサービスの推奨事項と比較、スポンサーや広告なし - Privacy Guides"
title: "VPNサービス"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. スパイ目的でないVPNサービスプロパイダーをここで見つけましょう。
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrentアプリは多くの場合NAT-PMPをネイティブサポートしています。
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrentアプリは多くの場合NAT-PMPをネイティブサポートしています。
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPNはスイス、アイスランド、スウェーデンに独自のサーバーとデータセンターを持っています。 They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPNはスイス、アイスランド、スウェーデンに独自のサーバーとデータセンターを持っています。 They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } IntelベースのMacではキルスイッチ機能が正常に動作しません。
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. この機能が必要で、Intelチップセットを搭載したMacを使用している場合は別のVPNサービスの利用を検討する必要があります。
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. この機能が必要で、Intelチップセットを搭載したMacを使用している場合は別のVPNサービスの利用を検討する必要があります。
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } モバイルクライアント
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad**は、透明性とセキュリティに重点を置いた、高速で安価なVPNです。 They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad**は、透明性とセキュリティに重点を置いた、高速で安価なVPNです。 They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ VPNプロバイダーを利用すると、特定の状況下ではより良い
### テクノロジー
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**最低条件:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**満たされることが望ましい基準:**
-- 高度に構成可能なオプションを備えたキルスイッチ(特定のネットワークや起動時などで有効/無効)があること。
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- 使いやすいVPNクライアントであること。
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. サーバーがIPv6経由の着信接続を許可し、IPv6アドレスでホストされているサービスにアクセスできることが望ましい。
- [リモートポート転送](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding)機能が備わっていること。リモートポート転送機能は、P2P([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer))ファイル共有ソフトウェアを使用していたり、サーバー(Mumbleなど)をホストしていたりする際に接続を確立することを支援するものです。
@@ -316,11 +316,11 @@ We require all our recommended VPN providers to provide OpenVPN configuration fi
**満たされることが望ましい基準:**
- 複数の[匿名支払いオプション](advanced/payments.md)に対応していること。
-- 個人情報を一切要求しないこと(ユーザー名の自動生成を行ったり、電子メールを不要としたりすること)。
+- No personal information accepted (auto-generated username, no email required, etc.).
### セキュリティー
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**最低条件:**
@@ -358,7 +358,7 @@ A VPN is pointless if it can't even provide adequate security. We require all ou
**最低条件:**
-- アナリティクスを自己でホストすること(つまり、Googleアナリティクスは不可)。 プロバイダーのサイトは、オプトアウトを希望するユーザーのために[DNT(Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track)に準拠しなければなりません。
+- アナリティクスを自己でホストすること(つまり、Googleアナリティクスは不可)。 The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
無責任なマーケティングを行わないこと。
diff --git a/i18n/ko/about.md b/i18n/ko/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/ko/about.md
+++ b/i18n/ko/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/ko/about/contributors.md b/i18n/ko/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/ko/about/contributors.md
+++ b/i18n/ko/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/ko/about/criteria.md b/i18n/ko/about/criteria.md
index 789b7b9c..bac3efcf 100644
--- a/i18n/ko/about/criteria.md
+++ b/i18n/ko/about/criteria.md
@@ -24,7 +24,7 @@ Privacy Guides는 특정 제품을 추천함으로써 수익을 창출하지 않
- 본인이 제안한 프로젝트와 어떤 관계(소속)에 있는지를 공개해야 합니다.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. 가능하다면 감사를 누가 진행하는지도 언질을 해주시면 좋습니다.
- 해당 프로젝트가 프라이버시 면에서 어떤 이점을 제공하는지를 설명해야 합니다.
diff --git a/i18n/ko/about/executive-policy.md b/i18n/ko/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/ko/about/executive-policy.md
+++ b/i18n/ko/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/ko/about/notices.md b/i18n/ko/about/notices.md
index 047ba2ae..d33fe042 100644
--- a/i18n/ko/about/notices.md
+++ b/i18n/ko/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Privacy Guides는 외부 제공 업체로부터 얻은 로고 및 각종 이미지(`assets`에 존재)에 대해, 퍼블릭 도메인이거나 공정 이용에 해당되는 것으로 판단하고 있습니다. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. 단, 로고 등의 이미지는 여전히 일부 관할권에서는 상표법의 적용을 받을 수 있습니다. 본 콘텐츠를 활용하기에 앞서 상표를 소유한 법인 및 단체를 식별하는 용도로 사용한 것이 맞는지 확인하고, 활용하고자 하는 상황에 적용되는 법률에 따라 해당 상표를 사용할 권리가 존재하는지 확인하세요. *여러분이 본 웹사이트의 콘텐츠를 복제할 때, 타인의 상표나 저작권을 침해하지 않도록 할 책임은 전적으로 여러분에게 있습니다.*
+Privacy Guides는 외부 제공 업체로부터 얻은 로고 및 각종 이미지(`assets`에 존재)에 대해, 퍼블릭 도메인이거나 공정 이용에 해당되는 것으로 판단하고 있습니다. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. 단, 로고 등의 이미지는 여전히 일부 관할권에서는 상표법의 적용을 받을 수 있습니다. 본 콘텐츠를 활용하기에 앞서 상표를 소유한 법인 및 단체를 식별하는 용도로 사용한 것이 맞는지 확인하고, 활용하고자 하는 상황에 적용되는 법률에 따라 해당 상표를 사용할 권리가 존재하는지 확인하세요. *여러분이 본 웹사이트의 콘텐츠를 복제할 때, 타인의 상표나 저작권을 침해하지 않도록 할 책임은 전적으로 여러분에게 있습니다.*
여러분이 본 웹사이트에 기여하는 경우, 여러분은 상기 라이선스에 따라 기여하는 것입니다. 여러분은 프로젝트의 일부로서 여러분의 기여를 복제, 변형, 공연, 전시, 공연, 배포할 수 있는 권리를 Privacy Guides에게 부여하게 됩니다. 이는 영구적이며, 전 세계적으로 유효하며, 비독점적이고, 양도 가능하며, 로열티가 없고, 철회 불가능합니다. 또한 이 권리는 여러 단계의 서브라이선스 주체에게 재실시됩니다.
diff --git a/i18n/ko/about/privacytools.md b/i18n/ko/about/privacytools.md
index 73fc94a3..ca4c680b 100644
--- a/i18n/ko/about/privacytools.md
+++ b/i18n/ko/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## r/privacytoolsIO 운영 권한
-privacytools.io 웹사이트 문제가 계속되는 동시에, 레딧의 r/privacytoolsIO 서브레딧(게시판) 운영팀은 관리에 어려움을 겪고 있었습니다. 서브레딧 운영은 웹사이트 개발과는 독립적으로 이루어졌지만, BurungHantu는 서브레딧의 주 관리자이기도 했으며 '모든 권한'을 가진 유일한 관리자였습니다. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit은 서브레딧에 활동하는 관리자가 존재해야 합니다. 주 관리자는 장기간(예시: 1년 이상) 활동하지 않는 경우, 주 관리자는 다음 순위의 관리자로 재임명 가능합니다. 이 요청이 받아들여지기 위해서는 BurungHantu가 (다른 플랫폼에서 잠적했던 것처럼) 오랜 기간 동안 어떤 Reddit 활동에도 전혀 참여하지 않았어야 했습니다.
+Reddit requires that Subreddits have active moderators. 주 관리자는 장기간(예시: 1년 이상) 활동하지 않는 경우, 주 관리자는 다음 순위의 관리자로 재임명 가능합니다. 이 요청이 받아들여지기 위해서는 BurungHantu가 (다른 플랫폼에서 잠적했던 것처럼) 오랜 기간 동안 어떤 Reddit 활동에도 전혀 참여하지 않았어야 했습니다.
> Reddit 요청을 통해 서브레딧 관리자에서 해임된 경우, 이는 귀하의 응답 부재와 활동 부족으로 인해 해당 서브레딧이 r/redditrequest 위임을 받을 조건을 충족했기 때문입니다.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- 지난 작업과 이슈 트래커를 보존하기 위해 GitHub에 소스 코드를 아카이브하여 향후 수개월 동안 현재 사이트를 개발하는 용도로 이용했습니다.
-- 서브레딧을 비롯한 다양한 커뮤니티에 공지를 게시하여 공식적인 변경 사항을 알립니다.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Matrix, Mastodon 등 privacytools.io 서비스를 공식적으로 폐쇄하고 기존 사용자에게 가능한 한 빨리 이전하도록 권장합니다.
모든 것이 순조롭게 진행되는 듯 보였고, 활발히 활동하던 커뮤니티는 대부분 저희가 바라던 대로 새 프로젝트로 전환했습니다.
@@ -66,11 +66,11 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Privacy Guides는 이를 따랐고, 커뮤니티 인원들이 사용하고 있는 Matrix, Mastodon, PeerTube 서브도메인을 적어도 앞으로 몇 달간은 공개 서비스로 계속 운영하여 해당 사용자들이 다른 계정으로 마이그레이션할 기간을 마련해달라고 BurungHantu에게 요청했습니다. 당시 제공하던 서비스의 연합적 특성으로 인해 특정 도메인에 결속돼있어 마이그레이션하기 매우 어려웠고, 아예 불가능한 경우마저 있었습니다.
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
곧이어 BurungHantu는 Jonah가 프로젝트 후원금을 훔쳤다고 거짓 비난을 했습니다. BurungHantu의 주장대로라면 당시 시점은 이미 해당 사건이 발생한 지 1년이 넘은 상태였지만, Privacy Guides로의 이전이 이루어질 때까지 그 누구에게도 해당 사건을 알리지 않았다는 뜻이 됩니다. Privacy Guides 팀 및 [커뮤니티는](https://twitter.com/TommyTran732/status/1526153536962281474) BurungHantu에게 해당 주장이 사실이라면 증거는 무엇인지, 여태까지 고발하지 않았던 이유는 무엇인지 밝힐 것을 여러 차례 요청했지만, 그는 대답하지 않았습니다.
-또한 BurungHantu는 [Twitter 게시글](https://twitter.com/privacytoolsIO/status/1510560676967710728)에서 자신은 현재 '변호사'의 조언을 따르고 있는 중이라고 주장했으나, 이는 서브레딧 관리 권한을 되찾기 위한 시도의 일종이며, 자신은 피해자일 뿐임을 설파하며 Privacy Guides 출시 시점이 다가온 상황에 여론을 조작하려는 행동의 일환이었습니다.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io 현황
@@ -80,7 +80,7 @@ Unfortunately, because control of the r/privacytoolsIO subreddit was not returne
## r/privacytoolsIO 현황
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> ... 이 서브레딧의 여태까지의 성장은 수년에 걸쳐 이루어진 많은 노력의 결과입니다. 다름 아닌 PrivacyGuides.org 팀이 그 주역이었습니다. 그리고 여러분 모두의 덕택이었습니다.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
서브레딧은 그 누구의 소유물도 아니며, 브랜드 대표만의 소유물은 더더욱 아닙니다. 서브레딧은 커뮤니티의 소유물입니다. 그리고 커뮤니티와 운영진은 r/PrivacyGuides로의 이전을 지지하기로 결정했습니다.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> 해임 요청에 관련한 관리자의 보복 행위는 허용되지 않습니다.
-커뮤니티에 여전히 수천 명의 구독자가 남아 있었기 때문에, 이 거대한 플랫폼의 통제권을 매우 낮은 품질의 정보를 제공하는 사이트를 운영하고 있는 사람에게, 1년 이상 방임하는 사람에게 돌려주는 것은 도리가 아니라 판단했습니다. 해당 커뮤니티에서 이루어졌던 지난 수년간의 토론을 보존하는 것이 더 중요했기 때문에 u/trai_dep 및 나머지 관리자는 r/privacytoolsIO를 그대로 유지하기로 결정했습니다.
+커뮤니티에 여전히 수천 명의 구독자가 남아 있었기 때문에, 이 거대한 플랫폼의 통제권을 매우 낮은 품질의 정보를 제공하는 사이트를 운영하고 있는 사람에게, 1년 이상 방임하는 사람에게 돌려주는 것은 도리가 아니라 판단했습니다. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective 현황
diff --git a/i18n/ko/about/statistics.md b/i18n/ko/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/ko/about/statistics.md
+++ b/i18n/ko/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/ko/advanced/communication-network-types.md b/i18n/ko/advanced/communication-network-types.md
index 8884e28c..7aada37c 100644
--- a/i18n/ko/advanced/communication-network-types.md
+++ b/i18n/ko/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ description: 메신저 애플리케이션에서 보편적으로 사용되는 몇
- 자체 서버를 운영하는 경우 자신의 데이터에 대한 통제력이 향상됩니다.
- 여러 '공개' 서버 중 원하는 서버를 고르는 것으로 데이터 신뢰 대상을 취사선택 가능합니다.
- 네이티브, 커스텀, 사용 경험 면에서 더 뛰어난 제3자 클라이언트를 사용할 수 있도록 허용하는 경우가 많습니다.
-- 서버에 직접 접근 가능하거나, 접근 가능한 사람을 신뢰(권한을 가진 사람 중 한명이 자신의 가족인 경우 등)하는 경우 실제 서버 소프트웨어가 공개된 소스 코드와 일치하는지 검증할 수 있습니다.
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**단점:**
@@ -60,7 +60,7 @@ description: 메신저 애플리케이션에서 보편적으로 사용되는 몇
P2P 메신저는 [분산형(Distributed) 네트워크](https://en.wikipedia.org/wiki/Distributed_networking)에 노드로서 연결되어 제3자 서버 없이 수신자에게 메시지를 전달합니다.
-클라이언트(피어)는 일반적으로 [분산 컴퓨팅](https://en.wikipedia.org/wiki/Distributed_computing) 네트워크를 이용해 서로를 찾아냅니다. 예시로는 [토렌트](https://ko.wikipedia.org/wiki/%EB%B9%84%ED%8A%B8%ED%86%A0%EB%A0%8C%ED%8A%B8), [IPFS](https://ko.wikipedia.org/wiki/InterPlanetary_File_System)에서 사용하는 [분산 해시 테이블](https://ko.wikipedia.org/wiki/%EB%B6%84%EC%82%B0_%ED%95%B4%EC%8B%9C_%ED%85%8C%EC%9D%B4%EB%B8%94)(DHT)이 있습니다. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+클라이언트(피어)는 일반적으로 [분산 컴퓨팅](https://en.wikipedia.org/wiki/Distributed_computing) 네트워크를 이용해 서로를 찾아냅니다. 예시로는 [토렌트](https://ko.wikipedia.org/wiki/%EB%B9%84%ED%8A%B8%ED%86%A0%EB%A0%8C%ED%8A%B8), [IPFS](https://ko.wikipedia.org/wiki/InterPlanetary_File_System)에서 사용하는 [분산 해시 테이블](https://ko.wikipedia.org/wiki/%EB%B6%84%EC%82%B0_%ED%95%B4%EC%8B%9C_%ED%85%8C%EC%9D%B4%EB%B8%94)(DHT)이 있습니다. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
피어가 이러한 방법을 통해 연락 상대로 연결되는 경로를 찾아내면 서로 직접 연결이 이루어집니다. 메시지에는 일반적으로 암호화가 적용되나, 관찰자는 발신자/수신자의 위치와 신원을 유추할 수 있습니다.
@@ -85,9 +85,9 @@ P2P 네트워크는 피어가 서로 직접 통신하므로 서버를 사용하
[익명 라우팅](https://doi.org/10.1007/978-1-4419-5906-5_628)을 사용하는 메신저는 발신자, 수신자의 신원 혹은 통신 흔적을 드러내지 않습니다. 이상적으로는, 메신저는 이 세 가지(발신자 신원, 수신자 신원, 통신 흔적) 모두를 숨길 수 있어야 합니다.
-익명 라우팅을 구현하는 방법은 [여러 가지](https://doi.org/10.1145/3182658)가 존재합니다. 대표적인 방법으로는 [Onion 라우팅](https://en.wikipedia.org/wiki/Onion_routing)([Tor](tor-overview.md))이 존재합니다. 각 메시지의 발신자나 수신자뿐만 아니라 각 노드의 위치를 숨기는 가상 [오버레이 네트워크](https://en.wikipedia.org/wiki/Overlay_network)를 통해 암호화 메시지를 주고받습니다. 발신자와 수신자는 직접적으로 상호작용하지 않고 비밀 랑데부 노드를 통해서만 만나기 때문에 IP 주소나 실제 위치는 노출되지 않습니다. 노드는 메시지를 복호화하거나 최종 목적지를 알 수 없으며, 수신자만이 해독 가능합니다. 각 중개 노드는 메시지를 다음에는 어디로 보낼지를 나타내는 부분만 해독 가능하며 그 외에는 여전히 암호화가 적용되어 있습니다. 그리고 이 과정은 수신자에게 도달해 완전히 복호화될 때까지 반복됩니다. 'Onion(양파) 레이어'라는 명칭은 이러한 작동 방식에서 유래되었습니다.
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. 대표적인 방법으로는 [Onion 라우팅](https://en.wikipedia.org/wiki/Onion_routing)([Tor](tor-overview.md))이 존재합니다. 각 메시지의 발신자나 수신자뿐만 아니라 각 노드의 위치를 숨기는 가상 [오버레이 네트워크](https://en.wikipedia.org/wiki/Overlay_network)를 통해 암호화 메시지를 주고받습니다. 발신자와 수신자는 직접적으로 상호작용하지 않고 비밀 랑데부 노드를 통해서만 만나기 때문에 IP 주소나 실제 위치는 노출되지 않습니다. 노드는 메시지를 복호화하거나 최종 목적지를 알 수 없으며, 수신자만이 해독 가능합니다. 각 중개 노드는 메시지를 다음에는 어디로 보낼지를 나타내는 부분만 해독 가능하며 그 외에는 여전히 암호화가 적용되어 있습니다. 그리고 이 과정은 수신자에게 도달해 완전히 복호화될 때까지 반복됩니다. 'Onion(양파) 레이어'라는 명칭은 이러한 작동 방식에서 유래되었습니다.
-익명 라우팅 네트워크에서 노드를 자체 호스팅하는 행위는 자신의 프라이버시에 추가적인 이점을 제공하지 않습니다. 전체 네트워크로 하여금 식별 공격에 대한 복원력을 높이는 데 기여하는, 모두의 이익을 위한 행위입니다.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**장점:**
diff --git a/i18n/ko/advanced/dns-overview.md b/i18n/ko/advanced/dns-overview.md
index 6d790256..bd3c9163 100644
--- a/i18n/ko/advanced/dns-overview.md
+++ b/i18n/ko/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: DNS, 즉 도메인 네임 시스템은 '인터넷의 전화번호부'라고 할 수 있습니다. DNS가 있기 때문에 여러분은 브라우저에서 원하는 사이트를 찾아 연결할 수 있습니다.
---
-[도메인 네임 시스템](https://ko.wikipedia.org/wiki/%EB%8F%84%EB%A9%94%EC%9D%B8_%EB%84%A4%EC%9E%84_%EC%8B%9C%EC%8A%A4%ED%85%9C)은 '인터넷의 전화번호부'라고 할 수 있습니다. DNS는 분산 서버 네트워크를 통해 도메인 이름을 IP 주소로 변환합니다. 브라우저 등의 서비스는 이를 이용해 인터넷 리소스를 로드할 수 있습니다.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS는 분산 서버 네트워크를 통해 도메인 이름을 IP 주소로 변환합니다. 브라우저 등의 서비스는 이를 이용해 인터넷 리소스를 로드할 수 있습니다.
## DNS란 무엇인가요?
@@ -24,7 +24,7 @@ DNS는 [인터넷의 초창기](https://ko.wikipedia.org/wiki/%EB%8F%84%EB%A9%94
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. 이후 Linux, macOS 등에서는 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) 명령어를, Windows에서는 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) 명령어를 사용해 두 서버로 DNS 조회를 전송할 수 있습니다. 웹 브라우저 등의 소프트웨어는 암호화된 DNS를 사용하도록 설정된 경우가 아니라면 이러한 조회를 자동으로 수행합니다.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. 웹 브라우저 등의 소프트웨어는 암호화된 DNS를 사용하도록 설정된 경우가 아니라면 이러한 조회를 자동으로 수행합니다.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ DNS는 [인터넷의 초창기](https://ko.wikipedia.org/wiki/%EB%8F%84%EB%A9%94
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,34 +70,24 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt)는 DNS 쿼리를 암호화하는 최초의 방법 중 하나였습니다. DNSCrypt는 443 포트에서 작동하며, TCP/UDP 전송 프로토콜 모두에서 작동합니다. DNSCrypt는 [국제 인터넷 표준화 기구(IETF)](https://ko.wikipedia.org/wiki/%EA%B5%AD%EC%A0%9C_%EC%9D%B8%ED%84%B0%EB%84%B7_%ED%91%9C%EC%A4%80%ED%99%94_%EA%B8%B0%EA%B5%AC)에 제출되지 않았고RFC 절차를 거치지 않았기 때문에, [일부 구현체](https://dnscrypt.info/implementations)를 제외하고는 널리 사용되지 않았습니다. 결과적으로, 보다 널리 사용되는 [DNS over HTTPS](#dns-over-https-doh)로 대체되었습니다.
-
-
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt)는 DNS 쿼리를 암호화하는 최초의 방법 중 하나였습니다. DNSCrypt는 443 포트에서 작동하며, TCP/UDP 전송 프로토콜 모두에서 작동합니다. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). 결과적으로, 보다 널리 사용되는 [DNS over HTTPS](#dns-over-https-doh)로 대체되었습니다.
### DOT(DNS over TLS)
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS)는 DNS 통신을 암호화하는 또 다른 방법으로, [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858)에 정의되어 있습니다. Support was first implemented in Android 9, iOS 14, and on Linux in [systemd-resolved](https://freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to DoH in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq) and has varying compliance to the RFC across the implementations that exist. 또한, 853 포트를 전용으로 사용하기 때문에 제한적인 방화벽에 의해 쉽게 차단될 수 있다는 문제도 존재합니다.
-
-
### DoH(DNS over HTTPS)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS), as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484), packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Firefox 60, Chrome 83과 같은 웹 브라우저에서 처음으로 지원되었습니다.
DoH 네이티브 구현은 iOS 14, macOS 11, Microsoft Windows, Android 13(단, [기본 활성화가 아닙니다](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144))부터 추가되었습니다. 일반 Linux 데스크톱의 경우, systemd [구현체](https://github.com/systemd/systemd/issues/8639)가 아직 존재하지 않기 때문에 [별도 소프트웨어를 설치해야 합니다](../dns.md#encrypted-dns-proxies).
-
-
### 운영 체제 기본 지원
-
-
#### Android
Android 9 이상 버전은 DNS over TLS를 지원합니다. 해당 설정은 **설정** → **네트워크 및 인터넷** → **비공개 DNS**에서 확인할 수 있습니다.
-
-
#### Apple 기기
iOS, iPadOS, tvOS, macOS 최신 버전은 DoT, DoH를 모두 지원합니다. 두 프로토콜 모두 [구성 프로필](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web)이나 [DNS 설정 API](https://developer.apple.com/documentation/networkextension/dns_settings)를 통해 운영 체제에서 기본으로 지원합니다.
@@ -106,98 +96,71 @@ iOS, iPadOS, tvOS, macOS 최신 버전은 DoT, DoH를 모두 지원합니다.
Apple은 암호화 DNS 프로필 생성을 위한 기본 인터페이스를 제공하지 않습니다. [보안 DNS 프로필 생성기(Secure DNS profile creator)](https://dns.notjakob.com/tool.html)는 자신만의 암호화 DNS 프로필을 생성할 수 있는 비공식 툴이지만, 프로필 서명은 불가능합니다. 프로필 서명은 프로필 출처 확인 및 무결성 보장에 도움이 되므로, 서명된 프로필이 선호됩니다. 서명된 구성 프로필에는 '확인 완료' 표시가 나타납니다. 코드 서명에 대한 자세한 내용은 [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)을 참고하세요.
-
-
#### Linux
`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](../dns.md#dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
-
-
## 외부 주체는 무엇을 볼 수 있나요?
다음 예시에서는 DoH 요청 시 실제로 어떤 일이 일어나는지 기록해보겠습니다.
-1. 먼저 `tshark`를 실행합니다.
-
-
+1. 먼저 `tshark`를 실행합니다.
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
-
-2. 이후 `curl`를 이용해 요청을 생성합니다.
-
-
+2. 이후 `curl`를 이용해 요청을 생성합니다.
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
-
3. 요청 후
CTRL +
C를 눌러 패킷 캡처를 중지합니다.
-4. Wireshark에서 결과를 분석합니다.
-
-
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
```
-
We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake) that occurs with any encrypted connection. 뒤따르는 'Application Data' 패킷을 살펴보면 요청했던 도메인이나 반환된 IP 주소가 포함되어 있지 않다는 것 또한 확인할 수 있습니다.
-
-
## 암호화 DNS를 사용하지 **말아야** 하는 이유는 무엇인가요?
인터넷 필터링(혹은 검열)이 존재하는 지역에서는 '차단된 정보에 접근하는 행위' 자체가 자신의 [위협 모델](../basics/threat-modeling.md)에서 고려해야 할 어떠한 결과를 초래할 수도 있습니다. Privacy Guides는 이러한 목적으로 암호화 DNS를 사용하는 것은 추천드리지 **않습니다**. Use [Tor](../advanced/tor-overview.md) or a [VPN](../vpn.md) instead. VPN을 사용하는 경우, 자신이 사용하는 VPN의 DNS 서버를 사용해야 합니다. VPN을 사용하는 순간부터 이미 자신의 모든 네트워크 활동을 VPN 업체에게 맡기고 있는 것이기 때문입니다.
일반적으로 우리가 무언가에 대한 DNS 조회를 할 때는 해당 리소스에 접근하고자 하는 의도가 있습니다. 다음은 암호화 DNS를 사용하더라도 여러분의 인터넷 탐색 활동이 노출될 수 있는 몇 가지 경우입니다.
-
-
### IP 주소
인터넷 탐색 활동을 알아내는 가장 쉬운 방법은 해당 기기에서 접근하는 IP 주소를 확인하는 것입니다. 예를 들어, 어떤 관찰자가 `privacyguides.org`는 `198.98.54.105`에 존재함을 알고 있는 상태에서, 여러분의 기기가 `198.98.54.105`로 데이터를 요청한 것을 확인했다면, 여러분이 Privacy Guides를 방문했을 것으로 예상할 수 있습니다.
-이 방식은 해당 IP 주소의 서버가 호스팅하고 있는 웹사이트의 개수가 적을 경우에만 유효합니다. 또한 공유 플랫폼(Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger 등)에서 사이트가 호스팅되고 있는 경우에도 그다지 효과가 없습니다. 최신 인터넷 환경에서는 매우 일반적인 [리버스 프록시](https://ko.wikipedia.org/wiki/%EB%A6%AC%EB%B2%84%EC%8A%A4_%ED%94%84%EB%A1%9D%EC%8B%9C) 뒤에 호스팅되고 있는 경우에도 마찬가지로 그다지 효과가 없습니다.
-
-
+이 방식은 해당 IP 주소의 서버가 호스팅하고 있는 웹사이트의 개수가 적을 경우에만 유효합니다. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). 최신 인터넷 환경에서는 매우 일반적인 [리버스 프록시](https://ko.wikipedia.org/wiki/%EB%A6%AC%EB%B2%84%EC%8A%A4_%ED%94%84%EB%A1%9D%EC%8B%9C) 뒤에 호스팅되고 있는 경우에도 마찬가지로 그다지 효과가 없습니다.
### SNI(Server Name Indication)
-SNI(Server Name Indication, 서버 이름 표시)는 주로 하나의 IP 주소에서 여러 웹사이트를 호스팅하는 경우에 사용됩니다. Cloudflare 등의 서비스나, 그 외 [서비스 거부 공격(DosS공격)](https://ko.wikipedia.org/wiki/%EC%84%9C%EB%B9%84%EC%8A%A4_%EA%B1%B0%EB%B6%80_%EA%B3%B5%EA%B2%A9) 보호 서비스 등이 해당 예시입니다.
+Server Name Indication is typically used when an IP address hosts many websites. Cloudflare 등의 서비스나, 그 외 [서비스 거부 공격(DosS공격)](https://ko.wikipedia.org/wiki/%EC%84%9C%EB%B9%84%EC%8A%A4_%EA%B1%B0%EB%B6%80_%EA%B3%B5%EA%B2%A9) 보호 서비스 등이 해당 예시입니다.
-1. 마찬가지로 `tshark`로 캡처를 시작합니다. 지나치게 많은 패킷이 캡처되지 않도록 Privacy Guides의 IP 주소 필터를 추가합시다.
-
-
+1. 마찬가지로 `tshark`로 캡처를 시작합니다. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
-
2. 이제 [https://privacyguides.org](https://privacyguides.org)를 방문합니다.
3. 사이트를 방문한 이후에는
CTRL +
C로 패킷 캡처를 중지합니다.
-4. 이제 결과를 분석합시다.
-
-
+4. 이제 결과를 분석합시다.
```bash
wireshark -r /tmp/pg.pcap
```
+ 연결이 설정이 이루어지고 Privacy Guides 사이트에 대한 TLS 핸드셰이크 과정을 확인할 수 있습니다. 프레임 5 주변에서 "Client Hello"를 확인할 수 있습니다.
-연결이 설정이 이루어지고 Privacy Guides 사이트에 대한 TLS 핸드셰이크 과정을 확인할 수 있습니다. 프레임 5 주변에서 "Client Hello"를 확인할 수 있습니다.
-
-5. 각 필드 옆의 삼각형 ▸을 눌러 펼칩니다.
-
-
+5. 각 필드 옆의 삼각형 ▸을 눌러 펼칩니다.
```text
▸ Transport Layer Security
@@ -207,22 +170,16 @@ SNI(Server Name Indication, 서버 이름 표시)는 주로 하나의 IP 주소
▸ Server Name Indication extension
```
-
-6. 방문 중인 사이트를 나타내는 SNI 값을 확인할 수 있습니다. `tshark` 명령어로 SNI 값을 포함한 모든 패킷 값을 직접 확인 가능합니다.
-
-
+6. 방문 중인 사이트를 나타내는 SNI 값을 확인할 수 있습니다. `tshark` 명령어로 SNI 값을 포함한 모든 패킷 값을 직접 확인 가능합니다.
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
-
즉, '암호화 DNS'를 사용하더라도 도메인은 SNI를 통해 노출될 가능성이 높습니다. The [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) protocol brings with it [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello), which prevents this kind of leak.
Governments, in particular [China](https://zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni) and [Russia](https://zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. 최근 러시아는 [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) 표준을 사용하는 [해외 사이트를 차단하기 시작했습니다](https://github.com/net4people/bbs/issues/108). HTTP/3의 일부인 [QUIC](https://ko.wikipedia.org/wiki/QUIC) 프로토콜에서는 `ClientHello` 암호화가 필수적이기 때문입니다.
-
-
### OCSP(온라인 인증서 상태 프로토콜)
[OCSP](https://ko.wikipedia.org/wiki/%EC%98%A8%EB%9D%BC%EC%9D%B8_%EC%9D%B8%EC%A6%9D%EC%84%9C_%EC%83%81%ED%83%9C_%ED%94%84%EB%A1%9C%ED%86%A0%EC%BD%9C)를 통해 인터넷 탐색 활동이 노출될 가능성도 있습니다. 여러분이 HTTPS 웹사이트를 방문할 때, 브라우저는 해당 웹사이트의 [인증서](https://ko.wikipedia.org/wiki/%EA%B3%B5%EA%B0%9C_%ED%82%A4_%EC%9D%B8%EC%A6%9D%EC%84%9C)가 만료되었는지 확인합니다. 이 과정은 HTTP 프로토콜을 사용해 이루어집니다. 다시 말해, 암호화가 적용되지 **않습니다**.
@@ -231,66 +188,46 @@ OCSP 요청에는 고유한 인증서 [일련번호](https://en.wikipedia.org/wi
[`openssl`](https://ko.wikipedia.org/wiki/OpenSSL) 명령어로 브라우저의 동작을 시뮬레이션할 수 있습니다.
-1. 서버 인증서를 가져오고 [`sed`](https://ko.wikipedia.org/wiki/Sed_(%EC%9C%A0%ED%8B%B8%EB%A6%AC%ED%8B%B0))를 이용해 중요한 부분만 파일에 기록합니다.
-
-
+1. 서버 인증서를 가져오고 [`sed`](https://ko.wikipedia.org/wiki/Sed_(%EC%9C%A0%ED%8B%B8%EB%A6%AC%ED%8B%B0))를 이용해 중요한 부분만 파일에 기록합니다.
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
-
-2. 중간 인증서(Intermediate Certificate)를 받습니다. [인증 기관(CA)](https://ko.wikipedia.org/wiki/%EC%9D%B8%EC%A6%9D_%EA%B8%B0%EA%B4%80)은 일반적으로 인증서에 직접 서명하지 않고 '중간 인증서'라고 불리는 것을 사용합니다.
-
-
+2. 중간 인증서(Intermediate Certificate)를 받습니다. [인증 기관(CA)](https://ko.wikipedia.org/wiki/%EC%9D%B8%EC%A6%9D_%EA%B8%B0%EA%B4%80)은 일반적으로 인증서에 직접 서명하지 않고 '중간 인증서'라고 불리는 것을 사용합니다.
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
-
-3. `pg_and_intermediate.cert`의 첫 번째 인증서는 1단계에서의 서버에 대한 인증서입니다. `sed` 명령어를 다시 사용해 END가 처음 등장하는 부분까지 제거합니다.
-
-
+3. `pg_and_intermediate.cert`의 첫 번째 인증서는 1단계에서의 서버에 대한 인증서입니다. `sed` 명령어를 다시 사용해 END가 처음 등장하는 부분까지 제거합니다.
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
-
-4. 서버 인증서에 대한 OCSP 응답자를 얻어냅니다.
-
-
+4. 서버 인증서에 대한 OCSP 응답자를 얻어냅니다.
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
-
-인증서에서 Lets Encrypt 인증서 응답자를 확인할 수 있습니다. 인증서의 모든 세부 정보를 확인하려면 다음 명령어를 사용합니다.
-
-
+ 인증서에서 Lets Encrypt 인증서 응답자를 확인할 수 있습니다. 인증서의 모든 세부 정보를 확인하려면 다음 명령어를 사용합니다.
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
-
-5. 패킷 캡처를 시작합니다.
-
-
+5. 패킷 캡처를 시작합니다.
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
-
-6. OCSP 요청을 생성합니다.
-
-
+6. OCSP 요청을 생성합니다.
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
@@ -299,19 +236,13 @@ OCSP 요청에는 고유한 인증서 [일련번호](https://en.wikipedia.org/wi
-url http://r3.o.lencr.org
```
-
-7. 캡처를 엽니다.
-
-
+7. 캡처를 엽니다.
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
-
-'OCSP' 프로토콜에서 'Request', 'Response'라는 두 패킷을 확인할 수 있습니다. 'Request'에서는 각 필드 옆의 삼각형 ▸을 눌러 일련번호(Serial Number)를 확인할 수 있습니다.
-
-
+ 'OCSP' 프로토콜에서 'Request', 'Response'라는 두 패킷을 확인할 수 있습니다. 'Request'에서는 각 필드 옆의 삼각형 ▸을 눌러 일련번호(Serial Number)를 확인할 수 있습니다.
```bash
▸ Online Certificate Status Protocol
@@ -322,10 +253,7 @@ OCSP 요청에는 고유한 인증서 [일련번호](https://en.wikipedia.org/wi
serialNumber
```
-
-'Response'에서도 마찬가지로 일련번호를 확인할 수 있습니다.
-
-
+ 'Response'에서도 마찬가지로 일련번호를 확인할 수 있습니다.
```bash
▸ Online Certificate Status Protocol
@@ -338,26 +266,18 @@ OCSP 요청에는 고유한 인증서 [일련번호](https://en.wikipedia.org/wi
serialNumber
```
-
-8. 혹은 `tshark`를 이용해 패킷을 일련번호로 필터링합니다.
-
-
+8. 혹은 `tshark`를 이용해 패킷을 일련번호로 필터링합니다.
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
-
네트워크 관찰자가 공개적으로 사용할 수 있는 공개 인증서를 가지고 있는 경우, 일련번호를 해당 인증서와 대조할 수 있으므로 여러분이 어떤 사이트를 방문하는지 알아낼 수 있습니다. 이 과정은 자동화될 수 있으며, 일련번호를 IP 주소와 연관시킬 수 있습니다. [인증서 투명성](https://en.wikipedia.org/wiki/Certificate_Transparency) 로그에서 일련번호를 확인하는 것 또한 가능합니다.
-
-
## "제가 암호화 DNS를 사용해야 할까요?"
Privacy Guides는 여러분이 *언제 암호화 DNS를 사용해야 할지* 판단할 수 있도록 플로우차트로 정리해 보았습니다.
-
-
``` mermaid
graph TB
Start[시작] --> anonymous{익명성을
원하시나요?}
@@ -373,13 +293,10 @@ graph TB
ispDNS --> | 아니요 | nothing(아무 것도
할 필요 없습니다)
```
-
-제3자 서버를 사용하는 암호화 DNS는 '이를 사용함으로써 아무런 문제가 발생하지 않을 것이라고 확신할 수 있을 때' ISP의 기본적인 리디렉션 및 [DNS 차단](https://en.wikipedia.org/wiki/DNS_blocking)을 우회하는 용도로만 사용하거나, 기초적인 DNS 필터링 서비스를 필요로 할 때만 사용해야 합니다.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[권장 DNS 서버 목록](../dns.md ""){.md-button}
-
-
## DNSSEC이란 무엇인가요?
DNSSEC([Domain Name System Security Extensions](https://ko.wikipedia.org/wiki/DNSSEC))는 도메인 이름 조회에 대한 응답을 인증하는 DNS 기능입니다. 이 기능은 프라이버시 보호와는 별 관련이 없지만, 공격자가 DNS 요청 응답을 변조하거나 오염시키는 것을 방지합니다.
@@ -390,9 +307,7 @@ DNSSEC 서명 과정은 사람이 펜으로 법적 문서에 서명하는 과정
DNSSEC은 DNS의 모든 계층에 걸쳐 계층적(Hierarchical) 디지털 서명 정책을 구현합니다. 예를 들어 `privacyguides.org`를 조회하는 경우, 루트 DNS 서버는 자신의 키로 서명해 `.org` 네임 서버에게 제공하고, `.org` 네임 서버 또한 자신의 키로 서명해 `privacyguides.org`의 권한 있는 서버에 제공합니다.
-
Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0).
-
-
+
Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0).
## QNAME 최소화란 무엇인가요?
@@ -404,7 +319,6 @@ QNAME은 '정규화된 이름(Qualified Name)'입니다(예시: `discuss.privacy
| .net 서버 | discuss.privacyguides.net의 IP는 무엇인가요? | I don't know, ask Privacy Guides' server... |
| Privacy Guides 서버 | discuss.privacyguides.net의 IP는 무엇인가요? | 5.161.195.190! |
-
With "QNAME minimization," your DNS resolver now only asks for just enough information to find the next server in the chain. In this example, the root server is only asked for enough information to find the appropriate nameserver for the .net TLD, and so on, without ever knowing the full domain you're trying to visit:
| Server | 질문 | 응답 |
@@ -414,11 +328,8 @@ With "QNAME minimization," your DNS resolver now only asks for just enough infor
| Privacy Guides 서버 | What's the nameserver for discuss.privacyguides.net? | This server! |
| Privacy Guides 서버 | discuss.privacyguides.net의 IP는 무엇인가요? | 5.161.195.190 |
-
While this process can be slightly more inefficient, in this example neither the central root nameservers nor the TLD's nameservers ever receive information about your *full* query, thus reducing the amount of information being transmitted about your browsing habits. 세부 기술 설명은 [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816)에 정의되어 있습니다.
-
-
## ECS(EDNS 클라이언트 서브넷)란 무엇인가요?
[EDNS 클라이언트 서브넷](https://en.wikipedia.org/wiki/EDNS_Client_Subnet)이란, DNS 쿼리를 생성하는 [호스트나 클라이언트](https://ko.wikipedia.org/wiki/%ED%81%B4%EB%9D%BC%EC%9D%B4%EC%96%B8%ED%8A%B8_(%EC%BB%B4%ED%93%A8%ED%8C%85))의 [서브넷](https://ko.wikipedia.org/wiki/%EB%B6%80%EB%B6%84%EB%A7%9D)을 Recursive DNS 리졸버가 지정할 수 있는 방식입니다.
@@ -429,26 +340,18 @@ This feature does come at a privacy cost, as it tells the DNS server some inform
If you have `dig` installed you can test whether your DNS provider gives EDNS information out to DNS nameservers with the following command:
-
-
```bash
dig +nocmd -t txt o-o.myaddr.l.google.com +nocomments +noall +answer +stats
```
-
Note that this command will contact Google for the test, and return your IP as well as EDNS client subnet information. If you want to test another DNS resolver you can specify their IP, to test `9.9.9.11` for example:
-
-
```bash
dig +nocmd @9.9.9.11 -t txt o-o.myaddr.l.google.com +nocomments +noall +answer +stats
```
-
If the results include a second edns0-client-subnet TXT record (like shown below), then your DNS server is passing along EDNS information. The IP or network shown after is the precise information which was shared with Google by your DNS provider.
-
-
```text
o-o.myaddr.l.google.com. 60 IN TXT "198.51.100.32"
o-o.myaddr.l.google.com. 60 IN TXT "edns0-client-subnet 198.51.100.0/24"
diff --git a/i18n/ko/advanced/tor-overview.md b/i18n/ko/advanced/tor-overview.md
index 17f18c96..0324aa5f 100644
--- a/i18n/ko/advanced/tor-overview.md
+++ b/i18n/ko/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/ko/ai-chat.md b/i18n/ko/ai-chat.md
index 08c1d7a6..d0a8dc1c 100644
--- a/i18n/ko/ai-chat.md
+++ b/i18n/ko/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## 평가 기준
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### 우대 사항
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/ko/alternative-networks.md b/i18n/ko/alternative-networks.md
index d9e5d60a..e1b3f4d3 100644
--- a/i18n/ko/alternative-networks.md
+++ b/i18n/ko/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/ko/android/general-apps.md b/i18n/ko/android/general-apps.md
index 5ff904f1..96e7dd36 100644
--- a/i18n/ko/android/general-apps.md
+++ b/i18n/ko/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/ko/basics/account-creation.md b/i18n/ko/basics/account-creation.md
index 6cf257f5..ce5317bb 100644
--- a/i18n/ko/basics/account-creation.md
+++ b/i18n/ko/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-사람들은 별다른 생각 없이 서비스에 가입할 때가 많습니다. 남들이 이야기하는 새로 나온 드라마를 상영하는 스트리밍 서비스에 가입하기도 하고, 자주 가는 음식 프랜차이즈에서 할인 혜택을 받으려고 가입하기도 합니다. 어떤 경우든, 현재 및 향후 여러분의 데이터에 미치는 영향을 고려해야 합니다.
+사람들은 별다른 생각 없이 서비스에 가입할 때가 많습니다. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. 어떤 경우든, 현재 및 향후 여러분의 데이터에 미치는 영향을 고려해야 합니다.
새로 사용하는 모든 서비스에는 위험성이 뒤따릅니다. 어딘가에 정보를 제공할 때에는 데이터 유출, 제3자에게 고객 정보 공개, 불량 직원의 데이터 접근 등 다양한 가능성을 고려해야 합니다. 그러니 믿을만한, 즉 가장 성숙하고 실전에서 검증된 서비스 이외에는 여러분의 소중한 데이터를 저장하지 않을 것을 권장드립니다. 믿을 만한 서비스는 일반적으로 E2EE를 제공하고 암호화 감사를 거친 서비스를 의미합니다. 보안 감사는 미숙한 개발자에 의해 생겼을지도 모르는 확연한 보안 문제가 없게 제품이 설계되었음을 보장합니다.
@@ -13,11 +13,11 @@ description: Creating accounts online is practically an internet necessity, take
## 서비스 이용 약관 & 개인정보 보호 정책(프라이버시 정책)
-'이용 약관'은 여러분이 어떤 서비스를 이용할 때 동의해야 하는 규칙입니다. 대규모 서비스에서는 이용 약관 규칙을 자동화된 시스템과 운용하는 경우가 많습니다. 그리고 자동화 시스템에서는 간혹 실수가 발생하기도 합니다. 예를 들어, 일부 서비스에서는 VPN/VoIP 번호를 사용한다는 이유로 계정이 차단되거나 잠길 수 있습니다. 이런 제한 조치에 대한 이의 제기는 어려운 경우가 많고 자동화된 과정을 거쳐야 하므로, 항상 성공적이진 않습니다. 이는 Privacy Guides에서 Gmail 이메일 서비스 사용을 권장드리지 않는 이유 중 하나이기도 합니다. 이메일은 여러분이 가입한 다른 서비스에 접근하기 위한 매우 중요한 역할을 맡고 있습니다.
+'이용 약관'은 여러분이 어떤 서비스를 이용할 때 동의해야 하는 규칙입니다. 대규모 서비스에서는 이용 약관 규칙을 자동화된 시스템과 운용하는 경우가 많습니다. 그리고 자동화 시스템에서는 간혹 실수가 발생하기도 합니다. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. 이런 제한 조치에 대한 이의 제기는 어려운 경우가 많고 자동화된 과정을 거쳐야 하므로, 항상 성공적이진 않습니다. 이는 Privacy Guides에서 Gmail 이메일 서비스 사용을 권장드리지 않는 이유 중 하나이기도 합니다. 이메일은 여러분이 가입한 다른 서비스에 접근하기 위한 매우 중요한 역할을 맡고 있습니다.
-개인정보 보호 정책은 서비스에서 여러분의 데이터를 어떻게 이용할지 명시한 것으로, 여러분은 자신의 데이터가 어떻게 쓰일지 이해하기 위해 읽어보는 것이 좋습니다. 회사/조직은 정책 내 모든 내용을 따르도록 법적으로 강제되지는 않을 수 있습니다(관할권에 따라 달라집니다). 제공 업체가 수집 가능한 데이터의 범위와 현지 법률을 어느 정도는 파악해 두는 것이 좋습니다.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. 회사/조직은 정책 내 모든 내용을 따르도록 법적으로 강제되지는 않을 수 있습니다(관할권에 따라 달라집니다). 제공 업체가 수집 가능한 데이터의 범위와 현지 법률을 어느 정도는 파악해 두는 것이 좋습니다.
-살펴봐야 할 주요 용어는 '데이터 수집(Data Collection)', '데이터 분석(Data Analysis)', '쿠키(Cookies)', '광고(Ads)', '제3자/타사(3rd-Party)' 등이 있습니다. 데이터 수집/공유를 거부할 수 있는 경우도 있지만, 가장 좋은 방법은 처음부터 프라이버시를 존중하는 서비스를 선택하는 것입니다.
+살펴봐야 할 주요 용어는 '데이터 수집(Data Collection)', '데이터 분석(Data Analysis)', '쿠키(Cookies)', '광고(Ads)', '제3자/타사(3rd-Party)' 등이 있습니다. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
또한, 여러분은 해당 서비스 회사/조직이 개인정보 처리 방침을 올바르게 준수할 것이라고 믿고 있을 뿐임을 명심해야 합니다.
@@ -42,7 +42,7 @@ description: Creating accounts online is practically an internet necessity, take
#### 이메일 별칭
-실제 이메일 주소를 서비스에 노출하지 않고자 하는 경우 이메일 별칭을 사용할 수 있습니다. (이메일 별칭 관련 자세한 내용은 이메일 서비스 권장 목록 페이지를 참고하세요.) 이메일 별칭 서비스를 사용하면 주요 이메일 주소로 모든 이메일이 전달되는 새로운 이메일 주소를 만들 수 있습니다. 서비스 간 추적을 방지하고, 가입 과정에서 따라온 마케팅 이메일을 관리하는 데에 유용합니다. 어떤 별칭으로 보내졌는지에 따라 자동으로 분류되기 때문입니다.
+실제 이메일 주소를 서비스에 노출하지 않고자 하는 경우 이메일 별칭을 사용할 수 있습니다. (이메일 별칭 관련 자세한 내용은 이메일 서비스 권장 목록 페이지를 참고하세요.) 이메일 별칭 서비스를 사용하면 주요 이메일 주소로 모든 이메일이 전달되는 새로운 이메일 주소를 만들 수 있습니다. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. 어떤 별칭으로 보내졌는지에 따라 자동으로 분류되기 때문입니다.
서비스가 해킹당할 경우, 가입한 이메일 주소로 피싱/스팸 메일이 올 수 있습니다. 서비스마다 고유한 별칭을 사용하면 어떤 서비스가 해킹당했는지 식별 가능합니다.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
전화번호 입력이 필수적인 서비스를 가입하는 것은 피하는 것이 좋습니다. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-가능하다면, 실제 전화번호를 제공하지 않는 것이 좋습니다. VoIP 번호를 사용할 수 있는 일부 서비스도 있지만, 사기 탐지 시스템에 의해 계정이 잠기는 경우가 많기 때문에 중요한 계정에 VoIP 번호를 사용하는 것은 권장드리지 않습니다.
+가능하다면, 실제 전화번호를 제공하지 않는 것이 좋습니다. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
대부분의 경우, 문자나 전화를 실제로 받을 수 있는 번호를 제공해야 합니다. 대표적으로 해외 직구 시에는 세관에서 문제가 발생할 경우를 대비해야 합니다. 서비스에서는 전화번호가 인증 수단의 역할을 하는 것이 일반적이니, 교묘하게 가짜 번호를 입력했다가 중요 계정이 차단되는 일이 없도록 주의하세요!
diff --git a/i18n/ko/basics/account-deletion.md b/i18n/ko/basics/account-deletion.md
index 84e9ebdd..fe22de66 100644
--- a/i18n/ko/basics/account-deletion.md
+++ b/i18n/ko/basics/account-deletion.md
@@ -27,7 +27,7 @@ description: 온라인 계정은 어느새 잔뜩 쌓여 있기 마련입니다.
### 이메일
-비밀번호 관리자를 사용한 적이 없거나 등록하지 않은 계정이 있는 경우, 가입하는 데에 사용했을 법한 이메일 계정에서 검색해보는 방법이 있습니다. 이메일 클라이언트에서 '환영합니다', '인증', '확인' 같은 키워드를 검색해보세요. 거의 모든 서비스는 계정 생성 시에 인증 링크나 소개 메시지를 이메일로 보냅니다. 이를 이용하면 잊어버린 오래된 계정을 찾을 수 있습니다.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. 이메일 클라이언트에서 '환영합니다', '인증', '확인' 같은 키워드를 검색해보세요. 거의 모든 서비스는 계정 생성 시에 인증 링크나 소개 메시지를 이메일로 보냅니다. 이를 이용하면 잊어버린 오래된 계정을 찾을 수 있습니다.
## 오래된 계정 삭제하기
@@ -39,7 +39,7 @@ description: 온라인 계정은 어느새 잔뜩 쌓여 있기 마련입니다.
### GDPR (EEA 거주자만 해당)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. EEA 거주자이신 경우, 해당 서비스의 프라이버시 정책(개인정보 처리방침)을 읽고 삭제권을 행사하는 방법을 찾아보세요. 일부 서비스는 '계정 삭제' 옵션이 계정을 비활성화할 뿐 실제 삭제를 위해서는 추가 조치가 필요하기에, 프라이버시 정책을 읽어보는 것은 중요합니다. 실제로 데이터를 삭제하려면 설문을 작성해야 하거나, 해당 서비스 데이터 보호 책임자에게 이메일을 보내야 하거나, EEA 거주자임을 증명해야 하는 경우도 있습니다. 따라서, 이 방법을 사용하고자 한다면 계정 정보 덮어쓰기를 해선 **안** 됩니다. EEA 거주자 신원이 필요할 수도 있기 때문입니다. 알아두실 점은, GDPR은 서비스 업체 위치에 무관하게 적용된다는 것입니다. GDPR은 유럽 사용자를 고객으로 삼는 서비스라면 모두 적용됩니다. 만약 서비스가 EEA 거주자의 삭제권을 존중하지 않는 경우, 여러분은 자기 나라의 [데이터 보호 기관](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en)에 연락하시면 됩니다(금전적 보상을 받을 수도 있습니다).
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. EEA 거주자이신 경우, 해당 서비스의 프라이버시 정책(개인정보 처리방침)을 읽고 삭제권을 행사하는 방법을 찾아보세요. 일부 서비스는 '계정 삭제' 옵션이 계정을 비활성화할 뿐 실제 삭제를 위해서는 추가 조치가 필요하기에, 프라이버시 정책을 읽어보는 것은 중요합니다. 실제로 데이터를 삭제하려면 설문을 작성해야 하거나, 해당 서비스 데이터 보호 책임자에게 이메일을 보내야 하거나, EEA 거주자임을 증명해야 하는 경우도 있습니다. 따라서, 이 방법을 사용하고자 한다면 계정 정보 덮어쓰기를 해선 **안** 됩니다. EEA 거주자 신원이 필요할 수도 있기 때문입니다. 알아두실 점은, GDPR은 서비스 업체 위치에 무관하게 적용된다는 것입니다. GDPR은 유럽 사용자를 고객으로 삼는 서비스라면 모두 적용됩니다. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### 계정 정보 덮어쓰기
diff --git a/i18n/ko/basics/common-misconceptions.md b/i18n/ko/basics/common-misconceptions.md
index aa905fda..f42946dd 100644
--- a/i18n/ko/basics/common-misconceptions.md
+++ b/i18n/ko/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "복잡할수록 좋다"
-간혹 위협 모델을 지나치게 복잡하게 만드는 사람들을 볼 수 있습니다. 이런 솔루션들은 너무 많은 이메일 계정들이나 복잡한 설정과 같은 문제점을 지니고 있을 수 있습니다. The replies are usually answers to "What is the best way to do *X*?"
+간혹 위협 모델을 지나치게 복잡하게 만드는 사람들을 볼 수 있습니다. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
자신에게 최고인 솔루션은 수십가지의 조건하에서도 작동하는 것을 가리키는 것이 아닙니다. 이런 솔루션들은 대개 현실적으로 사용하기 어렵습니다. 앞서 설명한 것과 같이, 보안과 편의성은 서로 반대되는 관계를 가집니다. Below, we provide some tips:
1. ==행동은 목적을 가지고 이루어져야 합니다.== 최소한의 노력으로 목적을 달성하는 방법을 생각해보세요.
2. ==자신의 의지력에 의존하지 마세요.== 사람은 실패하고, 지치고, 깜박하기 마련입니다. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ko/basics/common-threats.md b/i18n/ko/basics/common-threats.md
index 113c733f..ad43c933 100644
--- a/i18n/ko/basics/common-threats.md
+++ b/i18n/ko/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: 위협 모델은 개개인마다 다르지만, 이 사이트의 방문자 대부분이 관심을 가질 사항입니다.
---
-전반적으로, Privacy Guides의 권장 목록은 대부분의 사람들에게 적용되는 [위협](threat-modeling.md) 혹은 목표로 분류됩니다. 여러분이 사용하는 툴 및 서비스는 여러분의 목표에 따라 달라지며, ==이러한 위협 가능성에 대한 관심도는 사람마다 다를 수 있습니다.== 혹시나 여기에 정리되지 않은 종류의 위협을 겪고 있더라도 상관 없습니다! 핵심은 '사용하기로 선택한 툴의 장단점을 이해하는 것' 입니다. 모든 위협으로부터 여러분을 완벽히 보호할 수 있는 툴은 존재하지 않기 때문입니다.
+전반적으로, Privacy Guides의 권장 목록은 대부분의 사람들에게 적용되는 [위협](threat-modeling.md) 혹은 목표로 분류됩니다. 여러분이 사용하는 툴 및 서비스는 여러분의 목표에 따라 달라지며, ==이러한 위협 가능성에 대한 관심도는 사람마다 다를 수 있습니다.== You may have specific threats outside these categories as well, which is perfectly fine! 핵심은 '사용하기로 선택한 툴의 장단점을 이해하는 것' 입니다. 모든 위협으로부터 여러분을 완벽히 보호할 수 있는 툴은 존재하지 않기 때문입니다.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Avoiding censored access to information or being censored yourself when speaking
일반적으로 모바일 운영 체제는 데스크톱 운영 체제보다 애플리케이션 샌드박스 기능이 뛰어납니다. 모바일 운영체제에서는 앱이 루트 권한을 얻을 수 없고, 시스템 리소스에 접근하려면 권한이 필요합니다.
-데스크톱 운영 체제는 보통 적절한 샌드박스 기능 면에서 뒤처집니다. ChromeOS는 Android와 유사한 샌드박스 기능을 제공하며, macOS는 전체 시스템 권한 제어 기능을 제공합니다(개발자는 애플리케이션의 샌드박스를 적용 여부를 선택할 수 있습니다). 하지만 이러한 운영 체제는 식별 정보를 각 OEM에 전송합니다. Linux는 대체로 시스템 공급 업체에 정보를 보내지 않지만, 취약점 및 악성 앱으로부터의 보호 기능은 미흡합니다. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+데스크톱 운영 체제는 보통 적절한 샌드박스 기능 면에서 뒤처집니다. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). 하지만 이러한 운영 체제는 식별 정보를 각 OEM에 전송합니다. Linux는 대체로 시스템 공급 업체에 정보를 보내지 않지만, 취약점 및 악성 앱으로부터의 보호 기능은 미흡합니다. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
-E2EE를 적용하더라도 여전히 서비스 제공 업체는 (일반적으로 보호되지 않는) **메타데이터**에 기반하여 여러분의 정보를 수집하고 프로파일링할 수 있습니다. 서비스 제공 업체는 여러분의 메시지를 읽을 수는 없지만, 여러분이 누구와 대화하는지, 얼마나 자주 메시지를 주고받는지, 주로 언제 활동하는지 등 중요한 정보를 관찰 가능합니다. 메타데이터에도 보호가 적용되는 경우는 매우 드뭅니다. 만약 여러분의 [위협 모델](threat-modeling.md)이 메타데이터 보호 또한 필요로 한다면, 사용하는 소프트웨어의 기술 문서를 주의 깊게 확인하여 메타데이터 최소화 혹은 보호가 존재하는지 살펴봐야 합니다.
+E2EE를 적용하더라도 여전히 서비스 제공 업체는 (일반적으로 보호되지 않는) **메타데이터**에 기반하여 여러분의 정보를 수집하고 프로파일링할 수 있습니다. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. 메타데이터에도 보호가 적용되는 경우는 매우 드뭅니다. 만약 여러분의 [위협 모델](threat-modeling.md)이 메타데이터 보호 또한 필요로 한다면, 사용하는 소프트웨어의 기술 문서를 주의 깊게 확인하여 메타데이터 최소화 혹은 보호가 존재하는지 살펴봐야 합니다.
## 대중 감시 프로그램
@@ -156,7 +156,7 @@ E2EE를 적용하더라도 여전히 서비스 제공 업체는 (일반적으로
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
대중 사이에서, 사기업의 추적 및 감시에 대한 우려는 점점 더 커지고 있습니다. Pervasive 광고 네트워크는(Google, Facebook이 운영하는 광고가 이에 해당) 해당 업체의 사이트뿐만 아니라 인터넷 전반에 퍼져서 여러분의 행동을 추적하고 있습니다. 콘텐츠 차단기 등의 툴을 써서 광고 네트워크 요청을 제한하고, 서비스의 프라이버시 정책을 꼼꼼히 읽으면 (추적을 완전히 방지할 수는 없지만) 기본적인 적들을 피하는 데에 도움이 됩니다.[^4]
-*AdTech* 혹은 추적 산업 이외의 회사라 할지라도, (Cambridge Analytica, Experian, Datalogix 등) [데이터 브로커(Data Broker)](https://en.wikipedia.org/wiki/Information_broker) 같은 업체와 여러분의 데이터를 공유할 수 있습니다. 여러분이 사용 중인 서비스가 일반적인 AdTech/추적 비즈니스 모델에 속하지 않는다고 해서 여러분의 데이터가 안전하다고 할 수는 없습니다. 기업 데이터 수집을 방어하는 가장 강력한 방법은 가능한 한 여러분의 데이터를 암호화하거나 난독화하는 것입니다. 업체들 사이에서 데이터의 상관성을 알아내기 어려워지기 때문에, 여러분에 대한 프로필을 구축하기 어려워집니다.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. 여러분이 사용 중인 서비스가 일반적인 AdTech/추적 비즈니스 모델에 속하지 않는다고 해서 여러분의 데이터가 안전하다고 할 수는 없습니다. 기업 데이터 수집을 방어하는 가장 강력한 방법은 가능한 한 여러분의 데이터를 암호화하거나 난독화하는 것입니다. 업체들 사이에서 데이터의 상관성을 알아내기 어려워지기 때문에, 여러분에 대한 프로필을 구축하기 어려워집니다.
## 정보 공개 제한
diff --git a/i18n/ko/basics/email-security.md b/i18n/ko/basics/email-security.md
index 7f0f4429..d1f45c13 100644
--- a/i18n/ko/basics/email-security.md
+++ b/i18n/ko/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### E2EE 지원 이메일 클라이언트는 무엇인가요?
-IMAP, SMTP 등 표준 접속 프로토콜을 사용할 수 있는 이메일 제공 업체는 [권장 이메일 클라이언트](../email-clients.md)와 함께 사용할 수 있습니다. 인증 방법에 따라서, 이메일 제공 업체/클라이언트가 OATH를 지원하지 않거나 브리지 애플리케이션을 지원하지 않는 경우, 단순 비밀번호 인증으로는 [다중 인증](multi-factor-authentication.md)이 불가능하므로 보안이 저하될 수 있습니다.
+IMAP, SMTP 등 표준 접속 프로토콜을 사용할 수 있는 이메일 제공 업체는 [권장 이메일 클라이언트](../email-clients.md)와 함께 사용할 수 있습니다. Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### 개인 키를 어떻게 보호해야 하나요?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. 암호화된 메일 내용은 스마트카드에서 복호화되며, 복호화된 내용이 스마트카드로부터 기기로 전달됩니다.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## 이메일 메타데이터 개요
@@ -49,4 +49,4 @@ It is advantageous for the decryption to occur on the smartcard to avoid possibl
### 메타데이터는 종단 간 암호화를 적용할 수 없나요?
-이메일 메타데이터는 이메일의 가장 기본적인 기능(어디에서 왔는지, 어디로 가야하는지 등)에 매우 중요한 역할을 합니다. 이메일 프로토콜에는 본래 E2EE가 내장되지 않았기 때문에, OpenPGP 등의 애드온 소프트웨어가 필요합니다. 그러나 OpenPGP 메시지는 여전히 기존 이메일 제공 업체와도 작동해야 합니다. 따라서 메시지 본문은 암호화할 수 있으나, 메타데이터는 암호화할 수 없습니다. 따라서, OpenPGP를 사용하더라도 외부 관찰자는 이메일 수신자, 제목, 이메일 작성 시간 등 여러 정보를 볼 수 있습니다.
+이메일 메타데이터는 이메일의 가장 기본적인 기능(어디에서 왔는지, 어디로 가야하는지 등)에 매우 중요한 역할을 합니다. 이메일 프로토콜에는 본래 E2EE가 내장되지 않았기 때문에, OpenPGP 등의 애드온 소프트웨어가 필요합니다. 그러나 OpenPGP 메시지는 여전히 기존 이메일 제공 업체와도 작동해야 합니다. 따라서 메시지 본문은 암호화할 수 있으나, 메타데이터는 암호화할 수 없습니다. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/ko/basics/hardware.md b/i18n/ko/basics/hardware.md
index 5c899703..cb3560fa 100644
--- a/i18n/ko/basics/hardware.md
+++ b/i18n/ko/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/ko/basics/multi-factor-authentication.md b/i18n/ko/basics/multi-factor-authentication.md
index ec7c2703..b2ce7d94 100644
--- a/i18n/ko/basics/multi-factor-authentication.md
+++ b/i18n/ko/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "다중 인증"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA는 온라인 계정을 보호하는 데에 있어서 중요한 보안 메커니즘이지만, 방식에 따라 보안성은 달라집니다.
---
-**다중 인증**(**MFA**, Multi-Factor Authentication)은 사용자 이름(혹은 이메일)과 비밀번호 입력 외에도 추가 단계를 거치는 보안 방식입니다. 가장 흔히 볼 수 있는 예시로는 문자 메시지나 앱으로 받는 시간 제한 인증 코드가 대표적입니다.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. 가장 흔히 볼 수 있는 예시로는 문자 메시지나 앱으로 받는 시간 제한 인증 코드가 대표적입니다.
보통, 해커/공격자가 여러분의 비밀번호를 알아내는 순간 해당 계정은 뚫립니다. 하지만 해당 계정이 MFA를 사용하고 있다면, 해커는 (여러분의 *머릿속에* 있는) 비밀번호 뿐만 아니라 (여러분의 *손에* 들려있는 휴대폰 등) 기기 또한 탈취해야 합니다.
@@ -26,7 +26,7 @@ SMS나 이메일로 OTP 코드를 받는 방식은 MFA를 통한 계정 보호
### TOTP(시간 기반 일회용 비밀번호)
-TOTP(시간 기반 일회용 비밀번호, Time-based One-time Password)는 널리 쓰이는 MFA 방식 중 하나입니다. 일반적으로 TOTP 설정은 사용하고자 하는 서비스에서 [QR 코드](https://ko.wikipedia.org/wiki/QR_%EC%BD%94%EB%93%9C)를 스캔하여 '[공유 비밀(Shared Secret)](https://en.wikipedia.org/wiki/Shared_secret)'을 설정하는 방식으로 이루어집니다. 공유 비밀은 인증 앱의 데이터 내부에서 보호되며, 간혹 비밀번호로 보호되는 경우도 있습니다.
+TOTP(시간 기반 일회용 비밀번호, Time-based One-time Password)는 널리 쓰이는 MFA 방식 중 하나입니다. 일반적으로 TOTP 설정은 사용하고자 하는 서비스에서 [QR 코드](https://ko.wikipedia.org/wiki/QR_%EC%BD%94%EB%93%9C)를 스캔하여 '[공유 비밀(Shared Secret)](https://en.wikipedia.org/wiki/Shared_secret)'을 설정하는 방식으로 이루어집니다. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
시간 제한 코드는 공유 비밀과 현재 시간 정보를 기반으로 만들어집니다. 코드는 짧은 시간 동안만 유효하므로 공격자는 공유 비밀에 접근하지 않고서는 새로운 코드를 생성할 수 없습니다.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2, WebAuthn은 여타 MFA 방식에 비해 보안성과 프라이버시 면에서 우월합니다.
-일반적으로 웹 서비스에서는 [W3C 권고안](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))의 일부인 WebAuthn을 사용합니다. WebAuthn은 공개 키 인증을 사용하며 인증 시 출처(보통은 도메인 이름)를 포함하므로, Yubico OTP나 TOTP 방식에 사용되는 공유 비밀보다 안전합니다. 또한 WebAuthn의 증명(Attestation)은 사용자가 현재 위조된 것이 아닌 실제 서비스를 사용하고 있는지를 확인하는 데에 도움이 되어 여러분을 피싱 공격으로부터 보호합니다.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). WebAuthn은 공개 키 인증을 사용하며 인증 시 출처(보통은 도메인 이름)를 포함하므로, Yubico OTP나 TOTP 방식에 사용되는 공유 비밀보다 안전합니다. 또한 WebAuthn의 증명(Attestation)은 사용자가 현재 위조된 것이 아닌 실제 서비스를 사용하고 있는지를 확인하는 데에 도움이 되어 여러분을 피싱 공격으로부터 보호합니다.
Yubico OTP와는 달리 WebAuthn은 공개 ID를 사용하지 않기 때문에, 키를 기반으로 여러 사이트에서 누군가를 식별하는 것이 **불가능합니다**. 인증 과정에 제3자 클라우드 서버를 사용하지도 않습니다. 모든 통신은 키와 (로그인하고자 하는) 웹사이트 간에서만 이루어집니다. FIDO는 사용할 때마다 카운터가 증가하는 방식을 사용하기 때문에, 세션 재사용이나 키 복제가 방지됩니다.
@@ -116,15 +116,15 @@ SMS로 MFA를 사용할 경우에는 [SIM 스와핑 사기](https://en.wikipedia
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/ko/basics/passwords-overview.md b/i18n/ko/basics/passwords-overview.md
index 79780243..e2bbadbe 100644
--- a/i18n/ko/basics/passwords-overview.md
+++ b/i18n/ko/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: These are some tips and tricks on how to create the strongest passw
비밀번호 관리자의 마스터 비밀번호처럼 머릿속에 외워둬야 하는 비밀번호는 유출이 발생했다고 판단되지 않는 한 자주 변경하지 않는 편이 좋습니다. 잊어버릴 위험성이 높아지기 때문입니다.
-비밀번호 관리자 내에서 관리하는 비밀번호 등, 직접 외울 필요가 없는 비밀번호는 여러분의 [위협 모델](threat-modeling.md)에 따라 중요한 계정(특히 다중 인증을 사용하지 않는 계정)은 아직 공개되지 않은 데이터 유출이 발생했을 경우를 대비해 몇 달마다 비밀번호를 변경할 것을 권장합니다. 대부분의 비밀번호 관리자는 비밀번호 만료일 설정 기능을 제공하기 때문에 더욱 관리하기 쉽습니다.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. 대부분의 비밀번호 관리자는 비밀번호 만료일 설정 기능을 제공하기 때문에 더욱 관리하기 쉽습니다.
Checking for data breaches
@@ -54,13 +54,13 @@ description: These are some tips and tricks on how to create the strongest passw
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. 다른 단어 목록을 사용할 경우에는 주사위를 굴려야 하는 횟수 혹은 동일한 엔트로피를 달성하기 위해 필요한 단어의 양이 달라질 수 있습니다.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. 6면체 주사위를 5번 굴려서 각 주사위를 굴릴 때마다 숫자를 적습니다.
-2. 예를 들어, `2-5-2-6-6`가 나왔다고 가정해 보겠습니다. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. 예를 들어, `2-5-2-6-6`가 나왔다고 가정해 보겠습니다. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. `encrypt` 단어를 찾았습니다. 이 단어를 받아 적습니다.
@@ -75,25 +75,25 @@ These instructions assume that you are using [EFF's large wordlist](https://eff.
실물 주사위가 없거나 사용하고 싶지 않은 경우, 비밀번호 관리자에 내장된 비밀번호 생성기를 사용하면 됩니다. 대부분의 비밀번호 관리자는 일반적인 패스워드 방식뿐만 아니라 다이스웨어 패스프레이즈도 지원합니다.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. 영어 외 언어로 패스프레이즈를 생성하고자 하시는 경우 [다른 언어 단어 목록](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline)도 있습니다.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
평균적으로, 누군가의 패스프레이즈를 알아맞히려면 가능한 모든 조합의 50%를 시도해야만 합니다. 이 점을 고려하여 계산해보면 공격자가 만약 초당 1,000,000,000,000번 시도한다고 가정해도 여러분의 패스프레이즈를 알아맞히는 데에는 27,255,689년이 걸립니다. 심지어 이는 다음 조건을 충족하는 경우의 이야기입니다:
- 여러분이 다이스웨어 방식을 사용했다는 점을 공격자가 알고 있습니다.
-- 여러분이 어떤 단어 목록을 활용했는지를 공격자가 알고 있습니다.
+- Your adversary knows the specific word list that you used.
- 여러분의 패스프레이즈 단어 개수를 공격자가 알고 있습니다.
@@ -113,7 +113,7 @@ Let's put all of this in perspective: A seven word passphrase using [EFF's large
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
TOTP 토큰과 비밀번호를 한 곳에서 관리하면 편리하지만, 만약 공격자가 여러분의 비밀번호 관리자에 접근 가능할 경우 다중 인증은 무용지물이 됩니다.
diff --git a/i18n/ko/basics/threat-modeling.md b/i18n/ko/basics/threat-modeling.md
index 1dd10e24..4ab8c045 100644
--- a/i18n/ko/basics/threat-modeling.md
+++ b/i18n/ko/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: 보안, 프라이버시, 사용성 간의 균형 조절은 프라
먼저, 여러분 개인 및 여러분의 정보를 목표삼을 만한 상대가 누구인지 인지하는 것이 중요합니다. ==자산에 위협을 가하는 사람이나 단체를 '공격자'라고 합니다.== 잠재적 공격자의 예로는 상사, 전 파트너, 비즈니스 경쟁사, 국가의 정부, 공용 네트워크의 해커 등이 있습니다.
-*공격자 또는 여러분의 자산을 손에 넣으려는 사람들의 목록을 정리하세요. 목록에는 개인, 정부 기관, 법인 등이 포함될 수 있습니다.*
+*Make a list of your adversaries or those who might want to get hold of your assets. 목록에는 개인, 정부 기관, 법인 등이 포함될 수 있습니다.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/ko/browser-extensions.md b/i18n/ko/browser-extensions.md
index ffc585a9..db5cd186 100644
--- a/i18n/ko/browser-extensions.md
+++ b/i18n/ko/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/ko/calendar.md b/i18n/ko/calendar.md
index 25d6a7f9..cc7262a7 100644
--- a/i18n/ko/calendar.md
+++ b/i18n/ko/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
여러 캘린더 및 확장된 공유 기능은 유료 구독자 전용입니다.
diff --git a/i18n/ko/cloud.md b/i18n/ko/cloud.md
index 3749b21a..ff335358 100644
--- a/i18n/ko/cloud.md
+++ b/i18n/ko/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## 평가 기준
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- 종단 간 암호화가 적용되어야 합니다.
- 테스트용 무료 요금제/체험판 기간을 제공해야 합니다.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 기본적인 파일 관리 기능을 지원하는 웹 인터페이스를 제공해야 합니다.
- 모든 파일/문서를 쉽게 내보낼 수 있어야 합니다.
diff --git a/i18n/ko/cryptocurrency.md b/i18n/ko/cryptocurrency.md
index fa7140e3..c18e0bf2 100644
--- a/i18n/ko/cryptocurrency.md
+++ b/i18n/ko/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## 평가 기준
diff --git a/i18n/ko/data-broker-removals.md b/i18n/ko/data-broker-removals.md
index 7fb140cd..e974945c 100644
--- a/i18n/ko/data-broker-removals.md
+++ b/i18n/ko/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/ko/desktop-browsers.md b/i18n/ko/desktop-browsers.md
index 1ad4aa49..11a5958c 100644
--- a/i18n/ko/desktop-browsers.md
+++ b/i18n/ko/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad 브라우저는 항상 사생활 보호 모드로 작동하므로 방문
### Mullvad Leta
-Mullvad 브라우저는 DuckDuckGo가 기본 [검색 엔진](search-engines.md)으로 설정되어 있지만, Mullvad VPN 구독 시 사용 가능한 **Mullvad Leta** 검색 엔진도 기본 설치되어 있습니다. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. 이러한 이유로, 저희는 Mullvad가 VPN 구독자에 대한 정보를 거의 수집하지 않는다는 점을 알고 있음에도 불구하고 Mullvad Leta 사용을 권장하지 않습니다.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. 이러한 이유로, 저희는 Mullvad가 VPN 구독자에 대한 정보를 거의 수집하지 않는다는 점을 알고 있음에도 불구하고 Mullvad Leta 사용을 권장하지 않습니다.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox는 사용자의 Firefox 버전 및 언어, 기기 운영 체제 및 하드웨어 구성, 메모리, 충돌 및 오류에 대한 기본 정보, 업테이트 및 세이프 브라우징 같은 자동화 프로세스의 결과, 활성화 여부 등의 데이터를 당사(Mozilla)로 전송합니다. Firefox가 당사에 데이터를 전송할 때 사용자의 IP 주소는 당사 서버 로그의 일부로 일시적으로 수집됩니다.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. [accounts.firefox.com 프로필 설정](https://accounts.firefox.com/settings#data-collection) 열기
2. **데이터 수집 및 사용** > **Firefox 계정 개선에 참여** 비활성화
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] **모든 창에서 HTTPS 전용 모드 사용** 활성화
-의도치 않게 일반 텍스트 HTTP로 웹사이트에 연결되는 것을 방지합니다. 최근에는 대부분의 사이트가 HTTPS를 지원하므로, 일상적인 웹 탐색에는 크게 영향을 미치지 않습니다.
+의도치 않게 일반 텍스트 HTTP로 웹사이트에 연결되는 것을 방지합니다. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/ko/desktop.md b/i18n/ko/desktop.md
index 3f488f2e..c34cab7b 100644
--- a/i18n/ko/desktop.md
+++ b/i18n/ko/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS는 재현성과 안전성에 중점을 둔 Nix 패키지 관리자를 기
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/ko/device-integrity.md b/i18n/ko/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/ko/device-integrity.md
+++ b/i18n/ko/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/ko/dns.md b/i18n/ko/dns.md
index 9e3f70dc..c8f730fd 100644
--- a/i18n/ko/dns.md
+++ b/i18n/ko/dns.md
@@ -75,7 +75,7 @@ Pi-hole은 라즈베리 파이에서 호스팅되도록 설계되었지만, 그
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/ko/document-collaboration.md b/i18n/ko/document-collaboration.md
index c0188a55..f02a0f7d 100644
--- a/i18n/ko/document-collaboration.md
+++ b/i18n/ko/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
평가 기준에서 '우대 사항'은 해당 부문에서 완벽한 프로젝트에 기대하는 바를 나타냅니다. 다음의 우대 사항에 해당하지 않더라도 권장 목록에 포함될 수 있습니다. 단, 우대 사항에 해당할수록 이 페이지의 다른 항목보다 높은 순위를 갖습니다.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/ko/email-aliasing.md b/i18n/ko/email-aliasing.md
index 64737d2b..782a6cea 100644
--- a/i18n/ko/email-aliasing.md
+++ b/i18n/ko/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/ko/email.md b/i18n/ko/email.md
index 870eeefd..fd709332 100644
--- a/i18n/ko/email.md
+++ b/i18n/ko/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail**은 프라이버시, 암호화, 보안, 사용 편의성에 중점을 둔 이메일 서비스입니다. They have been in operation since 2013. Proton AG 본사는 스위스 제네바에 위치하고 있습니다. Proton Mail 무료 요금제에는 500MB의 메일 저장 용량이 제공되며, 최대 1GB까지 무료로 늘릴 수 있습니다.
+**Proton Mail**은 프라이버시, 암호화, 보안, 사용 편의성에 중점을 둔 이메일 서비스입니다. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail은 일반 신용/직불 카드, [비트코인](advanced/payments.md#
#### :material-check:{ .pg-green } 계정 보안
-Proton Mail은 TOTP [이중 인증](https://proton.me/support/two-factor-authentication-2fa), FIDO2/U2F 표준 [하드웨어 보안 키](https://proton.me/support/2fa-security-key)를 지원합니다. 하드웨어 보안 키를 사용하려면 먼저 TOTP 이중 인증을 설정해야 합니다.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } 데이터 보안
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } 추가 기능
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail은 디지털 유산 상속 기능을 제공하지 않습니다.
@@ -127,7 +127,7 @@ Proton Mail은 디지털 유산 상속 기능을 제공하지 않습니다.
{ align=right }
-**Mailbox.org**는 100% 친환경 에너지로 작동되는 안전하고, 광고가 없는 비공개 중점 이메일 서비스입니다. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org**는 100% 친환경 에너지로 작동되는 안전하고, 광고가 없는 비공개 중점 이메일 서비스입니다. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org는 고유 도메인을 사용할 수 있으며, [캐치올](https://
#### :material-check:{ .pg-green } 비공개 결제 수단
-Mailbox.org는 BitPay 결제 처리업체가 독일에서 운영을 중단함에 따라 어떠한 암호화폐도 받지 않습니다. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org는 BitPay 결제 처리업체가 독일에서 운영을 중단함에 따라 어떠한 암호화폐도 받지 않습니다. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } 계정 보안
-Mailbox.org는 웹메일에만 [2단계 인증을](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) 지원합니다. [YubiCloud](https://yubico.com/products/services-software/yubicloud)를 통해 TOTP 또는 [YubiKey](https://en.wikipedia.org/wiki/YubiKey) 를 사용할 수 있습니다. [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) 등의 웹 표준은 아직 지원되지 않습니다.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. [YubiCloud](https://yubico.com/products/services-software/yubicloud)를 통해 TOTP 또는 [YubiKey](https://en.wikipedia.org/wiki/YubiKey) 를 사용할 수 있습니다. [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) 등의 웹 표준은 아직 지원되지 않습니다.
#### :material-information-outline:{ .pg-blue } 데이터 보안
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } 추가 기능
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Onion 서비스를 통한 웹메일 인터페이스 접근은 불가능하며, TLS 인증서 오류가 발생할 수 있습니다.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ Mailbox.org는 모든 플랜에 디지털 유산 상속 기능을 제공합니
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } 비공개 결제 수단
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } 계정 보안
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } 데이터 보안
@@ -297,7 +297,7 @@ Tuta doesn't offer a digital legacy feature.
**최소 요구 사항:**
- Zero Access Encryption을 통해 이메일 계정 데이터를 암호화해야 합니다.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- 사용자가 자신의 [도메인 이름](https://en.wikipedia.org/wiki/Domain_name)을 사용할 수 있어야 합니다. 사용자 지정 도메인 이름은 서비스가 부실해지거나 프라이버시 보호를 우선시하지 않는 다른 회사에 인수되는 경우에도 에이전시를 유지할 수 있도록 해주기 때문에 사용자에게 중요합니다.
- 자체 인프라에서 운영되어야 합니다. 다른 이메일 서비스 제공 업체의 인프라를 기반으로 만들어진 서비스여선 안 됩니다.
diff --git a/i18n/ko/encryption.md b/i18n/ko/encryption.md
index c6accce1..ca28c5dc 100644
--- a/i18n/ko/encryption.md
+++ b/i18n/ko/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt는 [여러 차례 감사 받은 이력이 있으며](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), VeraCrypt 또한 [별도 감사](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit)를 받았습니다.
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form
{ align=right }
-**FileVault**는 macOS에 기본 내장된, 즉시 사용 가능한 볼륨 암호화 솔루션입니다. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault**는 macOS에 기본 내장된, 즉시 사용 가능한 볼륨 암호화 솔루션입니다. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/ko/file-sharing.md b/i18n/ko/file-sharing.md
index a435e187..52547c5f 100644
--- a/i18n/ko/file-sharing.md
+++ b/i18n/ko/file-sharing.md
@@ -13,7 +13,7 @@ cover: file-sharing.webp
## 파일 공유
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/ko/frontends.md b/i18n/ko/frontends.md
index 299f2b39..2ac83b16 100644
--- a/i18n/ko/frontends.md
+++ b/i18n/ko/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/ko/index.md b/i18n/ko/index.md
index 509c6c85..98a0795b 100644
--- a/i18n/ko/index.md
+++ b/i18n/ko/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG 본사는 스위스 제네바에 위치하고 있습니다. Proton Mail 무료 요금제에는 500MB의 메일 저장 용량이 제공되며, 최대 1GB까지 무료로 늘릴 수 있습니다.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/ko/meta/brand.md b/i18n/ko/meta/brand.md
index 489bc199..33c871ae 100644
--- a/i18n/ko/meta/brand.md
+++ b/i18n/ko/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-서브레딧 명칭은 **r/PrivacyGuides** 혹은 **the Privacy Guides Subreddit**입니다.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
추가 브랜드 가이드라인은 [github.com/privacyguides/brand](https://github.com/privacyguides/brand)에서 확인하실 수 있습니다.
diff --git a/i18n/ko/meta/translations.md b/i18n/ko/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/ko/meta/translations.md
+++ b/i18n/ko/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/ko/meta/uploading-images.md b/i18n/ko/meta/uploading-images.md
index ddcf9bc8..def2722b 100644
--- a/i18n/ko/meta/uploading-images.md
+++ b/i18n/ko/meta/uploading-images.md
@@ -48,7 +48,7 @@ Inkscape에서 다음과 같이 진행합니다.
- [ ] **XML 선언 제거하기**(Remove the XML declaration) 비활성화
- [x] **메타데이터 제거하기**(Remove metadata) 활성화
- [x] **주석 제거하기**(Remove comments) 활성화
-- [x] **래스터 이미지 끼워넣기**(Embeded raster images) 활성화
+- [x] Turn on **Embedded raster images**
- [x] **보기상자 활성화**(Enable viewboxing) 활성화
**SVG 출력**(SVG Output) - **멋을 낸 인쇄물**(Pretty-printing):
diff --git a/i18n/ko/meta/writing-style.md b/i18n/ko/meta/writing-style.md
index 2e3babdf..d6e138ec 100644
--- a/i18n/ko/meta/writing-style.md
+++ b/i18n/ko/meta/writing-style.md
@@ -64,7 +64,7 @@ Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a
## 간결하게 작성하세요
-> 불필요한 단어는 청중의 시간을 낭비합니다. 훌륭한 글쓰기는 대화와 같습니다. 청중에게 있어서 불필요한 정보는 생략하세요. 이는 어떤 주제의 전문가로서는 어려울 수도 있지만, 중요한 것은 청중의 관점에서 정보를 살펴보는 것입니다.
+> 불필요한 단어는 청중의 시간을 낭비합니다. 훌륭한 글쓰기는 대화와 같습니다. 청중에게 있어서 불필요한 정보는 생략하세요. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/ko/mobile-browsers.md b/i18n/ko/mobile-browsers.md
index a9cc2438..7270c38f 100644
--- a/i18n/ko/mobile-browsers.md
+++ b/i18n/ko/mobile-browsers.md
@@ -247,7 +247,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari**는 iOS 기본 브라우저입니다. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari**는 iOS 기본 브라우저입니다. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Safari를 열고 우측 하단의 탭 버튼을 탭합니다. Then, expand the :
- [x] **개인정보 보호**를 활성화합니다.
-Safari 개인정보 보호 브라우징 모드는 추가적인 프라이버시 보호 기능을 제공합니다. 개인정보 보호 브라우징 모드는 각 탭마다 새로운 [임시](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) 세션을 사용하여, 탭을 서로 격리합니다. 개인정보 보호 브라우징 모드에서는 Safari 번역 기능 사용 시 웹페이지 주소가 Apple에 전송되지 않는 등, 프라이버시에 도움이 되는 여타 소소한 이점도 존재합니다.
+Safari 개인정보 보호 브라우징 모드는 추가적인 프라이버시 보호 기능을 제공합니다. 개인정보 보호 브라우징 모드는 각 탭마다 새로운 [임시](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) 세션을 사용하여, 탭을 서로 격리합니다. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. 이로 인해 사용이 불편할 수 있습니다.
diff --git a/i18n/ko/multi-factor-authentication.md b/i18n/ko/multi-factor-authentication.md
index 7f1e0e1c..97b1a1f8 100644
--- a/i18n/ko/multi-factor-authentication.md
+++ b/i18n/ko/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "다중 인증"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/ko/notebooks.md b/i18n/ko/notebooks.md
index e3970dee..dabb75a4 100644
--- a/i18n/ko/notebooks.md
+++ b/i18n/ko/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: 서비스 제공자/제공 업체(Service Providers)](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-여러분의 노트 내용이나 일기를 제3자가 볼 수 없도록 관리하세요.
+Keep track of your notes and journals without giving them to a third party.
현재 Evernote, Google Keep, Microsoft OneNote와 같은 애플리케이션을 사용하고 계시다면, 여기에서 E2EE를 지원하는 대체제를 선택해 보실 것을 권장드립니다.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
-**Joplin**은 기능이 완벽하게 갖춰진 무료 오픈 소스 노트 작성/할 일 관리 애플리케이션입니다. 노트북 분류와 태그로 정리하여 수많은 마크다운 노트를 관리할 수 있습니다. E2EE를 제공하며, Nextcloud, Dropbox 등을 통해 동기화 가능합니다. Evernote나 일반 텍스트 노트에서 간편하게 가져올 수 있는 기능도 제공합니다.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. E2EE를 제공하며, Nextcloud, Dropbox 등을 통해 동기화 가능합니다. Evernote나 일반 텍스트 노트에서 간편하게 가져올 수 있는 기능도 제공합니다.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee는 100MB 저장 공간을 무료로 제공하며, 유료 결제를 통해 더 많은 저장 공간을 제공합니다. 가입 시 이메일 등의 개인 식별 정보를 필요로 하지 않습니다.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. 가입 시 이메일 등의 개인 식별 정보를 필요로 하지 않습니다.
## 로컬 노트 작성
diff --git a/i18n/ko/os/android-overview.md b/i18n/ko/os/android-overview.md
index 27b5fb36..9b2711d0 100644
--- a/i18n/ko/os/android-overview.md
+++ b/i18n/ko/os/android-overview.md
@@ -84,7 +84,7 @@ Android 13:
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). 해당 라이브러리는 앱에서 [푸시 알림](https://ko.wikipedia.org/wiki/%ED%91%B8%EC%8B%9C_%EA%B8%B0%EB%B2%95)을 제공할 수 있는 [Firebase 클라우드 메시징(FCM)](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging)이 포함되어 있습니다. Bitwarden이 바로 [이러한 경우](https://fosstodon.org/@bitwarden/109636825700482007)에 해당합니다. Bitwarden에서 Google Firebase Analytics 트래커가 발견됐다는 사실이 Bitwarden에서 Google Firebase Analytics의 모든 분석 기능을 사용한다는 것을 의미하지는 않습니다.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). 해당 라이브러리는 앱에서 [푸시 알림](https://ko.wikipedia.org/wiki/%ED%91%B8%EC%8B%9C_%EA%B8%B0%EB%B2%95)을 제공할 수 있는 [Firebase 클라우드 메시징(FCM)](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging)이 포함되어 있습니다. Bitwarden이 바로 [이러한 경우](https://fosstodon.org/@bitwarden/109636825700482007)에 해당합니다. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN 킬 스위치
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. 해당 기능은 VPN 연결이 끊어졌을 때 유출이 발생하지 않도록 방지할 수 있습니다. :gear: **설정** → **네트워크 및 인터넷** → **VPN** → :gear: → **연결 차단(VPN 제외)**에서 확인할 수 있습니다.
@@ -124,7 +124,7 @@ Android 7 and above supports a VPN kill switch, and it is available without the
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. 물론, Privacy Guides에서는 '가능하다면' Google 서비스를 아예 사용하지 않거나, Shelter 등의 기기 컨트롤러와 GrapheneOS의 Sandboxed Google Play 기능을 결합해 특정 사용자/업무 프로필로 Google Play 서비스를 제한해서 사용하실 것을 권장드립니다.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### 고급 보호 프로그램
diff --git a/i18n/ko/os/ios-overview.md b/i18n/ko/os/ios-overview.md
index e7216875..82bdf98a 100644
--- a/i18n/ko/os/ios-overview.md
+++ b/i18n/ko/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/ko/os/linux-overview.md b/i18n/ko/os/linux-overview.md
index 39cd56ee..7d97c032 100644
--- a/i18n/ko/os/linux-overview.md
+++ b/i18n/ko/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[권장하는 Linux 배포판 :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- 독점 소프트웨어에 자주 따라오는 데이터 수집을 피하고 싶을 때
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/ko/os/macos-overview.md b/i18n/ko/os/macos-overview.md
index c2be4444..82ea8f23 100644
--- a/i18n/ko/os/macos-overview.md
+++ b/i18n/ko/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### 백업
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## 출처
diff --git a/i18n/ko/os/windows/group-policies.md b/i18n/ko/os/windows/group-policies.md
index 2593fe54..4e63fab6 100644
--- a/i18n/ko/os/windows/group-policies.md
+++ b/i18n/ko/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/ko/os/windows/index.md b/i18n/ko/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/ko/os/windows/index.md
+++ b/i18n/ko/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/ko/passwords.md b/i18n/ko/passwords.md
index e2b3eb10..53dcf1d3 100644
--- a/i18n/ko/passwords.md
+++ b/i18n/ko/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-i
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC는 데이터 내보내기 시 [CSV](https://en.wikipedia.org/wiki/Comm
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/ko/photo-management.md b/i18n/ko/photo-management.md
index 5deb6d18..1e39df3d 100644
--- a/i18n/ko/photo-management.md
+++ b/i18n/ko/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- 테스트용 무료 요금제/체험판 기간을 제공해야 합니다.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 기본적인 파일 관리 기능을 지원하는 웹 인터페이스를 제공해야 합니다.
- 모든 파일/문서를 쉽게 내보낼 수 있어야 합니다.
- 오픈 소스여야 합니다.
diff --git a/i18n/ko/real-time-communication.md b/i18n/ko/real-time-communication.md
index b3000b79..b3291679 100644
--- a/i18n/ko/real-time-communication.md
+++ b/i18n/ko/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## 평가 기준
diff --git a/i18n/ko/router.md b/i18n/ko/router.md
index e61a0801..78d0ad17 100644
--- a/i18n/ko/router.md
+++ b/i18n/ko/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt**는 Linux 기반 운영 체제입니다. 주로 임베디드 기기에서 네트워크 트래픽 라우터 용도로 사용됩니다. util-linux, uClibc, BusyBox 등을 포함하고 있습니다. 모든 구성 요소는 가정용 공유기(라우터)에 알맞게 최적화되어 있습니다.
+**OpenWrt**는 Linux 기반 운영 체제입니다. 주로 임베디드 기기에서 네트워크 트래픽 라우터 용도로 사용됩니다. util-linux, uClibc, BusyBox 등을 포함하고 있습니다. All the components have been optimized for home routers.
[:octicons-home-16: 홈페이지](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=문서}
diff --git a/i18n/ko/security-keys.md b/i18n/ko/security-keys.md
index 81c6bd8c..72dbe05f 100644
--- a/i18n/ko/security-keys.md
+++ b/i18n/ko/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/ko/tools.md b/i18n/ko/tools.md
index 06ba351c..cf1c9b0a 100644
--- a/i18n/ko/tools.md
+++ b/i18n/ko/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG 본사는 스위스 제네바에 위치하고 있습니다. Proton Mail 무료 요금제에는 500MB의 메일 저장 용량이 제공되며, 최대 1GB까지 무료로 늘릴 수 있습니다.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 2014년부터 운영되었습니다. Mailbox.org 본사는 독일 베를린에 위치하고 있습니다. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/ko/tor.md b/i18n/ko/tor.md
index 5ca570ea..dc1c8844 100644
--- a/i18n/ko/tor.md
+++ b/i18n/ko/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Tor를 일상에서 사용하는 사용자가 증가한다면 Tor에 대한 부정적인 이미지를 해소할 수 있고, 정부 또는 ISP가 Tor 사용자 명단을 수집하는 행위의 가치를 줄일 수 있습니다.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor 브라우저
@@ -114,11 +114,11 @@ Tor Browser를 컴퓨터에 설치해서 연결하는 방법도 있지만, [Qube
Tips for Android
-Orbot은 앱이 SOCKS/HTTP 프록시를 지원하는 경우 개별적으로 프록시를 적용하는 것도 가능합니다. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot은 앱이 SOCKS/HTTP 프록시를 지원하는 경우 개별적으로 프록시를 적용하는 것도 가능합니다. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Guardian Project [F-Droid 저장소](https://guardianproject.info/fdroid), [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)에서의 Orbot은 구버전인 경우가 많으므로, [GitHub 저장소](https://github.com/guardianproject/orbot/releases)에서 직접 다운로드하는 것을 추천드립니다.
-모든 버전은 동일한 서명을 사용하여 서명되므로 서로 호환됩니다.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/ko/vpn.md b/i18n/ko/vpn.md
index 943260ec..230328d5 100644
--- a/i18n/ko/vpn.md
+++ b/i18n/ko/vpn.md
@@ -2,7 +2,7 @@
meta_title: "비공개 VPN 서비스 권장 목록 및 각 서비스 비교 (스폰서/광고 없음) - Privacy Guides"
title: "VPN 서비스"
icon: 자료/Vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). 토렌트 애플리케이션은 대부분 NAT-PMP를 지원합니다.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). 토렌트 애플리케이션은 대부분 NAT-PMP를 지원합니다.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN은 스위스, 아이슬란드와 스웨덴에 자체 서버와 데이터 센터를 보유하고 있습니다. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN은 스위스, 아이슬란드와 스웨덴에 자체 서버와 데이터 센터를 보유하고 있습니다. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Intel 기반 Mac에서의 킬스위치 문제
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. 만약 이 기능이 필요하지만 Intel 기반 Mac을 사용하고 있다면, 다른 VPN 서비스를 사용하는 것을 추천합니다.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. 만약 이 기능이 필요하지만 Intel 기반 Mac을 사용하고 있다면, 다른 VPN 서비스를 사용하는 것을 추천합니다.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } 모바일 클라이언트
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** 투명성과 보안에 중점을 둔, 속도가 빠르면서 비싸지 않은 VPN입니다. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** 투명성과 보안에 중점을 둔, 속도가 빠르면서 비싸지 않은 VPN입니다. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ VPN은 익명성을 제공하지 않는다는 것을 인지하는 것은 매우
### 기술
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**최소 요구 사항:**
-- WireGuard와 OpenVPN과 같은 강력한 프로토콜을 지원
-- 클라이언트에 킬스위치 (Killswitch)기능이 내장되어 있음
-- 멀티홉을 지원함 멀티홉은 한 노드가 공격당할 경우 데이터를 지키는데에 중요하게 사용됩니다.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**우대 사항:**
-- 다양한 설정들을 가진 킬스위치 기능 (일부 네트워크에만 활성화하기, 부팅시에만 활성화하기 등)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- 사용하기 쉬운 VPN 클라이언트
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. 서버들은 IPv6를 통한 연결을 허용하고, IPv6 주소에 호스팅되는 서비스에 접속할 수 있도록 해야 합니다.
- [원격 포트포워딩](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding)을 지원하여 P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) 파일 공유와 Mumble과 같은 서비스 호스팅할 수 있음
@@ -316,11 +316,11 @@ Privacy Guides이 권장하는 제공자들은 최소한의 데이터만을 수
**우대 사항:**
- 다수의 [익명 결제 수단](advanced/payments.md) 지원
-- 개인 정보를 받지 않음 (자동생성된 사용자명, 이메일 불필요 등)
+- No personal information accepted (auto-generated username, no email required, etc.).
### 보안
-적절한 보안을 제공하지 않는 VPN은 없으나마나입니다. Privacy Guides가 권장하는 모든 제공업체는 OpenVPN 연결에 대한 최신 보안 표준을 따라야 합니다. 미래에도 유효한 암호화 체계를 사용하는 것이 제일 이상적입니다. 또한, 권장하는 제공자들은 외부 감사를 꼭 받아야 하며, 포괄적이면서 주기적으로 (매년) 받는 것이 이상적입니다.
+적절한 보안을 제공하지 않는 VPN은 없으나마나입니다. We require all our recommended providers to abide by current security standards. 미래에도 유효한 암호화 체계를 사용하는 것이 제일 이상적입니다. 또한, 권장하는 제공자들은 외부 감사를 꼭 받아야 하며, 포괄적이면서 주기적으로 (매년) 받는 것이 이상적입니다.
**최소 요구 사항:**
@@ -358,7 +358,7 @@ Privacy Guides가 권장하는 VPN 제공 업체들은 책임감 있는 마케
**최소 요구 사항:**
-- 애널리틱스 서비스는 자체 호스팅을 해야 합니다. (Google Analytics와 같은 서비스 사용 금지) VPN 제공자의 사이트는 [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) 요구를 준수해야 합니다.
+- 애널리틱스 서비스는 자체 호스팅을 해야 합니다. (Google Analytics와 같은 서비스 사용 금지) The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
다음과 같은 무책임한 마케팅 방식을 사용하지 않아야 합니다.
diff --git a/i18n/ku-IQ/about.md b/i18n/ku-IQ/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/ku-IQ/about.md
+++ b/i18n/ku-IQ/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/ku-IQ/about/contributors.md b/i18n/ku-IQ/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/ku-IQ/about/contributors.md
+++ b/i18n/ku-IQ/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/ku-IQ/about/criteria.md b/i18n/ku-IQ/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/ku-IQ/about/criteria.md
+++ b/i18n/ku-IQ/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/ku-IQ/about/executive-policy.md b/i18n/ku-IQ/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/ku-IQ/about/executive-policy.md
+++ b/i18n/ku-IQ/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/ku-IQ/about/notices.md b/i18n/ku-IQ/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/ku-IQ/about/notices.md
+++ b/i18n/ku-IQ/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/ku-IQ/about/privacytools.md b/i18n/ku-IQ/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/ku-IQ/about/privacytools.md
+++ b/i18n/ku-IQ/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/ku-IQ/about/statistics.md b/i18n/ku-IQ/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/ku-IQ/about/statistics.md
+++ b/i18n/ku-IQ/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/ku-IQ/advanced/communication-network-types.md b/i18n/ku-IQ/advanced/communication-network-types.md
index 3d91223f..624a18fd 100644
--- a/i18n/ku-IQ/advanced/communication-network-types.md
+++ b/i18n/ku-IQ/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/ku-IQ/advanced/dns-overview.md b/i18n/ku-IQ/advanced/dns-overview.md
index 9200da53..04cac375 100644
--- a/i18n/ku-IQ/advanced/dns-overview.md
+++ b/i18n/ku-IQ/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/ku-IQ/advanced/tor-overview.md b/i18n/ku-IQ/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/ku-IQ/advanced/tor-overview.md
+++ b/i18n/ku-IQ/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/ku-IQ/ai-chat.md b/i18n/ku-IQ/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/ku-IQ/ai-chat.md
+++ b/i18n/ku-IQ/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/ku-IQ/alternative-networks.md b/i18n/ku-IQ/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/ku-IQ/alternative-networks.md
+++ b/i18n/ku-IQ/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/ku-IQ/android/general-apps.md b/i18n/ku-IQ/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/ku-IQ/android/general-apps.md
+++ b/i18n/ku-IQ/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/ku-IQ/basics/account-creation.md b/i18n/ku-IQ/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/ku-IQ/basics/account-creation.md
+++ b/i18n/ku-IQ/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/ku-IQ/basics/account-deletion.md b/i18n/ku-IQ/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/ku-IQ/basics/account-deletion.md
+++ b/i18n/ku-IQ/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/ku-IQ/basics/common-misconceptions.md b/i18n/ku-IQ/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/ku-IQ/basics/common-misconceptions.md
+++ b/i18n/ku-IQ/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ku-IQ/basics/common-threats.md b/i18n/ku-IQ/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/ku-IQ/basics/common-threats.md
+++ b/i18n/ku-IQ/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/ku-IQ/basics/email-security.md b/i18n/ku-IQ/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/ku-IQ/basics/email-security.md
+++ b/i18n/ku-IQ/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/ku-IQ/basics/hardware.md b/i18n/ku-IQ/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/ku-IQ/basics/hardware.md
+++ b/i18n/ku-IQ/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/ku-IQ/basics/multi-factor-authentication.md b/i18n/ku-IQ/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/ku-IQ/basics/multi-factor-authentication.md
+++ b/i18n/ku-IQ/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/ku-IQ/basics/passwords-overview.md b/i18n/ku-IQ/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/ku-IQ/basics/passwords-overview.md
+++ b/i18n/ku-IQ/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/ku-IQ/basics/threat-modeling.md b/i18n/ku-IQ/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/ku-IQ/basics/threat-modeling.md
+++ b/i18n/ku-IQ/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/ku-IQ/browser-extensions.md b/i18n/ku-IQ/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/ku-IQ/browser-extensions.md
+++ b/i18n/ku-IQ/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/ku-IQ/calendar.md b/i18n/ku-IQ/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/ku-IQ/calendar.md
+++ b/i18n/ku-IQ/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/ku-IQ/cloud.md b/i18n/ku-IQ/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/ku-IQ/cloud.md
+++ b/i18n/ku-IQ/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/ku-IQ/cryptocurrency.md b/i18n/ku-IQ/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/ku-IQ/cryptocurrency.md
+++ b/i18n/ku-IQ/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/ku-IQ/data-broker-removals.md b/i18n/ku-IQ/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/ku-IQ/data-broker-removals.md
+++ b/i18n/ku-IQ/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/ku-IQ/desktop-browsers.md b/i18n/ku-IQ/desktop-browsers.md
index 82821366..ee50038a 100644
--- a/i18n/ku-IQ/desktop-browsers.md
+++ b/i18n/ku-IQ/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/ku-IQ/desktop.md b/i18n/ku-IQ/desktop.md
index eef0f6ec..d5d8d3bf 100644
--- a/i18n/ku-IQ/desktop.md
+++ b/i18n/ku-IQ/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/ku-IQ/device-integrity.md b/i18n/ku-IQ/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/ku-IQ/device-integrity.md
+++ b/i18n/ku-IQ/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/ku-IQ/dns.md b/i18n/ku-IQ/dns.md
index d6bb537f..b0365cdd 100644
--- a/i18n/ku-IQ/dns.md
+++ b/i18n/ku-IQ/dns.md
@@ -75,7 +75,7 @@ AdGuard Home ڕووکارێکی ڕێک و پێک دەبەخشێتە ماڵپەر
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/ku-IQ/document-collaboration.md b/i18n/ku-IQ/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/ku-IQ/document-collaboration.md
+++ b/i18n/ku-IQ/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/ku-IQ/email-aliasing.md b/i18n/ku-IQ/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/ku-IQ/email-aliasing.md
+++ b/i18n/ku-IQ/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/ku-IQ/email.md b/i18n/ku-IQ/email.md
index 6d04f799..98909134 100644
--- a/i18n/ku-IQ/email.md
+++ b/i18n/ku-IQ/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە، کە سەرنجی هەبوونی تایبەتێتی، شفرکردن، پارێزراوی، وە ئاسان لە بەکارهێنان دروست کراوە. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە، کە سەرنجی هەبوونی تایبەتێتی، شفرکردن، پارێزراوی، وە ئاسان لە بەکارهێنان دروست کراوە. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail پارەی نەخت [وەردەگرێت](https://proton.me/support/p
#### :material-check:{ .pg-green }پارێزراوێتی هەژمار
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green }پارێزراوێتی زانیاری
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } کرداری زیادە
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Poton Mail کرداری میراتی دیجیتاڵی پێشکەش ناکات.
@@ -127,7 +127,7 @@ Poton Mail کرداری میراتی دیجیتاڵی پێشکەش ناکات.
{ align=right }
-**Mailbox** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە کە جەخت لە هەبوونی سەلامەتی و بێ بەرامبەری تایبەتێتی و کارکردن بە وزەیەکی %100ـی هاوڕێی ژینگە. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox** خزمەتگوزاریەکی پۆستەی ئەلکتڕۆنیە کە جەخت لە هەبوونی سەلامەتی و بێ بەرامبەری تایبەتێتی و کارکردن بە وزەیەکی %100ـی هاوڕێی ژینگە. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green }شێوازی پارەدانی نهێنی
-Mailbox.org هیچ جۆرە دراوێکی دیجیتاڵی قبوڵ ناکات بەهۆی ڕاگرتنی کارەکانی شێوازی پارەدانەکەیان BitPay لە ئەڵمانیا. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org هیچ جۆرە دراوێکی دیجیتاڵی قبوڵ ناکات بەهۆی ڕاگرتنی کارەکانی شێوازی پارەدانەکەیان BitPay لە ئەڵمانیا. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green }پارێزراوێتی هەژمار
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). شیوازە باوەکانی وەک [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) هێشتا پشتگیری نەکراون.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). شیوازە باوەکانی وەک [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) هێشتا پشتگیری نەکراون.
#### :material-information-outline:{ .pg-blue }پارێزراوێتی زانیاری
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } کرداری زیادە
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). هەرچۆنێک بێت، ناتوانیت لە ڕێگەی ڕووکاری ماڵپەڕی پۆستەی ئەلکتڕۆنییەکەیان خزمەتگوزاری .onian بەکاربهێنیت وە لەوانەیە ڕووبەڕووی هەڵەی بڕوانامەی TLS ببیتەوە.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green }پارێزراوێتی هەژمار
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green }پارێزراوێتی زانیاری
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/ku-IQ/encryption.md b/i18n/ku-IQ/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/ku-IQ/encryption.md
+++ b/i18n/ku-IQ/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/ku-IQ/file-sharing.md b/i18n/ku-IQ/file-sharing.md
index 839a7419..56b895d5 100644
--- a/i18n/ku-IQ/file-sharing.md
+++ b/i18n/ku-IQ/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/ku-IQ/frontends.md b/i18n/ku-IQ/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/ku-IQ/frontends.md
+++ b/i18n/ku-IQ/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/ku-IQ/index.md b/i18n/ku-IQ/index.md
index d97852d1..4e6aabf6 100644
--- a/i18n/ku-IQ/index.md
+++ b/i18n/ku-IQ/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/ku-IQ/meta/brand.md b/i18n/ku-IQ/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/ku-IQ/meta/brand.md
+++ b/i18n/ku-IQ/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/ku-IQ/meta/translations.md b/i18n/ku-IQ/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/ku-IQ/meta/translations.md
+++ b/i18n/ku-IQ/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/ku-IQ/meta/uploading-images.md b/i18n/ku-IQ/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/ku-IQ/meta/uploading-images.md
+++ b/i18n/ku-IQ/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/ku-IQ/meta/writing-style.md b/i18n/ku-IQ/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/ku-IQ/meta/writing-style.md
+++ b/i18n/ku-IQ/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/ku-IQ/mobile-browsers.md b/i18n/ku-IQ/mobile-browsers.md
index 48141804..64fccfa7 100644
--- a/i18n/ku-IQ/mobile-browsers.md
+++ b/i18n/ku-IQ/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/ku-IQ/multi-factor-authentication.md b/i18n/ku-IQ/multi-factor-authentication.md
index 87185132..c8ca78d9 100644
--- a/i18n/ku-IQ/multi-factor-authentication.md
+++ b/i18n/ku-IQ/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/ku-IQ/notebooks.md b/i18n/ku-IQ/notebooks.md
index 27e9eada..7c0b44c2 100644
--- a/i18n/ku-IQ/notebooks.md
+++ b/i18n/ku-IQ/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/ku-IQ/os/android-overview.md b/i18n/ku-IQ/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/ku-IQ/os/android-overview.md
+++ b/i18n/ku-IQ/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/ku-IQ/os/ios-overview.md b/i18n/ku-IQ/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/ku-IQ/os/ios-overview.md
+++ b/i18n/ku-IQ/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/ku-IQ/os/linux-overview.md b/i18n/ku-IQ/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/ku-IQ/os/linux-overview.md
+++ b/i18n/ku-IQ/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/ku-IQ/os/macos-overview.md b/i18n/ku-IQ/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/ku-IQ/os/macos-overview.md
+++ b/i18n/ku-IQ/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/ku-IQ/os/windows/group-policies.md b/i18n/ku-IQ/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/ku-IQ/os/windows/group-policies.md
+++ b/i18n/ku-IQ/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/ku-IQ/os/windows/index.md b/i18n/ku-IQ/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/ku-IQ/os/windows/index.md
+++ b/i18n/ku-IQ/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/ku-IQ/passwords.md b/i18n/ku-IQ/passwords.md
index a5f85f28..ea92b575 100644
--- a/i18n/ku-IQ/passwords.md
+++ b/i18n/ku-IQ/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/ku-IQ/photo-management.md b/i18n/ku-IQ/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/ku-IQ/photo-management.md
+++ b/i18n/ku-IQ/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/ku-IQ/real-time-communication.md b/i18n/ku-IQ/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/ku-IQ/real-time-communication.md
+++ b/i18n/ku-IQ/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/ku-IQ/router.md b/i18n/ku-IQ/router.md
index 3e8eb49d..6127b8a7 100644
--- a/i18n/ku-IQ/router.md
+++ b/i18n/ku-IQ/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/ku-IQ/security-keys.md b/i18n/ku-IQ/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/ku-IQ/security-keys.md
+++ b/i18n/ku-IQ/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/ku-IQ/tools.md b/i18n/ku-IQ/tools.md
index 1a6c942b..c49ccc97 100644
--- a/i18n/ku-IQ/tools.md
+++ b/i18n/ku-IQ/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. ئەوان لە **2014**ـەوە لە کاردان. Mailbox.org دەکەوێتە بەرلین، لە ئەڵمانیا. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/ku-IQ/tor.md b/i18n/ku-IQ/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/ku-IQ/tor.md
+++ b/i18n/ku-IQ/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/ku-IQ/vpn.md b/i18n/ku-IQ/vpn.md
index f44a389d..e63cb571 100644
--- a/i18n/ku-IQ/vpn.md
+++ b/i18n/ku-IQ/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/nl/about.md b/i18n/nl/about.md
index 56ea2d47..82328d7a 100644
--- a/i18n/nl/about.md
+++ b/i18n/nl/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/nl/about/contributors.md b/i18n/nl/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/nl/about/contributors.md
+++ b/i18n/nl/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/nl/about/criteria.md b/i18n/nl/about/criteria.md
index 7e31774c..d9bb8162 100644
--- a/i18n/nl/about/criteria.md
+++ b/i18n/nl/about/criteria.md
@@ -24,7 +24,7 @@ Wij stellen deze eisen aan ontwikkelaars die hun project of software in overwegi
- Je moet jouw banden bekendmaken, d.w.z. jouw positie binnen het ingediende project.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Vermeld indien mogelijk wie de controle zal uitvoeren.
- Moet uitleggen wat het project te bieden heeft op het gebied van privacy.
diff --git a/i18n/nl/about/executive-policy.md b/i18n/nl/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/nl/about/executive-policy.md
+++ b/i18n/nl/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/nl/about/notices.md b/i18n/nl/about/notices.md
index f98e486b..34edbfc1 100644
--- a/i18n/nl/about/notices.md
+++ b/i18n/nl/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Wij zijn van mening dat de logo's en andere afbeeldingen in `activa` verkregen van derde leveranciers ofwel in het publieke domein zijn of **eerlijk gebruik**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Deze logo's en andere afbeeldingen kunnen echter nog steeds onderworpen zijn aan het merkenrecht in een of meer rechtsgebieden. Alvorens deze inhoud te gebruiken, dien je zich ervan te vergewissen dat de entiteit of organisatie die eigenaar is van het handelsmerk wordt geïdentificeerd en dat je het recht hebt het te gebruiken volgens de wetten die van toepassing zijn in de omstandigheden van het door je beoogde gebruik. *Wanneer je inhoud van deze website kopieert, bent je er als enige verantwoordelijk voor dat je geen inbreuk maakt op het handelsmerk of auteursrecht van iemand anders.*
+Wij zijn van mening dat de logo's en andere afbeeldingen in `activa` verkregen van derde leveranciers ofwel in het publieke domein zijn of **eerlijk gebruik**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Deze logo's en andere afbeeldingen kunnen echter nog steeds onderworpen zijn aan het merkenrecht in een of meer rechtsgebieden. Alvorens deze inhoud te gebruiken, dien je zich ervan te vergewissen dat de entiteit of organisatie die eigenaar is van het handelsmerk wordt geïdentificeerd en dat je het recht hebt het te gebruiken volgens de wetten die van toepassing zijn in de omstandigheden van het door je beoogde gebruik. *Wanneer je inhoud van deze website kopieert, bent je er als enige verantwoordelijk voor dat je geen inbreuk maakt op het handelsmerk of auteursrecht van iemand anders.*
Wanneer je bijdraagt aan onze website doe je dit onder de bovenstaande licenties, en verleen je Privacy Guides een eeuwigdurende, wereldwijde, niet-exclusieve, overdraagbare, royaltyvrije, onherroepelijke licentie met het recht om dergelijke rechten in sublicentie te geven via meerdere lagen van sublicentiehouders, om jouw bijdrage te reproduceren, te wijzigen, weer te geven, uit te voeren en te distribueren als onderdeel van ons project.
diff --git a/i18n/nl/about/privacytools.md b/i18n/nl/about/privacytools.md
index e0f14143..91af35a6 100644
--- a/i18n/nl/about/privacytools.md
+++ b/i18n/nl/about/privacytools.md
@@ -37,9 +37,9 @@ Eind juli 2021 hebben we de PrivacyTools-gemeenschap [op de hoogte gebracht](htt
## Controle over r/privacytoolsIO
-Gelijktijdig met de lopende website problemen bij privacytools.io, werd het r/privacytoolsIO moderatieteam geconfronteerd met uitdagingen bij het beheer van de subreddit. De subreddit werd altijd grotendeels onafhankelijk van de ontwikkeling van de website beheerd, maar BurungHantu was ook de primaire moderator van de subreddit, en hij was de enige moderator die "Volledige controle"-rechten kreeg. u/trai_dep was op dat moment de enige actieve moderator en [diende](https://reddit.com/comments/o9tllh) op 28 juni 2021 een verzoek [in](https://reddit. com/comments/o9tllh) bij de beheerders van Reddit waarin hij vroeg om de positie van primaire moderator en volledige controleprivileges om de nodige wijzigingen in de Subreddit aan te brengen.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was op dat moment de enige actieve moderator en [diende](https://reddit.com/comments/o9tllh) op 28 juni 2021 een verzoek [in](https://reddit. com/comments/o9tllh) bij de beheerders van Reddit waarin hij vroeg om de positie van primaire moderator en volledige controleprivileges om de nodige wijzigingen in de Subreddit aan te brengen.
-Reddit vereist dat subreddits actieve moderatoren hebben. Indien de eerste moderator gedurende een lange periode (bijvoorbeeld een jaar) inactief is, kan de positie van eerste moderator opnieuw worden toegewezen aan de volgende moderator in de rij. Om dit verzoek in te willigen, moest BurungHantu volledig afwezig zijn geweest bij alle Reddit-activiteiten gedurende een lange periode, wat consistent was met zijn gedrag op andere platforms.
+Reddit requires that Subreddits have active moderators. Indien de eerste moderator gedurende een lange periode (bijvoorbeeld een jaar) inactief is, kan de positie van eerste moderator opnieuw worden toegewezen aan de volgende moderator in de rij. Om dit verzoek in te willigen, moest BurungHantu volledig afwezig zijn geweest bij alle Reddit-activiteiten gedurende een lange periode, wat consistent was met zijn gedrag op andere platforms.
> Als je als moderator van een subreddit werd verwijderd via een Reddit-verzoek is dat omdat je gebrek aan reactie en gebrek aan activiteit de subreddit kwalificeerde voor een r/redditrequest-overplaatsing.
>
@@ -55,7 +55,7 @@ Deze verandering [bracht het volgende met zich mee:](https://reddit.com/comments
- `www.privacytools.io` omleiden naar [www.privacyguides.org.](https://www.privacyguides.org).
- Het archiveren van de broncode op GitHub om ons werk uit het verleden en de issue tracker te bewaren, die we bleven gebruiken voor maanden van toekomstige ontwikkeling van deze site.
-- Aankondigingen plaatsen op onze subreddit en diverse andere gemeenschappen om mensen te informeren over de officiële verandering.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formeel sluiten van privacytools.io-diensten, zoals Matrix en Mastodon, en bestaande gebruikers aanmoedigen om zo snel mogelijk te migreren.
Alles leek soepel te verlopen, en het grootste deel van onze actieve gemeenschap maakte de overstap naar ons nieuwe project, precies zoals we hoopten.
@@ -66,11 +66,11 @@ Ongeveer een week na de overgang kwam BurungHantu voor het eerst in bijna een ja
Op dat moment beweerde BurungHantu dat hij alleen verder wilde werken aan privacytools.io en hij vroeg ons om de omleiding van `www.privacytools.io` naar [www.privacyguides.org](https://www.privacyguides.org) te verwijderen [.](https://www.privacyguides.org). We hebben hem gevraagd de subdomeinen voor Matrix, Mastodon en PeerTube ten minste een paar maanden actief te houden als openbare dienst voor onze gemeenschap, zodat gebruikers op deze platforms gemakkelijk naar andere accounts kunnen migreren. Door de gefedereerde aard van de diensten die wij leverden, waren deze gebonden aan specifieke domeinnamen waardoor het zeer moeilijk (en in sommige gevallen onmogelijk) was om te migreren.
-Omdat de controle over de r/privacytoolsIO subreddit helaas niet werd teruggegeven aan BurungHantu op zijn verzoek (meer informatie hieronder), werden deze subdomeinen begin oktober [afgesloten](https://reddit.com/comments/pymthv/comment/hexwrps), waardoor er geen migratiemogelijkheden meer waren voor gebruikers die deze diensten nog gebruikten.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Hierna heeft BurungHantu valse beschuldigingen geuit over het stelen van donaties van het project door Jonah. BurungHantu had meer dan een jaar na het vermeende incident, en toch heeft hij nooit iemand op de hoogte gebracht tot na de migratie van de Privacy Guides. BurungHantu is herhaaldelijk door het team [en de gemeenschap](https://twitter.com/TommyTran732/status/1526153536962281474)gevraagd om bewijzen en om commentaar op de reden voor zijn stilzwijgen, maar heeft dat niet gedaan.
-BurungHantu maakte ook een [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) bewerend dat een "advocaat" hem had bereikt op Twitter en advies gaf, in een andere poging om ons te intimideren om hem de controle over onze subreddit te geven, en als onderdeel van zijn lastercampagne om het water rond de lancering van Privacy Guides te vertroebelen terwijl hij zich voordoet als een slachtoffer.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Nu
@@ -80,7 +80,7 @@ Vanaf 25 september 2022 zien we de algemene plannen van BurungHantu in vervullin
## privacyTools. io Nu
-Na de lancering van [r/PrivacyGuides](https://reddit.com/r/privacyguides) was het onpraktisch voor u/trai_dep om beide subreddits te blijven modereren en met de gemeenschap aan boord voor de overgang, [werd](https://reddit.com/comments/qk7qrj) r/privacytoolsIO een beperkt subreddit in een post op 1 november 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] De groei van deze Sub was het resultaat van grote inspanningen, gedurende meerdere jaren, door het PrivacyGuides.org team. En door ieder van jullie.
>
@@ -88,11 +88,11 @@ Na de lancering van [r/PrivacyGuides](https://reddit.com/r/privacyguides) was he
Subreddits zijn van niemand, en al helemaal niet van merkhouders. Ze horen bij hun gemeenschap, en de gemeenschap en haar moderatoren hebben besloten de verhuizing naar r/PrivacyGuides te steunen.
-In de maanden daarna heeft BurungHantu gedreigd en gesmeekt om de controle over de subreddit terug te geven aan zijn account, wat [in strijd](https://reddit.com/r/redditrequest/wiki/top_mod_removal) is met de regels van Reddit:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Vergelding door een moderator met betrekking tot verwijderingsverzoeken is niet toegestaan.
-Voor een gemeenschap met vele duizenden resterende abonnees, vinden we dat het ongelooflijk respectloos zou zijn om de controle over dat enorme platform terug te geven aan de persoon die het meer dan een jaar heeft verlaten en die nu een website beheert waarvan we denken dat deze informatie van zeer lage kwaliteit biedt. Het behoud van de jaren van eerdere discussies in die gemeenschap is belangrijker voor ons, en dus hebben u/trai_dep en de rest van het subreddit moderatieteam de beslissing genomen om r/privacytoolsIO as-is te houden.
+Voor een gemeenschap met vele duizenden resterende abonnees, vinden we dat het ongelooflijk respectloos zou zijn om de controle over dat enorme platform terug te geven aan de persoon die het meer dan een jaar heeft verlaten en die nu een website beheert waarvan we denken dat deze informatie van zeer lage kwaliteit biedt. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Nu
diff --git a/i18n/nl/about/statistics.md b/i18n/nl/about/statistics.md
index 40675d9b..34a6ee37 100644
--- a/i18n/nl/about/statistics.md
+++ b/i18n/nl/about/statistics.md
@@ -11,7 +11,7 @@ We hosten [Umami](https://umami.is) zelf om een mooie visualisatie van onze webv
Met deze methode:
-- Je informatie wordt nooit gedeeld met derden, het blijft op servers die wij beheren
+- Your information is never shared with a third party, it stays on servers we control
- Je persoonlijke gegevens worden nooit opgeslagen, we verzamelen alleen samengevoegde gegevens
- Er wordt geen JavaScript aan de clientzijde gebruikt
diff --git a/i18n/nl/advanced/communication-network-types.md b/i18n/nl/advanced/communication-network-types.md
index d9efa946..25739858 100644
--- a/i18n/nl/advanced/communication-network-types.md
+++ b/i18n/nl/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Bij zelf-hosting kunnen leden van een federatieve server leden van andere server
- Maakt een grotere controle over jouw eigen gegevens mogelijk wanneer je jouw eigen server gebruikt.
- Hiermee kunt je kiezen aan wie je jouw gegevens toevertrouwt door te kiezen tussen meerdere "openbare" servers.
- Staat vaak clients van derden toe die een meer native, aangepaste of toegankelijke ervaring kunnen bieden.
-- Bij serversoftware kan worden nagegaan of deze overeenkomt met de openbare broncode, ervan uitgaande dat je toegang hebt tot de server of dat je de persoon die dat heeft (bijvoorbeeld een familielid) vertrouwt.
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Nadelen:**
@@ -60,7 +60,7 @@ Bij zelf-hosting kunnen leden van een federatieve server leden van andere server
P2P berichten diensten maken verbinding met een [gedistribueerd netwerk](https://en.wikipedia.org/wiki/Distributed_networking) van knooppunten om een bericht door te geven aan de ontvanger zonder een server van derden.
-Cliënten (peers) vinden elkaar meestal via een [gedistribueerd computernetwerk](https://en.wikipedia.org/wiki/Distributed_computing). Voorbeelden hiervan zijn [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), gebruikt door [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) en [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) bijvoorbeeld. Een andere benadering is op nabijheid gebaseerde netwerken, waarbij een verbinding tot stand wordt gebracht via WiFi of Bluetooth (bijvoorbeeld Briar of het [Scuttlebutt](https://scuttlebutt.nz) sociale netwerkprotocol).
+Cliënten (peers) vinden elkaar meestal via een [gedistribueerd computernetwerk](https://en.wikipedia.org/wiki/Distributed_computing). Voorbeelden hiervan zijn [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), gebruikt door [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) en [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) bijvoorbeeld. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Zodra een peer via een van deze methoden een route naar zijn contactpersoon heeft gevonden, wordt een rechtstreekse verbinding tussen hen tot stand gebracht. Hoewel berichten meestal versleuteld zijn, kan een waarnemer toch de locatie en de identiteit van de verzender en de ontvanger afleiden.
@@ -85,9 +85,9 @@ P2P-netwerken maken geen gebruik van servers, aangezien peers rechtstreeks met e
Een berichten diensten die gebruik maakt van [anonieme routering](https://doi.org/10.1007/978-1-4419-5906-5_628) verbergt de identiteit van de verzender, de ontvanger of het bewijs dat zij hebben gecommuniceerd. Idealiter zou een berichten diensten alle drie moeten verbergen.
-Er zijn [veel](https://doi.org/10.1145/3182658) verschillende manieren om anonieme routering te implementeren. Een van de bekendste is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (d.w.z. [Tor](tor-overview.md)), waarbij versleutelde berichten worden gecommuniceerd via een virtueel [overlay netwerk](https://en.wikipedia.org/wiki/Overlay_network) dat de locatie van elk knooppunt en de ontvanger en verzender van elk bericht verbergt. De verzender en de ontvanger hebben nooit rechtstreeks contact en ontmoeten elkaar alleen via een geheim rendez-vousknooppunt, zodat er geen IP-adressen of fysieke locatie uitlekken. Knooppunten kunnen berichten niet ontcijferen, noch de eindbestemming; alleen de ontvanger kan dat. Elk tussenliggend knooppunt kan slechts een deel decoderen dat aangeeft waar het nog versleutelde bericht naartoe moet, totdat het aankomt bij de ontvanger die het volledig kan decoderen, vandaar de "ui-lagen"
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Een van de bekendste is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (d.w.z. [Tor](tor-overview.md)), waarbij versleutelde berichten worden gecommuniceerd via een virtueel [overlay netwerk](https://en.wikipedia.org/wiki/Overlay_network) dat de locatie van elk knooppunt en de ontvanger en verzender van elk bericht verbergt. De verzender en de ontvanger hebben nooit rechtstreeks contact en ontmoeten elkaar alleen via een geheim rendez-vousknooppunt, zodat er geen IP-adressen of fysieke locatie uitlekken. Knooppunten kunnen berichten niet ontcijferen, noch de eindbestemming; alleen de ontvanger kan dat. Elk tussenliggend knooppunt kan slechts een deel decoderen dat aangeeft waar het nog versleutelde bericht naartoe moet, totdat het aankomt bij de ontvanger die het volledig kan decoderen, vandaar de "ui-lagen"
-Het zelf hosten van een knooppunt in een anoniem routenetwerk biedt de hoster geen extra privacyvoordelen, maar draagt bij tot de weerbaarheid van het hele netwerk tegen identificatieaanvallen, wat in ieders voordeel is.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Voordelen:**
diff --git a/i18n/nl/advanced/dns-overview.md b/i18n/nl/advanced/dns-overview.md
index 40e8ebc6..5267bbc2 100644
--- a/i18n/nl/advanced/dns-overview.md
+++ b/i18n/nl/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Het Domain Name System is het "telefoonboek van het internet", dat jouw browser helpt de website te vinden die hij zoekt.
---
-Het [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is het "telefoonboek van het internet". DNS vertaalt domeinnamen naar IP-adressen zodat browsers en andere diensten internetbronnen kunnen laden, via een gedecentraliseerd netwerk van servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS vertaalt domeinnamen naar IP-adressen zodat browsers en andere diensten internetbronnen kunnen laden, via een gedecentraliseerd netwerk van servers.
## Wat is DNS?
@@ -24,7 +24,7 @@ Hieronder bespreken we en geven we een tutorial om te bewijzen wat een externe w
tshark -w /tmp/dns.pcap udp poort 53 en host 1.1.1.1 of host 8.8.8.8
```
-2. We kunnen dan [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS etc) of [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) gebruiken om de DNS lookup naar beide servers te sturen. Software zoals webbrowsers doen deze lookups automatisch, tenzij zij geconfigureerd zijn om gecodeerde DNS te gebruiken.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software zoals webbrowsers doen deze lookups automatisch, tenzij zij geconfigureerd zijn om gecodeerde DNS te gebruiken.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Hieronder bespreken we en geven we een tutorial om te bewijzen wat een externe w
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was een van de eerste methoden om DNS-query's te versleutelen. DNSCrypt werkt op poort 443 en werkt met zowel de TCP- als de UDP-transportprotocollen. DNSCrypt is nooit ingediend bij de [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) en is ook nooit door het [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) proces gegaan, dus is het buiten een paar [implementaties nog niet op grote schaal gebruikt](https://dnscrypt.info/implementations). Als gevolg daarvan is het grotendeels vervangen door het meer populaire [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was een van de eerste methoden om DNS-query's te versleutelen. DNSCrypt werkt op poort 443 en werkt met zowel de TCP- als de UDP-transportprotocollen. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Als gevolg daarvan is het grotendeels vervangen door het meer populaire [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In dit voorbeeld zullen we vastleggen wat er gebeurt als we een DoH-verzoek doen
3. Na het verzoek te hebben gedaan, kunnen we de packet capture stoppen met CTRL + C.
-4. Analyseer de resultaten in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Wanneer we een DNS lookup doen, is dat meestal omdat we toegang willen tot een b
De eenvoudigste manier om de surfactiviteit vast te stellen, is te kijken naar de IP-adressen waartoe jouw apparaten toegang hebben. Als de waarnemer bijvoorbeeld weet dat `privacyguides.org` op `198.98.54.105`staat, en jouw apparaat gegevens opvraagt van `198.98.54.105`, is de kans groot dat je Privacy Guides bezoekt.
-Deze methode is alleen nuttig wanneer het IP-adres toebehoort aan een server die slechts enkele websites host. Het is ook niet erg nuttig als de site wordt gehost op een gedeeld platform (bijv. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, enz.). Het is ook niet erg nuttig als de server gehost wordt achter een [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), wat heel gebruikelijk is op het moderne Internet.
+Deze methode is alleen nuttig wanneer het IP-adres toebehoort aan een server die slechts enkele websites host. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Het is ook niet erg nuttig als de server gehost wordt achter een [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), wat heel gebruikelijk is op het moderne Internet.
### Server Naam Aanwijzing (SNA)
-Server Name Indication wordt meestal gebruikt wanneer een IP-adres veel websites host. Dit kan een dienst als Cloudflare zijn, of een andere [Denial-of-service-aanval](https://en.wikipedia.org/wiki/Denial-of-service_attack) bescherming.
+Server Name Indication is typically used when an IP address hosts many websites. Dit kan een dienst als Cloudflare zijn, of een andere [Denial-of-service-aanval](https://en.wikipedia.org/wiki/Denial-of-service_attack) bescherming.
-1. Begin opnieuw te vangen met `tshark`. We hebben een filter toegevoegd met ons IP adres zodat je niet veel pakketten opvangt:
+1. Begin opnieuw te vangen met `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap poort 443 en host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | Nee | nothing(Doe niets)
```
-Versleutelde DNS met een derde partij mag alleen worden gebruikt om redirects en basis-DNS-blokkering van [te omzeilen](https://en.wikipedia.org/wiki/DNS_blocking) als je er zeker van kunt zijn dat er geen gevolgen zijn of als je geïnteresseerd bent in een provider die een aantal rudimentaire filters uitvoert.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Lijst van aanbevolen DNS-servers](../dns.md ""){.md-button}
diff --git a/i18n/nl/advanced/tor-overview.md b/i18n/nl/advanced/tor-overview.md
index b47e3a65..b8563490 100644
--- a/i18n/nl/advanced/tor-overview.md
+++ b/i18n/nl/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/nl/ai-chat.md b/i18n/nl/ai-chat.md
index 57e083d1..5f9d0df2 100644
--- a/i18n/nl/ai-chat.md
+++ b/i18n/nl/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Beste geval
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/nl/alternative-networks.md b/i18n/nl/alternative-networks.md
index 546eeaab..fbfeb54b 100644
--- a/i18n/nl/alternative-networks.md
+++ b/i18n/nl/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/nl/android/general-apps.md b/i18n/nl/android/general-apps.md
index f7e1b3fa..7fcf2291 100644
--- a/i18n/nl/android/general-apps.md
+++ b/i18n/nl/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/nl/basics/account-creation.md b/i18n/nl/basics/account-creation.md
index 93c35cea..8bbd42ad 100644
--- a/i18n/nl/basics/account-creation.md
+++ b/i18n/nl/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Vaak melden mensen zich aan voor diensten zonder na te denken. Misschien is het een streamingdienst zodat je die nieuwe show kunt bekijken waar iedereen het over heeft, of een account waarmee je korting krijgt op uw favoriete fastfood zaak. Wat het geval ook is, je moet nu en later rekening houden met de implicaties voor jouw gegevens.
+Vaak melden mensen zich aan voor diensten zonder na te denken. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Wat het geval ook is, je moet nu en later rekening houden met de implicaties voor jouw gegevens.
Aan elke nieuwe dienst die je gebruikt, zijn risico's verbonden. Datalekken; onthulling van klanteninformatie aan derden; malafide werknemers die toegang krijgen tot gegevens; het zijn allemaal mogelijkheden die moeten worden overwogen wanneer je jouw informatie verstrekt. Je moet er zeker van zijn dat je de service kunt vertrouwen, daarom raden we niet aan om waardevolle gegevens op te slaan over iets anders dan de meest volwassen en stressgeteste producten. Dat betekent meestal diensten die end-to-end encryptie leveren en een cryptografische audit hebben ondergaan. Een audit vergroot de zekerheid dat het product is ontworpen zonder opvallende beveiligingsproblemen die zijn veroorzaakt door een onervaren ontwikkelaar.
@@ -13,11 +13,11 @@ Bij sommige diensten kan het ook moeilijk zijn om de accounts te verwijderen. So
## Servicevoorwaarden en Privacybeleid
-De ToS zijn de regels waarmee je akkoord gaat wanneer je de dienst gebruikt. Bij grotere diensten worden deze regels vaak afgedwongen door geautomatiseerde systemen. Soms kunnen deze geautomatiseerde systemen fouten maken. Je kunt bijvoorbeeld bij sommige diensten worden verbannen of uitgesloten van jouw account omdat je een VPN- of VOIP-nummer gebruikt. Een beroep doen op een dergelijke verbanning is vaak moeilijk en omvat ook een geautomatiseerd proces, wat niet altijd succesvol is. Dit is een van de redenen waarom wij bijvoorbeeld niet aanraden Gmail als e-mail te gebruiken. E-mail is cruciaal voor de toegang tot andere diensten waarvoor je zich misschien hebt aangemeld.
+De ToS zijn de regels waarmee je akkoord gaat wanneer je de dienst gebruikt. Bij grotere diensten worden deze regels vaak afgedwongen door geautomatiseerde systemen. Soms kunnen deze geautomatiseerde systemen fouten maken. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Een beroep doen op een dergelijke verbanning is vaak moeilijk en omvat ook een geautomatiseerd proces, wat niet altijd succesvol is. Dit is een van de redenen waarom wij bijvoorbeeld niet aanraden Gmail als e-mail te gebruiken. E-mail is cruciaal voor de toegang tot andere diensten waarvoor je zich misschien hebt aangemeld.
-Het privacybeleid is hoe de service zegt dat ze jouw gegevens zullen gebruiken en het is de moeite waard om te lezen, zodat je begrijpt hoe jouw gegevens zullen worden gebruikt. Een bedrijf of organisatie is mogelijk niet wettelijk verplicht om alles wat in het beleid staat te volgen (het hangt af van de jurisdictie). We raden je aan om een idee te hebben van wat je lokale wetten zijn en wat ze een provider toestaan om te verzamelen.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Een bedrijf of organisatie is mogelijk niet wettelijk verplicht om alles wat in het beleid staat te volgen (het hangt af van de jurisdictie). We raden je aan om een idee te hebben van wat je lokale wetten zijn en wat ze een provider toestaan om te verzamelen.
-Wij raden je aan te zoeken naar bepaalde termen zoals "gegevensverzameling", "gegevensanalyse", "cookies", "advertenties" of "diensten van derden". Soms kunt je je afmelden voor het verzamelen van gegevens of voor het delen van jouw gegevens, maar het is het beste om een dienst te kiezen die jouw privacy vanaf het begin respecteert.
+Wij raden je aan te zoeken naar bepaalde termen zoals "gegevensverzameling", "gegevensanalyse", "cookies", "advertenties" of "diensten van derden". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Vergeet niet dat je ook jouw vertrouwen stelt in het bedrijf of de organisatie en dat zij hun eigen privacybeleid zullen naleven.
@@ -42,7 +42,7 @@ Je bent verantwoordelijk voor het beheer van jouw inloggegevens. Voor extra beve
#### E-mail aliassen
-Als je jouw echte e-mailadres niet aan een dienst wilt geven, kunt je een alias gebruiken. We hebben deze in meer detail beschreven op onze pagina met aanbevelingen voor e-maildiensten. Met alias diensten kunt je nieuwe e-mailadressen aanmaken die alle e-mails doorsturen naar jouw hoofdadres. Dit kan helpen bij het voorkomen van tracking tussen services en je helpen bij het beheren van de marketing-e-mails die soms bij het aanmeldingsproces worden geleverd. Die kunnen automatisch worden gefilterd op basis van de alias waarnaar ze worden gestuurd.
+Als je jouw echte e-mailadres niet aan een dienst wilt geven, kunt je een alias gebruiken. We hebben deze in meer detail beschreven op onze pagina met aanbevelingen voor e-maildiensten. Met alias diensten kunt je nieuwe e-mailadressen aanmaken die alle e-mails doorsturen naar jouw hoofdadres. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Die kunnen automatisch worden gefilterd op basis van de alias waarnaar ze worden gestuurd.
Als een dienst wordt gehackt, kunt je phishing- of spam-e-mails ontvangen op het adres waarmee je je hebt aangemeld. Het gebruik van unieke aliassen voor elke service kan helpen bij het identificeren van precies welke service is gehackt.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We raden je aan services te vermijden waarvoor een telefoonnummer nodig is om je aan te melden. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Vermijd het geven van jouw echte telefoonnummer als je kunt. Sommige diensten staan het gebruik van VOIP-nummers toe, maar deze alarmeren vaak fraudedetectiesystemen, waardoor een rekening wordt geblokkeerd.
+Vermijd het geven van jouw echte telefoonnummer als je kunt. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In veel gevallen moet je een nummer opgeven waarvan je smsjes of telefoontjes kunt ontvangen, vooral wanneer je internationaal winkelt, voor het geval er een probleem is met jouw bestelling bij de grenscontrole. Het is gebruikelijk dat services je nummer gebruiken als verificatiemethode; laat je niet buitensluiten van een belangrijk account omdat je slim wilt zijn en een nepnummer wilt geven!
diff --git a/i18n/nl/basics/account-deletion.md b/i18n/nl/basics/account-deletion.md
index 089a3938..4db40fa1 100644
--- a/i18n/nl/basics/account-deletion.md
+++ b/i18n/nl/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktopplatforms hebben vaak ook een wachtwoordmanager waarmee je vergeten wacht
### Email
-Als je in het verleden geen wachtwoord manager hebt gebruikt of je denkt dat je accounts hebt die nooit aan jouw wachtwoord manager zijn toegevoegd, is een andere optie om de e-mailaccount(s) te doorzoeken waarop je zich volgens je hebt aangemeld. Zoek in jouw e-mailprogramma op trefwoorden als "verifiëren" of "welkom" Bijna elke keer dat je een online account aanmaakt, zal de dienst een verificatielink of een inleidend bericht naar jouw e-mail sturen. Dit kan een goede manier zijn om oude, vergeten accounts te vinden.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. Zoek in jouw e-mailprogramma op trefwoorden als "verifiëren" of "welkom" Bijna elke keer dat je een online account aanmaakt, zal de dienst een verificatielink of een inleidend bericht naar jouw e-mail sturen. Dit kan een goede manier zijn om oude, vergeten accounts te vinden.
## Oude accounts verwijderen
@@ -39,7 +39,7 @@ Als de site een foutmelding geeft dat het e-mailadres niet gekoppeld is aan een
### GDPR (alleen inwoners van de EER)
-Inwoners van de EER hebben aanvullende rechten met betrekking tot het wissen van gegevens zoals gespecificeerd in [Artikel 17](https://gdpr-info.eu/art-17-gdpr) van de GDPR. Als het op je van toepassing is, lees dan het privacybeleid voor een bepaalde dienst om informatie te vinden over hoe je jouw recht op wissing kunt uitoefenen. Het lezen van het privacybeleid kan belangrijk blijken, want sommige diensten hebben een optie "Account verwijderen" die alleen jouw account uitschakelt en voor echte verwijdering moet je extra actie ondernemen. Soms kan het daadwerkelijk wissen inhouden dat je een enquête invult, een e-mail stuurt naar de functionaris voor gegevensbescherming van de dienst of zelfs bewijst dat je in de EER woont. Als je van plan bent deze weg te gaan, overschrijf dan de accountgegevens van **niet** - jouw identiteit als inwoner van de EER kan vereist zijn. Merk op dat de locatie van de dienst er niet toe doet; GDPR is van toepassing op iedereen die Europese gebruikers bedient. Indien de dienst jouw recht op wissing niet respecteert, kunt je contact opnemen met jouw nationale [gegevensbeschermingsautoriteit](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) en kunt je recht hebben op een geldelijke vergoeding.
+Inwoners van de EER hebben aanvullende rechten met betrekking tot het wissen van gegevens zoals gespecificeerd in [Artikel 17](https://gdpr-info.eu/art-17-gdpr) van de GDPR. Als het op je van toepassing is, lees dan het privacybeleid voor een bepaalde dienst om informatie te vinden over hoe je jouw recht op wissing kunt uitoefenen. Het lezen van het privacybeleid kan belangrijk blijken, want sommige diensten hebben een optie "Account verwijderen" die alleen jouw account uitschakelt en voor echte verwijdering moet je extra actie ondernemen. Soms kan het daadwerkelijk wissen inhouden dat je een enquête invult, een e-mail stuurt naar de functionaris voor gegevensbescherming van de dienst of zelfs bewijst dat je in de EER woont. Als je van plan bent deze weg te gaan, overschrijf dan de accountgegevens van **niet** - jouw identiteit als inwoner van de EER kan vereist zijn. Merk op dat de locatie van de dienst er niet toe doet; GDPR is van toepassing op iedereen die Europese gebruikers bedient. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overschrijven van account informatie
diff --git a/i18n/nl/basics/common-misconceptions.md b/i18n/nl/basics/common-misconceptions.md
index c4f7a827..2ae90948 100644
--- a/i18n/nl/basics/common-misconceptions.md
+++ b/i18n/nl/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ Het privacybeleid en de zakelijke praktijken van de aanbieders die je kiest, zij
## "Ingewikkeld is beter"
-We zien vaak dat mensen overdreven ingewikkelde dreigingsmodellen voor privacybedreigingen beschrijven. Vaak omvatten deze oplossingen problemen zoals veel verschillende e-mailaccounts of ingewikkelde opstellingen met veel bewegende delen en voorwaarden. De antwoorden zijn meestal antwoorden op "Wat is de beste manier om *X* te doen?"
+We zien vaak dat mensen overdreven ingewikkelde dreigingsmodellen voor privacybedreigingen beschrijven. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. De antwoorden zijn meestal antwoorden op "Wat is de beste manier om *X* te doen?"
Het vinden van de "beste" oplossing voor jezelf betekent niet noodzakelijk dat je op zoek bent naar een onfeilbare oplossing met tientallen voorwaarden - deze oplossingen zijn vaak moeilijk om realistisch mee te werken. Zoals we eerder hebben besproken, gaat veiligheid vaak ten koste van gemak. Hieronder geven we enkele tips:
1. ==Acties moeten een bepaald doel dienen==, denk na over hoe je met zo weinig mogelijk acties kunt doen wat je wilt.
2. ==Verwijder menselijke faalpunten:== We maken fouten, worden moe, en vergeten dingen. Om de veiligheid te behouden, moet je voorkomen dat je vertrouwt op handmatige acties en processen die je moet onthouden.
-3. ==Gebruik het juiste niveau van bescherming voor wat je van plan bent.== Wij zien vaak aanbevelingen van zogenaamde politie, en legerbestendige oplossingen. Deze vereisen vaak specialistische kennis en zijn over het algemeen niet wat de mensen willen. Het heeft geen zin een ingewikkeld dreigingsmodel voor anonimiteit op te stellen als je gemakkelijk kunt worden gedeanonimiseerd door een eenvoudige vergissing.
+3. ==Gebruik het juiste niveau van bescherming voor wat je van plan bent.== Wij zien vaak aanbevelingen van zogenaamde politie, en legerbestendige oplossingen. Deze vereisen vaak specialistische kennis en zijn over het algemeen niet wat de mensen willen. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Dus, hoe zou dit eruit zien?
@@ -94,4 +94,4 @@ Een van de duidelijkste dreigingsmodellen is een model waarbij mensen *weten wie
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/nl/basics/common-threats.md b/i18n/nl/basics/common-threats.md
index b639b84b..0d13a8f2 100644
--- a/i18n/nl/basics/common-threats.md
+++ b/i18n/nl/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Jouw dreigingsmodel is persoonlijk voor je, maar dit zijn enkele van de dingen die veel bezoekers van deze site belangrijk vinden.
---
-In grote lijnen delen wij onze aanbevelingen in in deze algemene categorieën van [bedreigingen](threat-modeling.md) of doelstellingen die voor de meeste mensen gelden. ==U kunt zich bezighouden met geen, een, enkele, of al deze mogelijkheden==, en de instrumenten en diensten die je gebruikt hangen af van wat jouw doelstellingen zijn. Misschien heb je ook specifieke bedreigingen buiten deze categorieën, en dat is prima! Het belangrijkste is dat je inzicht krijgt in de voordelen en tekortkomingen van de middelen die je gebruikt, want vrijwel geen enkel middel beschermt je tegen elke denkbare bedreiging.
+In grote lijnen delen wij onze aanbevelingen in in deze algemene categorieën van [bedreigingen](threat-modeling.md) of doelstellingen die voor de meeste mensen gelden. ==U kunt zich bezighouden met geen, een, enkele, of al deze mogelijkheden==, en de instrumenten en diensten die je gebruikt hangen af van wat jouw doelstellingen zijn. You may have specific threats outside these categories as well, which is perfectly fine! Het belangrijkste is dat je inzicht krijgt in de voordelen en tekortkomingen van de middelen die je gebruikt, want vrijwel geen enkel middel beschermt je tegen elke denkbare bedreiging.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Om de potentiële schade van kwaadaardige software tot een minimum te beperken,
Mobiele besturingssystemen zijn over het algemeen veiliger dan desktopbesturingssystemen als het gaat om sandboxing van toepassingen.
-Apps kunnen geen root-toegang krijgen en hebben alleen toegang tot systeembronnen die je hen verleent. Desktop besturingssystemen lopen over het algemeen achter op het gebied van goede sandboxing. Chrome OS heeft vergelijkbare sandboxing-eigenschappen als Android, en macOS heeft volledige controle over systeemtoestemmingen en opt-in (voor ontwikkelaars) sandboxing voor applicaties, maar deze besturingssystemen geven wel identificerende informatie door aan hun respectieve OEM's. Linux heeft de neiging geen informatie door te geven aan systeemverkopers, maar het heeft een slechte bescherming tegen exploits en kwaadaardige apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Apps kunnen geen root-toegang krijgen en hebben alleen toegang tot systeembronnen die je hen verleent. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Chrome OS heeft vergelijkbare sandboxing-eigenschappen als Android, en macOS heeft volledige controle over systeemtoestemmingen en opt-in (voor ontwikkelaars) sandboxing voor applicaties, maar deze besturingssystemen geven wel identificerende informatie door aan hun respectieve OEM's. Linux heeft de neiging geen informatie door te geven aan systeemverkopers, maar het heeft een slechte bescherming tegen exploits en kwaadaardige apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Wanneer je vertrouwt op end-to-end encryptie, moet je daarom waar mogelijk nativ
-Zelfs met end-to-end encryptie kunnen dienstverleners je nog steeds profileren op basis van **metadata**, die doorgaans niet beschermd zijn. Hoewel de dienstverlener jouw berichten niet kan lezen om te zien wat je zegt, kan hij wel observeren met wie je praat, hoe vaak je hen berichten stuurt en op welke tijden je doorgaans actief bent. Bescherming van metadata is tamelijk ongewoon, en je zou goed moeten opletten in de technische documentatie van de software die je gebruikt om te zien of er überhaupt sprake is van minimalisering of bescherming van metadata, als dat voor je een punt van zorg is.
+Zelfs met end-to-end encryptie kunnen dienstverleners je nog steeds profileren op basis van **metadata**, die doorgaans niet beschermd zijn. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Bescherming van metadata is tamelijk ongewoon, en je zou goed moeten opletten in de technische documentatie van de software die je gebruikt om te zien of er überhaupt sprake is van minimalisering of bescherming van metadata, als dat voor je een punt van zorg is.
## Programma's voor massatoezicht
@@ -156,7 +156,7 @@ Massasurveillance is een poging om een groot deel van of een gehele bevolking te
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
De beste manier om ervoor te zorgen dat jouw gegevens privé blijven, is ze in de eerste plaats gewoon niet openbaar te maken. Het verwijderen van informatie die je online over jezelf vindt, is een van de beste eerste stappen die je kunt nemen om jouw privacy terug te krijgen. Het gebruik van hulpmiddelen zoals content blockers om netwerkverzoeken aan hun servers te beperken, en het lezen van het privacybeleid van de diensten die je gebruikt, kunnen je helpen veel laag hangend fruit te vermijden, maar kunnen je nooit volledig beschermen tegen alle tracking.[^4]
-Op sites waar je informatie deelt, is het heel belangrijk dat je de privacyinstellingen van jouw account controleert om te beperken hoe wijd die gegevens worden verspreid. Als jouw accounts bijvoorbeeld een "privémodus" hebben, schakel deze dan in om ervoor te zorgen dat jouw account niet wordt geïndexeerd door zoekmachines en niet kan worden bekeken door mensen die je niet van tevoren vertrouwd. De sterkste bescherming tegen het verzamelen van bedrijfsgegevens is om jouw gegevens waar mogelijk te versleutelen of te verdoezelen, waardoor het voor verschillende providers moeilijk wordt om gegevens met elkaar te correleren en een profiel op je op te bouwen.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Als jouw accounts bijvoorbeeld een "privémodus" hebben, schakel deze dan in om ervoor te zorgen dat jouw account niet wordt geïndexeerd door zoekmachines en niet kan worden bekeken door mensen die je niet van tevoren vertrouwd. De sterkste bescherming tegen het verzamelen van bedrijfsgegevens is om jouw gegevens waar mogelijk te versleutelen of te verdoezelen, waardoor het voor verschillende providers moeilijk wordt om gegevens met elkaar te correleren en een profiel op je op te bouwen.
## Beperking van publieke informatie
diff --git a/i18n/nl/basics/email-security.md b/i18n/nl/basics/email-security.md
index 4057ef9a..5f0eb92b 100644
--- a/i18n/nl/basics/email-security.md
+++ b/i18n/nl/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### Welke e-mailclients ondersteunen E2EE?
-E-mailproviders die je in staat stellen standaard toegangsprotocollen zoals IMAP en SMTP te gebruiken, kunnen worden gebruikt met elk van de [e-mailclients die wij aanbevelen](../email-clients.md). Afhankelijk van de authenticatiemethode kan dit leiden tot een verminderde veiligheid indien de provider of de e-mailclient OATH of een bridge-toepassing niet ondersteunt, aangezien [multifactor authenticatie](/basics/multi-factor-authentication/) niet mogelijk is met gewone wachtwoordauthenticatie.
+E-mailproviders die je in staat stellen standaard toegangsprotocollen zoals IMAP en SMTP te gebruiken, kunnen worden gebruikt met elk van de [e-mailclients die wij aanbevelen](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Hoe bescherm ik mijn private sleutels?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Het bericht wordt vervolgens door de smartcard ontsleuteld en de ontsleutelde inhoud wordt teruggestuurd naar het apparaat.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Overzicht e-mailmetagegevens
@@ -49,4 +49,4 @@ E-mail metadata wordt beschermd tegen externe waarnemers met [Opportunistic TLS]
### Waarom kan metadata niet E2EE zijn?
-E-mail metadata is van cruciaal belang voor de meest elementaire functionaliteit van e-mail (waar het vandaan komt, en waar het naartoe moet). E2EE was oorspronkelijk niet in de e-mailprotocollen ingebouwd; in plaats daarvan was extra software zoals OpenPGP nodig. Omdat OpenPGP-berichten nog steeds met traditionele e-mailproviders moeten werken, kan het niet de metagegevens van e-mail versleutelen, alleen de inhoud van het bericht zelf. Dat betekent dat zelfs wanneer OpenPGP wordt gebruikt, externe waarnemers veel informatie over jouw berichten kunnen zien, zoals wie je e-mailt, de onderwerpregels, wanneer je e-mailt, enz.
+E-mail metadata is van cruciaal belang voor de meest elementaire functionaliteit van e-mail (waar het vandaan komt, en waar het naartoe moet). E2EE was oorspronkelijk niet in de e-mailprotocollen ingebouwd; in plaats daarvan was extra software zoals OpenPGP nodig. Omdat OpenPGP-berichten nog steeds met traditionele e-mailproviders moeten werken, kan het niet de metagegevens van e-mail versleutelen, alleen de inhoud van het bericht zelf. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/nl/basics/hardware.md b/i18n/nl/basics/hardware.md
index 2abade67..a4db9d83 100644
--- a/i18n/nl/basics/hardware.md
+++ b/i18n/nl/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/nl/basics/multi-factor-authentication.md b/i18n/nl/basics/multi-factor-authentication.md
index 8037bb13..42420be5 100644
--- a/i18n/nl/basics/multi-factor-authentication.md
+++ b/i18n/nl/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multifactorauthenticatie"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is een cruciaal beveiligingsmechanisme voor de beveiliging van jouw online accounts, maar sommige methoden zijn sterker dan andere.
---
-**Multifactorauthenticatie** is een beveiligingsmechanisme dat extra stappen vereist naast het invoeren van jouw gebruikersnaam (of e-mail) en wachtwoord. De meest gebruikelijke methode zijn codes met tijdsbeperking die je via sms of een app kunt ontvangen.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. De meest gebruikelijke methode zijn codes met tijdsbeperking die je via sms of een app kunt ontvangen.
Als een hacker (of tegenstander) jouw wachtwoord weet te achterhalen, krijgt hij toegang tot de account waar dat wachtwoord bij hoort. Een account met MFA dwingt de hacker om zowel het wachtwoord te hebben (iets wat je *weet*) als een apparaat dat je bezit (iets wat je *hebt*), zoals je telefoon.
@@ -32,7 +32,7 @@ De beveiliging van push notification MFA is afhankelijk van zowel de kwaliteit v
### Time-based One-time Password (TOTP)
-TOTP is een van de meest voorkomende vormen van MFB. Wanneer je TOTP instelt, moet je over het algemeen een [QR-code](https://en.wikipedia.org/wiki/QR_code) scannen die een "[gedeeld geheim](https://en.wikipedia.org/wiki/Shared_secret)" tot stand brengt met de dienst die je van plan bent te gebruiken. Het gedeelde geheim is beveiligd in de gegevens van de authenticator-app, en is soms beveiligd met een wachtwoord.
+TOTP is een van de meest voorkomende vormen van MFB. Wanneer je TOTP instelt, moet je over het algemeen een [QR-code](https://en.wikipedia.org/wiki/QR_code) scannen die een "[gedeeld geheim](https://en.wikipedia.org/wiki/Shared_secret)" tot stand brengt met de dienst die je van plan bent te gebruiken. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
De in de tijd beperkte code wordt dan afgeleid van het gedeelde geheim en de huidige tijd. Aangezien de code slechts korte tijd geldig is, kan een adversair zonder toegang tot het gedeelde geheim geen nieuwe codes genereren.
@@ -94,7 +94,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 en WebAuthn hebben superieure beveiligings- en privacy-eigenschappen in vergelijking met andere MFA-methoden.
-Typisch voor webdiensten wordt het gebruikt met WebAuthn dat deel uitmaakt van de [W3C aanbevelingen](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Het gebruikt publieke sleutelauthenticatie en is veiliger dan gedeelde geheimen die worden gebruikt in de Yubico OTP- en TOTP-methoden, omdat het de oorsprongsnaam (gewoonlijk de domeinnaam) bij de authenticatie betrekt. Attestatie wordt verstrekt om je te beschermen tegen phishing-aanvallen, aangezien het je helpt vast te stellen dat je de authentieke dienst gebruikt en niet een namaakkopie.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Het gebruikt publieke sleutelauthenticatie en is veiliger dan gedeelde geheimen die worden gebruikt in de Yubico OTP- en TOTP-methoden, omdat het de oorsprongsnaam (gewoonlijk de domeinnaam) bij de authenticatie betrekt. Attestatie wordt verstrekt om je te beschermen tegen phishing-aanvallen, aangezien het je helpt vast te stellen dat je de authentieke dienst gebruikt en niet een namaakkopie.
In tegenstelling tot Yubico OTP, gebruikt WebAuthn geen publieke ID, dus de sleutel is **niet** identificeerbaar over verschillende websites. Het maakt ook geen gebruik van een cloud server van derden voor verificatie. Alle communicatie vindt plaats tussen de sleutel en de website waarop je inlogt. FIDO gebruikt ook een teller die bij gebruik wordt opgehoogd om hergebruik van sessies en gekloonde sleutels te voorkomen.
@@ -140,17 +140,17 @@ Als je SMS MFA gebruikt, gebruik dan een provider die jouw telefoonnummer niet z
## Meer plaatsen om MFA op te zetten
-Naast het beveiligen van jouw website logins, kan multifactor authenticatie ook worden gebruikt om jouw lokale logins, SSH sleutels of zelfs wachtwoord databases te beveiligen.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS heeft [native ondersteuning](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) voor authenticatie met smartcards (PIV). Indien je een smartcard of een hardware beveiligingssleutel heeft die de PIV interface ondersteunt, zoals de YubiKey, raden wij je aan om de documentatie van jouw smartcard/hardware beveiligingsleverancier te volgen en tweede factor authenticatie voor jouw macOS computer in te stellen.
+macOS heeft [native ondersteuning](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) voor authenticatie met smartcards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico heeft een handleiding voor [het gebruik van je YubiKey als een smartcard in macOS](https://support.yubico.com/hc/articles/360016649059) die je kan helpen bij het instellen van je YubiKey op macOS.
-Nadat jouw smartcard/security key is ingesteld, raden wij je aan dit commando in de Terminal uit te voeren:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
@@ -200,4 +200,4 @@ SSH MFA kan ook worden ingesteld met TOTP. DigitalOcean heeft een tutorial besch
### KeePass (en KeePassXC)
-KeePass en KeePassXC databases kunnen worden beveiligd met Challenge-Response of HOTP als een tweede-factor authenticatie. Yubico heeft een document verstrekt voor KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) en er is er ook een op de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico heeft een document verstrekt voor KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) en er is er ook een op de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/nl/basics/passwords-overview.md b/i18n/nl/basics/passwords-overview.md
index 46b6080a..b4657fb5 100644
--- a/i18n/nl/basics/passwords-overview.md
+++ b/i18n/nl/basics/passwords-overview.md
@@ -24,7 +24,7 @@ Al onze [aanbevolen wachtwoordmanagers](../passwords.md) bevatten een ingebouwde
Wachtwoorden die je moet onthouden (zoals het hoofdwachtwoord van jouw wachtwoordmanager) moet je niet te vaak veranderen, tenzij je reden hebt om aan te nemen dat ze gecompromitteerd zijn, omdat je door ze te vaak te veranderen het risico loopt ze te vergeten.
-Als het gaat om wachtwoorden die je niet hoeft te onthouden (zoals wachtwoorden die zijn opgeslagen in jouw wachtwoordmanager), adviseren wij, als jouw [dreigingsmodel](threat-modeling.md) daarom vraagt, belangrijke accounts door te nemen (vooral accounts die geen multi-factor authenticatie gebruiken) en hun wachtwoord om de paar maanden te wijzigen, voor het geval ze zijn gecompromitteerd in een datalek dat nog niet openbaar is geworden. Bij de meeste wachtwoordmanagers kunt u een vervaldatum voor uw wachtwoord instellen om dit gemakkelijker te beheren.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Bij de meeste wachtwoordmanagers kunt u een vervaldatum voor uw wachtwoord instellen om dit gemakkelijker te beheren.
Checking for data breaches
@@ -54,13 +54,13 @@ Volg deze stappen om een diceware passphrase te genereren met echte dobbelstenen
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Andere woordenlijsten kunnen meer of minder rollen per woord vereisen, en kunnen een ander aantal woorden nodig hebben om dezelfde entropie te bereiken.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Gooi vijf keer met een zeszijdige dobbelsteen en noteer het getal na elke worp.
-2. Laten we bijvoorbeeld zeggen dat u `2-5-2-6-6`heeft gerold. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. Laten we bijvoorbeeld zeggen dat u `2-5-2-6-6`heeft gerold. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. U vindt het woord `gecodeerd`. Schrijf dat woord op.
@@ -75,25 +75,25 @@ Je moet **niet** opnieuw woorden rollen totdat je een combinatie van woorden kri
Als je geen toegang hebt tot of liever geen echte dobbelstenen gebruikt, kunt je de ingebouwde wachtwoordgenerator van jouw wachtwoord manager gebruiken, omdat de meeste daarvan de optie hebben om naast gewone wachtwoorden ook diceware wachtwoord zinnen te genereren.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. Er zijn ook [andere woordenlijsten in verschillende talen](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), als u niet wilt dat uw wachtwoord in het Engels is.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
Gemiddeld duurt het proberen van 50% van alle mogelijke combinaties om uw zin te raden. Met dat in gedachten, zelfs als uw tegenstander in staat is tot ~1.000.000.000.000 raden per seconde, zou het hem nog steeds ~27.255.689 jaar kosten om uw wachtwoord te raden. Zelfs als de volgende dingen waar zijn:
- Je tegenstander weet dat je de diceware-methode hebt gebruikt.
-- Je tegenstander kent de specifieke woordenlijst die je gebruikt hebt.
+- Your adversary knows the specific word list that you used.
- Jouw tegenstander weet hoeveel woorden jouw wachtwoord bevat.
@@ -113,7 +113,7 @@ Er zijn veel goede opties om uit te kiezen, zowel cloud-gebaseerd als lokaal. Ki
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Het opslaan van jouw TOTP-tokens op dezelfde plaats als jouw wachtwoorden is weliswaar handig, maar beperkt de accounts tot één factor in het geval dat een tegenstander toegang krijgt tot jouw wachtwoord manager.
diff --git a/i18n/nl/basics/threat-modeling.md b/i18n/nl/basics/threat-modeling.md
index 7e2795c6..9af3e559 100644
--- a/i18n/nl/basics/threat-modeling.md
+++ b/i18n/nl/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Om na te gaan wat er zou kunnen gebeuren met de dingen die je waardeert en om te
Om deze vraag te beantwoorden, is het belangrijk na te gaan wie je of jouw informatie als doelwit zou willen gebruiken. ==Een persoon of entiteit die een bedreiging vormt voor jouw bezittingen is een "tegenstander".== Voorbeelden van potentiële tegenstanders zijn jouw baas, jouw voormalige partner, jouw zakelijke concurrentie, jouw regering, of een hacker op een openbaar netwerk.
-*Maak een lijst van jouw tegenstanders, of van degenen die jouw bezittingen in handen zouden willen krijgen. Jouw lijst kan personen, een overheidsinstantie of bedrijven omvatten.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Jouw lijst kan personen, een overheidsinstantie of bedrijven omvatten.*
Afhankelijk van wie je tegenstanders zijn, is deze lijst misschien iets dat je wilt vernietigen nadat je klaar bent met het ontwikkelen van je bedreigingsmodel.
diff --git a/i18n/nl/browser-extensions.md b/i18n/nl/browser-extensions.md
index cb19cfbd..89aeafd2 100644
--- a/i18n/nl/browser-extensions.md
+++ b/i18n/nl/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/nl/calendar.md b/i18n/nl/calendar.md
index 7475950b..5b2b5b56 100644
--- a/i18n/nl/calendar.md
+++ b/i18n/nl/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Meerdere kalenders en uitgebreide functionaliteit voor delen zijn beperkt tot betalende abonnees.
diff --git a/i18n/nl/cloud.md b/i18n/nl/cloud.md
index 0e2d7472..4e9dbc89 100644
--- a/i18n/nl/cloud.md
+++ b/i18n/nl/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Moet end-to-end encryptie afdwingen.
- Moet een gratis plan of proefperiode aanbieden om te testen.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Moet een webinterface bieden die basisfuncties voor bestandsbeheer ondersteunt.
- Moet gemakkelijke export van alle bestanden/documenten mogelijk maken.
diff --git a/i18n/nl/cryptocurrency.md b/i18n/nl/cryptocurrency.md
index 8ca7fd1c..3df2c0f0 100644
--- a/i18n/nl/cryptocurrency.md
+++ b/i18n/nl/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/nl/data-broker-removals.md b/i18n/nl/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/nl/data-broker-removals.md
+++ b/i18n/nl/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/nl/desktop-browsers.md b/i18n/nl/desktop-browsers.md
index 3e5c7c04..1a4c0916 100644
--- a/i18n/nl/desktop-browsers.md
+++ b/i18n/nl/desktop-browsers.md
@@ -109,7 +109,7 @@ Dit is nodig om geavanceerde vormen van tracking te voorkomen, maar gaat wel ten
### Mullvad Leta
-Mullvad Browser wordt geleverd met DuckDuckGo ingesteld als de standaard [zoekmachine](search-engines.md), maar het komt ook voorgeïnstalleerd met **Mullvad Leta**, een zoekmachine die een actief Mullvad VPN-abonnement vereist om toegang te krijgen. Mullvad Leta raadpleegt de betaalde zoek API van Google direct en is daarom beperkt tot het betalen van abonnees. Door deze beperking is het echter mogelijk voor Mullvad om zoekopdrachten en Mullvad VPN-accounts te correleren. Daarom raden wij het gebruik van Mullvad Leta af, ook al verzamelt Mullvad zeer weinig informatie over hun VPN-abonnees.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta raadpleegt de betaalde zoek API van Google direct en is daarom beperkt tot het betalen van abonnees. Door deze beperking is het echter mogelijk voor Mullvad om zoekopdrachten en Mullvad VPN-accounts te correleren. Daarom raden wij het gebruik van Mullvad Leta af, ook al verzamelt Mullvad zeer weinig informatie over hun VPN-abonnees.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox stuurt ons gegevens over jouw Firefox-versie en -taal; besturingssysteem van het apparaat en hardwareconfiguratie; geheugen, basisinformatie over crashes en fouten; resultaat van geautomatiseerde processen zoals updates, veilig browsen en activering. Wanneer Firefox gegevens naar ons verzendt, wordt uw IP-adres tijdelijk verzameld als onderdeel van onze serverlogs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open jouw [profielinstellingen op accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Schakel **Gegevensverzameling en -gebruik uit** > **Help Firefox-accounts verbeteren**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Schakel HTTPS-only modus in alle vensters in**
-Dit voorkomt dat je onbedoeld verbinding maakt met een website in platte HTTP-tekst. Sites zonder HTTPS zijn tegenwoordig zeldzaam, dus dit zou weinig tot geen impact moeten hebben op jouw dagelijkse browsen.
+Dit voorkomt dat je onbedoeld verbinding maakt met een website in platte HTTP-tekst. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/nl/desktop.md b/i18n/nl/desktop.md
index c3ed7f5f..e67af42f 100644
--- a/i18n/nl/desktop.md
+++ b/i18n/nl/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is een onafhankelijke distributie gebaseerd op de Nix pakketbeheerder met
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/nl/device-integrity.md b/i18n/nl/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/nl/device-integrity.md
+++ b/i18n/nl/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/nl/dns.md b/i18n/nl/dns.md
index 1f32324c..f50dccb4 100644
--- a/i18n/nl/dns.md
+++ b/i18n/nl/dns.md
@@ -75,7 +75,7 @@ AdGuard Home beschikt over een vriendelijke webinterface om inzicht te krijgen e
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Versleutelde DNS-proxy software biedt een lokale proxy voor de [onversleutelde D
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/nl/document-collaboration.md b/i18n/nl/document-collaboration.md
index 2f61482a..12799542 100644
--- a/i18n/nl/document-collaboration.md
+++ b/i18n/nl/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte project in deze categorie. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/nl/email-aliasing.md b/i18n/nl/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/nl/email-aliasing.md
+++ b/i18n/nl/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/nl/email.md b/i18n/nl/email.md
index 66b07ecd..4873f4b1 100644
--- a/i18n/nl/email.md
+++ b/i18n/nl/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is een e-maildienst met focus op privacy, encryptie, veiligheid en gebruiksgemak. They have been in operation since 2013. Proton AG is gevestigd in Genève, Zwitserland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is een e-maildienst met focus op privacy, encryptie, veiligheid en gebruiksgemak. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepteert](https://proton.me/support/payment-options) contant geld
#### :material-check:{ .pg-green } Accountbeveiliging
-Proton Mail ondersteunt TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) en [hardware security keys](https://proton.me/support/2fa-security-key) met behulp van FIDO2 of U2F standaarden. Voor het gebruik van een hardware beveiligingssleutel moet eerst TOTP tweefactorauthenticatie worden ingesteld.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Gegevensbeveiliging
@@ -117,7 +117,7 @@ Als je een betaald account hebt en je na 14 dagen [niet je rekening hebt betaald
#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail heeft geen digitale erfenis functie.
@@ -127,7 +127,7 @@ Proton Mail heeft geen digitale erfenis functie.
{ align=right }
-**Mailbox.org** is een e-maildienst gericht op veiligheid, is reclamevrij en wordt 100% mogelijk gemaakt door milieuvriendelijke energie. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is een e-maildienst gericht op veiligheid, is reclamevrij en wordt 100% mogelijk gemaakt door milieuvriendelijke energie. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Privé betaalmethoden
-Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Accountbeveiliging
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund.
#### :material-information-outline:{ .pg-blue } Gegevensbeveiliging
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Extra functionaliteit
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Hun webmail interface is echter niet toegankelijk via hun .onion dienst en kan je te maken krijgen met TLS-certificaatfouten.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org ondersteunt ook [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) naast standaard toegangsprotocollen zoals IMAP en POP3.
@@ -195,7 +195,7 @@ Deze providers slaan je e-mails op met zero-knowledge encryptie, waardoor ze gew
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Privé betaalmethodes
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Accountbeveiliging
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Gegevensbeveiliging
@@ -297,7 +297,7 @@ Wij beschouwen deze kenmerken als belangrijk om een veilige en optimale dienst t
**Minimum om in aanmerking te komen:**
- Versleutelt e-mail accountgegevens in rust met zero-access encryptie.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Sta gebruikers toe hun eigen [domeinnaam te gebruiken](https://en.wikipedia.org/wiki/Domain_name). Aangepaste domeinnamen zijn belangrijk voor gebruikers omdat ze zo hun agentschap van de dienst kunnen behouden, mocht het slecht aflopen of overgenomen worden door een ander bedrijf dat privacy niet hoog in het vaandel heeft staan.
- Werkt op eigen infrastructuur, d.w.z. niet gebaseerd op e-mail service providers van derden.
diff --git a/i18n/nl/encryption.md b/i18n/nl/encryption.md
index a477aecf..e7817661 100644
--- a/i18n/nl/encryption.md
+++ b/i18n/nl/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is een vork van het beëindigde TrueCrypt-project. Volgens de ontwikke
Bij het versleutelen met VeraCrypt heb je de keuze uit verschillende [hashfuncties](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Wij raden je aan **alleen** [SHA-512](https://en.wikipedia.org/wiki/SHA-512) te selecteren en vast te houden aan het [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) blokcijfer.
-Truecrypt is [een aantal keer gecontroleerd](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), en VeraCrypt is ook [apart gecontroleerd](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form
{ align=right }
-**FileVault** is de in macOS ingebouwde oplossing voor volumeversleuteling tijdens het filteren. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is de in macOS ingebouwde oplossing voor volumeversleuteling tijdens het filteren. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/nl/file-sharing.md b/i18n/nl/file-sharing.md
index 1531034a..878e202e 100644
--- a/i18n/nl/file-sharing.md
+++ b/i18n/nl/file-sharing.md
@@ -13,7 +13,7 @@ Ontdek hoe je jouw bestanden privé kunt delen tussen jouw apparaten, met jouw v
## Bestanden Delen
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/nl/frontends.md b/i18n/nl/frontends.md
index 6d618496..10c4f275 100644
--- a/i18n/nl/frontends.md
+++ b/i18n/nl/frontends.md
@@ -251,7 +251,7 @@ LibreTube blokkeert standaard alle YouTube-advertenties. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/nl/index.md b/i18n/nl/index.md
index 919514a9..a502c248 100644
--- a/i18n/nl/index.md
+++ b/i18n/nl/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is gevestigd in Genève, Zwitserland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/nl/meta/brand.md b/i18n/nl/meta/brand.md
index 7d434167..1026eefa 100644
--- a/i18n/nl/meta/brand.md
+++ b/i18n/nl/meta/brand.md
@@ -12,7 +12,7 @@ De naam van de website is **Privacy Guides** en moet **niet** worden veranderd i
- PG.org
-De naam van de subreddit is **r/PrivacyGuides** of **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Aanvullende merkrichtlijnen zijn te vinden op [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/nl/meta/translations.md b/i18n/nl/meta/translations.md
index 9c7838a8..cab9f51d 100644
--- a/i18n/nl/meta/translations.md
+++ b/i18n/nl/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/nl/meta/uploading-images.md b/i18n/nl/meta/uploading-images.md
index 00225c0b..c58f1a2f 100644
--- a/i18n/nl/meta/uploading-images.md
+++ b/i18n/nl/meta/uploading-images.md
@@ -48,7 +48,7 @@ In het tabblad **SVG-uitvoer** onder **Documentopties**:
- [ ] Schakel **Verwijder de XML declaratie** uit
- [x] Zet **Metadata verwijderen** aan
- [x] Schakel **Reacties verwijderen** in
-- [x] Schakel **ingevoegde rasterafbeeldingen** in
+- [x] Turn on **Embedded raster images**
- [x] Zet **'viewboxen' aan**
In de **SVG Output** onder **Pretty-printing**:
diff --git a/i18n/nl/meta/writing-style.md b/i18n/nl/meta/writing-style.md
index da8ad0f1..d7134cad 100644
--- a/i18n/nl/meta/writing-style.md
+++ b/i18n/nl/meta/writing-style.md
@@ -64,7 +64,7 @@ We moeten proberen afkortingen waar mogelijk te vermijden, maar de technologie z
## Wees beknopt
-> Onnodige woorden verspillen de tijd van je publiek. Goed schrijven is als een gesprek. Laat informatie weg die het publiek niet hoeft te weten. Dit kan moeilijk zijn als een expert op het gebied van onderwerpen, dus het is belangrijk dat iemand naar de informatie kijkt vanuit het perspectief van het publiek.
+> Onnodige woorden verspillen de tijd van je publiek. Goed schrijven is als een gesprek. Laat informatie weg die het publiek niet hoeft te weten. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/nl/mobile-browsers.md b/i18n/nl/mobile-browsers.md
index 21c5b10e..a874d843 100644
--- a/i18n/nl/mobile-browsers.md
+++ b/i18n/nl/mobile-browsers.md
@@ -247,7 +247,7 @@ Dit voorkomt dat je onbedoeld verbinding maakt met een website in platte HTTP-te
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is de standaardbrowser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is de standaardbrowser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari en tik op de knop Tabbladen, rechtsonder. Then, expand the :material
- [x] Selecteer **Privé**
-Safari's Privénavigatie modus biedt extra bescherming van de privacy. Private Browsing gebruikt een nieuwe [kortstondige](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) sessie voor elk tabblad, wat betekent dat tabbladen van elkaar geïsoleerd zijn. Als er een [kwetsbaarheid is in uBlock Origin](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) kan een filter van een derde partij kwaadaardige regels toevoegen die mogelijk gebruikersgegevens kunnen stelen.
+Safari's Privénavigatie modus biedt extra bescherming van de privacy. Private Browsing gebruikt een nieuwe [kortstondige](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) sessie voor elk tabblad, wat betekent dat tabbladen van elkaar geïsoleerd zijn. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Dit kan een ongemak zijn.
diff --git a/i18n/nl/multi-factor-authentication.md b/i18n/nl/multi-factor-authentication.md
index 5db87dcc..6628e4f7 100644
--- a/i18n/nl/multi-factor-authentication.md
+++ b/i18n/nl/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multifactor-authenticatie"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/nl/notebooks.md b/i18n/nl/notebooks.md
index f821843c..7e9c1838 100644
--- a/i18n/nl/notebooks.md
+++ b/i18n/nl/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Dienstverleners](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Houd jouw notities en aantekeningen bij zonder ze aan derden te geven.
+Keep track of your notes and journals without giving them to a third party.
Als je momenteel een toepassing zoals Evernote, Google Keep of Microsoft OneNote gebruikt, raden wij je aan hier een alternatief te kiezen dat E2EE ondersteunt.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is een gratis, open-source, en volledig uitgeruste applicatie voor het maken van notities en to-do's die een groot aantal markdown notities kan verwerken, georganiseerd in notitieblokken en tags. Het biedt E2EE en kan synchroniseren via Nextcloud, Dropbox, en meer. Het biedt ook een gemakkelijke import vanuit Evernote en notities in gewone tekst.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Het biedt E2EE en kan synchroniseren via Nextcloud, Dropbox, en meer. Het biedt ook een gemakkelijke import vanuit Evernote en notities in gewone tekst.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee biedt gratis 100MB opslag, met betaalde opties als je meer nodig hebt. Aanmelden vereist geen e-mail of andere persoonlijk identificeerbare informatie.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Aanmelden vereist geen e-mail of andere persoonlijk identificeerbare informatie.
## Lokale notitieblokken
diff --git a/i18n/nl/os/android-overview.md b/i18n/nl/os/android-overview.md
index d90f096e..7dc0a8e5 100644
--- a/i18n/nl/os/android-overview.md
+++ b/i18n/nl/os/android-overview.md
@@ -84,7 +84,7 @@ Als een app vooral een webdienst is, kan de tracking aan de serverzijde plaatsvi
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Deze bibliotheek bevat [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) die [pushmeldingen](https://en.wikipedia.org/wiki/Push_technology) in apps kan bieden. Dit [is het geval](https://fosstodon.org/@bitwarden/109636825700482007) met Bitwarden. Dat betekent niet dat Bitwarden alle analysefuncties gebruikt die Google Firebase Analytics biedt.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Deze bibliotheek bevat [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) die [pushmeldingen](https://en.wikipedia.org/wiki/Push_technology) in apps kan bieden. Dit [is het geval](https://fosstodon.org/@bitwarden/109636825700482007) met Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. Deze functie kan lekken voorkomen als de VPN wordt verbroken. Het kan gevonden worden in :gear: **Instellingen** → **Netwerk & internet** → **VPN** → :gear: → **Blokkeer verbindingen zonder VPN**.
@@ -124,7 +124,7 @@ Moderne Android-toestellen hebben globale toggles voor het uitschakelen van Blue
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We raden nog steeds aan om Google diensten volledig te vermijden, of om Google Play diensten te beperken tot een specifiek gebruiker/werkprofiel door een apparaatcontroller zoals *Shelter* te combineren met GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Geavanceerd beschermingsprogramma
diff --git a/i18n/nl/os/ios-overview.md b/i18n/nl/os/ios-overview.md
index 831036b8..080b0fff 100644
--- a/i18n/nl/os/ios-overview.md
+++ b/i18n/nl/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/nl/os/linux-overview.md b/i18n/nl/os/linux-overview.md
index f5fa21a6..75555ea3 100644
--- a/i18n/nl/os/linux-overview.md
+++ b/i18n/nl/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Onze Linux-aanbevelingen :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Opmerkingen
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Vermijd telemetrie die vaak gepaard gaat met propriëtaire besturingssystemen
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ Wij geloven niet dat het een goed idee is om pakketten tegen te houden en tussen
Traditioneel worden Linux distributies bijgewerkt door sequentieel de gewenste pakketten bij te werken. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### "Beveiligingsgerichte" distributies
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Schijfversleuteling
-De meeste Linux-distributies hebben een optie in het installatieprogramma om [LUKS](../encryption.md#linux-unified-key-setup) FDE in te schakelen. Als deze optie niet is ingesteld tijdens de installatie, zult je een back-up van jouw gegevens moeten maken en opnieuw moeten installeren, aangezien de versleuteling wordt toegepast na [schijfpartitionering](https://en.wikipedia.org/wiki/Disk_partitioning), maar voordat [bestandssystemen](https://en.wikipedia.org/wiki/File_system) worden geformatteerd. We raden je ook aan jouw opslagapparaat veilig te wissen:
+De meeste Linux-distributies hebben een optie in het installatieprogramma om [LUKS](../encryption.md#linux-unified-key-setup) FDE in te schakelen. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We raden je ook aan jouw opslagapparaat veilig te wissen:
- [Veilig wissen van gegevens :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ Er zijn andere systeemidentifiers waar u misschien voorzichtig mee moet zijn. Je
Het Fedora Project [telt](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) hoeveel unieke systemen toegang hebben tot zijn spiegels door gebruik te maken van een [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variabele in plaats van een uniek ID. Fedora doet dit om de belasting te bepalen en waar nodig betere servers voor updates te voorzien.
-Deze [optie](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) staat momenteel standaard uit. We raden aan om `countme=false` toe te voegen aan `/etc/dnf/dnf.conf` voor het geval het in de toekomst wordt ingeschakeld. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+Deze [optie](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) staat momenteel standaard uit. We raden aan om `countme=false` toe te voegen aan `/etc/dnf/dnf.conf` voor het geval het in de toekomst wordt ingeschakeld. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/nl/os/macos-overview.md b/i18n/nl/os/macos-overview.md
index 209d0fb7..0844da76 100644
--- a/i18n/nl/os/macos-overview.md
+++ b/i18n/nl/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is een Unix besturingssysteem ontwikkeld door Apple voor hun Mac computers. Om de privacy op macOS te verbeteren, kun je telemetry functies uitschakelen en bestaande privacy-en beveiligingsinstellingen aanscherpen.
-Oudere op Intel-gebaseerde Macs en Hackintoshes ondersteunen niet alle beveiligingsfuncties die macOS biedt. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Oudere op Intel-gebaseerde Macs en Hackintoshes ondersteunen niet alle beveiligingsfuncties die macOS biedt. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Opmerkingen
@@ -14,7 +14,7 @@ Er zijn enkele opmerkelijke privacypunten met macOS die je zou moeten overwegen.
### Activatie vergrendeling
-Gloednieuwe Apple-siliconen kunnen zonder internetverbinding worden ingesteld. Maar het herstellen of opnieuw instellen van uw Mac vereist **een internetverbinding van** met de servers van Apple om te controleren tegen de Activeringsvergrendelingsdatabase van verloren of gestolen apparaten.
+Brand-new Apple Silicon devices can be set up without an internet connection. Maar het herstellen of opnieuw instellen van uw Mac vereist **een internetverbinding van** met de servers van Apple om te controleren tegen de Activeringsvergrendelingsdatabase van verloren of gestolen apparaten.
### App herroepingscontrole
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Back-ups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Bronnen
diff --git a/i18n/nl/os/windows/group-policies.md b/i18n/nl/os/windows/group-policies.md
index 1a0fd91b..c139567f 100644
--- a/i18n/nl/os/windows/group-policies.md
+++ b/i18n/nl/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/nl/os/windows/index.md b/i18n/nl/os/windows/index.md
index e0c8f3ea..8df8f8a1 100644
--- a/i18n/nl/os/windows/index.md
+++ b/i18n/nl/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Opmerkingen
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/nl/passwords.md b/i18n/nl/passwords.md
index 357f9fac..546610e1 100644
--- a/i18n/nl/passwords.md
+++ b/i18n/nl/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ Met deze opties kunt je een versleutelde wachtwoorddatabase lokaal beheren.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC slaat zijn exportgegevens op als [CSV](https://en.wikipedia.org/wiki/C
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/nl/photo-management.md b/i18n/nl/photo-management.md
index 235f9687..3d08cefd 100644
--- a/i18n/nl/photo-management.md
+++ b/i18n/nl/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Moet een gratis plan of proefperiode aanbieden om te testen.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Moet een webinterface bieden die basisfuncties voor bestandsbeheer ondersteunt.
- Moet gemakkelijke export van alle bestanden/documenten mogelijk maken.
- Moet open source zijn.
diff --git a/i18n/nl/real-time-communication.md b/i18n/nl/real-time-communication.md
index d4fdfee7..7b2c7903 100644
--- a/i18n/nl/real-time-communication.md
+++ b/i18n/nl/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/nl/router.md b/i18n/nl/router.md
index 2c7c542e..1d809f84 100644
--- a/i18n/nl/router.md
+++ b/i18n/nl/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is een op Linux gebaseerd besturingssysteem; het wordt voornamelijk gebruikt op embedded apparaten om netwerkverkeer te routeren. De belangrijkste onderdelen zijn de Linux kernel, util-linux, uClibc, en BusyBox. Alle componenten zijn geoptimaliseerd voor afmetingen, zodat ze klein genoeg zijn om in de beperkte opslagruimte en het beperkte geheugen van thuisrouters te passen.
+**OpenWrt** is een op Linux gebaseerd besturingssysteem; het wordt voornamelijk gebruikt op embedded apparaten om netwerkverkeer te routeren. De belangrijkste onderdelen zijn de Linux kernel, util-linux, uClibc, en BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentatie}
diff --git a/i18n/nl/security-keys.md b/i18n/nl/security-keys.md
index eb595105..4fafe1c0 100644
--- a/i18n/nl/security-keys.md
+++ b/i18n/nl/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/nl/tools.md b/i18n/nl/tools.md
index 99321bc0..19ac548f 100644
--- a/i18n/nl/tools.md
+++ b/i18n/nl/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is gevestigd in Genève, Zwitserland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Ze zijn sinds 2014 in bedrijf. Mailbox.org is gevestigd in Berlijn, Duitsland. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/nl/tor.md b/i18n/nl/tor.md
index 8fbee5dd..1c466d81 100644
--- a/i18n/nl/tor.md
+++ b/i18n/nl/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ Wij hebben eerder aanbevolen *Isolate Destination Address* in de Orbot instellin
Tips for Android
-Orbot kan individuele apps proxyen als ze SOCKS of HTTP proxying ondersteunen. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot kan individuele apps proxyen als ze SOCKS of HTTP proxying ondersteunen. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is vaak verouderd op de [F-Droid repository](https://guardianproject.info/fdroid) en [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) van het Guardian Project, dus overweeg in plaats daarvan direct te downloaden van de [GitHub repository](https://github.com/guardianproject/orbot/releases).
-Alle versies zijn ondertekend met dezelfde handtekening, zodat ze onderling compatibel zouden moeten zijn.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/nl/vpn.md b/i18n/nl/vpn.md
index 2d5bbfea..7080453a 100644
--- a/i18n/nl/vpn.md
+++ b/i18n/nl/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Privé VPN Service Aanbevelingen en Vergelijkingen, Geen Sponsors of Advertenties - Privacy Guides"
title: "VPN-diensten"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Vind hier een provider die er niet op uit is om je te bespioneren.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent toepassingen ondersteunen vaak de NAT-PMP volledig.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent toepassingen ondersteunen vaak de NAT-PMP volledig.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch-functie is kapot op Intel-gebaseerde Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobiele Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is een snelle en goedkope VPN met een serieuze focus op transparantie en veiligheid. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is een snelle en goedkope VPN met een serieuze focus op transparantie en veiligheid. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Het is belangrijk op te merken dat het gebruik van een VPN provider je niet anon
### Technologie
-Wij eisen dat al onze aanbevolen VPN-providers OpenVPN-configuratiebestanden leveren die in elke client kunnen worden gebruikt. **Als** een VPN met een eigen aangepaste client aanbiedt, is een killswitch vereist om het lekken van netwerkgegevens te blokkeren wanneer de verbinding wordt verbroken.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum om in aanmerking te komen:**
-- Ondersteuning voor sterke protocollen zoals WireGuard & OpenVPN.
-- Killswitch ingebouwd in clients.
-- Multihop ondersteuning. Multihopping is belangrijk om gegevens privé te houden in het geval van een compromittering door één knooppunt.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Beste geval:**
-- Killswitch met in hoge mate configureerbare opties (inschakelen/uitschakelen op bepaalde netwerken, bij opstarten, enz.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Gemakkelijk te gebruiken VPN-clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Wij verwachten dat servers inkomende verbindingen via IPv6 zullen toestaan en u toegang zullen verschaffen tot diensten die op IPv6-adressen worden gehost.
- De mogelijkheid van [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) helpt bij het maken van verbindingen bij het gebruik van P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software, Freenet, of het hosten van een server (bv. Mumble).
@@ -316,11 +316,11 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog
**Beste geval:**
- Accepteert meerdere [anonieme betalingsopties](advanced/payments.md).
-- Er wordt geen persoonlijke informatie geaccepteerd (automatisch gegenereerde gebruikersnaam, geen e-mail vereist, enz.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Veiligheid
-Een VPN is zinloos als het niet eens voldoende beveiliging kan bieden. Wij eisen van al onze aanbevolen providers dat zij zich houden aan de huidige beveiligingsstandaarden voor hun OpenVPN-verbindingen. Idealiter zouden zij standaard meer toekomstbestendige encryptiesystemen gebruiken. Wij eisen ook dat een onafhankelijke derde partij de beveiliging van de aanbieder controleert, idealiter op zeer uitgebreide wijze en herhaaldelijk (jaarlijks).
+Een VPN is zinloos als het niet eens voldoende beveiliging kan bieden. We require all our recommended providers to abide by current security standards. Idealiter zouden zij standaard meer toekomstbestendige encryptiesystemen gebruiken. Wij eisen ook dat een onafhankelijke derde partij de beveiliging van de aanbieder controleert, idealiter op zeer uitgebreide wijze en herhaaldelijk (jaarlijks).
**Minimum om in aanmerking te komen:**
@@ -358,7 +358,7 @@ Bij de VPN providers die wij aanbevelen zien wij graag verantwoorde marketing.
**Minimum om in aanmerking te komen:**
-- Moet zelf analytics hosten (d.w.z., geen Google Analytics). De site van de aanbieder moet ook voldoen aan [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) voor mensen die zich willen afmelden.
+- Moet zelf analytics hosten (d.w.z., geen Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Mag geen marketing hebben die onverantwoord is:
diff --git a/i18n/pl/about.md b/i18n/pl/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/pl/about.md
+++ b/i18n/pl/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/pl/about/contributors.md b/i18n/pl/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/pl/about/contributors.md
+++ b/i18n/pl/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/pl/about/criteria.md b/i18n/pl/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/pl/about/criteria.md
+++ b/i18n/pl/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/pl/about/executive-policy.md b/i18n/pl/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/pl/about/executive-policy.md
+++ b/i18n/pl/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/pl/about/notices.md b/i18n/pl/about/notices.md
index 570b488d..56c78e67 100644
--- a/i18n/pl/about/notices.md
+++ b/i18n/pl/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Uważamy, że loga i inne obrazy w `zasobach` pozyskanych od zewnętrznych dostawców znajdują się w domenie publicznej lub zaliczają się do **dozwolonego użytku**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Jednakże te loga i inne obrazy mogą nadal podlegać prawom dotyczącym znaków towarowych w jednej lub kilku jurysdykcjach. Przed wykorzystaniem tych treści należy upewnić się, że służą one identyfikacji podmiotu lub organizacji będącej właścicielem znaku towarowego oraz że masz prawo do ich wykorzystania zgodnie z przepisami prawa, które mają zastosowanie w okolicznościach zamierzonego wykorzystania. *Kopiując treści z tej strony internetowej ponosisz wyłączną odpowiedzialność za zapewnienie, że nie naruszasz cudzego znaku towarowego lub prawa autorskiego.*
+Uważamy, że loga i inne obrazy w `zasobach` pozyskanych od zewnętrznych dostawców znajdują się w domenie publicznej lub zaliczają się do **dozwolonego użytku**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Jednakże te loga i inne obrazy mogą nadal podlegać prawom dotyczącym znaków towarowych w jednej lub kilku jurysdykcjach. Przed wykorzystaniem tych treści należy upewnić się, że służą one identyfikacji podmiotu lub organizacji będącej właścicielem znaku towarowego oraz że masz prawo do ich wykorzystania zgodnie z przepisami prawa, które mają zastosowanie w okolicznościach zamierzonego wykorzystania. *Kopiując treści z tej strony internetowej ponosisz wyłączną odpowiedzialność za zapewnienie, że nie naruszasz cudzego znaku towarowego lub prawa autorskiego.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/pl/about/privacytools.md b/i18n/pl/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/pl/about/privacytools.md
+++ b/i18n/pl/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/pl/about/statistics.md b/i18n/pl/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/pl/about/statistics.md
+++ b/i18n/pl/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/pl/advanced/communication-network-types.md b/i18n/pl/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/pl/advanced/communication-network-types.md
+++ b/i18n/pl/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/pl/advanced/dns-overview.md b/i18n/pl/advanced/dns-overview.md
index 79771833..5c0e5ed3 100644
--- a/i18n/pl/advanced/dns-overview.md
+++ b/i18n/pl/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## Co to jest DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
Najprostszym sposobem na określenie aktywności przeglądania może być sprawdzenie adresów IP, z którymi łączą się Twoje urządzenia. Na przykład, jeśli obserwator wie, że `privacyguides.org` znajduje się pod adresem `198.98.54.105`, a Twoje urządzenie pobiera dane z adresu `198.98.54.105`, istnieje duże prawdopodobieństwo, że odwiedzasz witrynę Privacy Guides.
-Ta metoda jest użyteczna tylko wtedy, gdy adres IP należy do serwera, na którym znajduje się tylko kilka stron internetowych. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+Ta metoda jest użyteczna tylko wtedy, gdy adres IP należy do serwera, na którym znajduje się tylko kilka stron internetowych. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Lista polecanych serwerów DNS](../dns.md ""){.md-button}
diff --git a/i18n/pl/advanced/tor-overview.md b/i18n/pl/advanced/tor-overview.md
index d273bfb6..ef994fde 100644
--- a/i18n/pl/advanced/tor-overview.md
+++ b/i18n/pl/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/pl/ai-chat.md b/i18n/pl/ai-chat.md
index 03a8e5b5..4920160c 100644
--- a/i18n/pl/ai-chat.md
+++ b/i18n/pl/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/pl/alternative-networks.md b/i18n/pl/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/pl/alternative-networks.md
+++ b/i18n/pl/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/pl/android/general-apps.md b/i18n/pl/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/pl/android/general-apps.md
+++ b/i18n/pl/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/pl/basics/account-creation.md b/i18n/pl/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/pl/basics/account-creation.md
+++ b/i18n/pl/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/pl/basics/account-deletion.md b/i18n/pl/basics/account-deletion.md
index 8eab440c..d81d68e9 100644
--- a/i18n/pl/basics/account-deletion.md
+++ b/i18n/pl/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Dostawcy sieci VPN
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/pl/basics/common-misconceptions.md b/i18n/pl/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/pl/basics/common-misconceptions.md
+++ b/i18n/pl/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/pl/basics/common-threats.md b/i18n/pl/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/pl/basics/common-threats.md
+++ b/i18n/pl/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/pl/basics/email-security.md b/i18n/pl/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/pl/basics/email-security.md
+++ b/i18n/pl/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/pl/basics/hardware.md b/i18n/pl/basics/hardware.md
index ff19bfbd..01cdb0ba 100644
--- a/i18n/pl/basics/hardware.md
+++ b/i18n/pl/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/pl/basics/multi-factor-authentication.md b/i18n/pl/basics/multi-factor-authentication.md
index d6d035b2..6d53ab43 100644
--- a/i18n/pl/basics/multi-factor-authentication.md
+++ b/i18n/pl/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Uwierzytelnianie wieloskładnikowe"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Uwierzytelnianie wieloskładnikowe** to mechanizm zabezpieczeń, który wymaga dodatkowych czynności poza wprowadzeniem nazwy użytkownika (lub e-maila) oraz hasła. Najczęściej spotykaną metodą są ograniczone czasowo kody otrzymywane poprzez wiadomość SMS lub aplikację.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Najczęściej spotykaną metodą są ograniczone czasowo kody otrzymywane poprzez wiadomość SMS lub aplikację.
W większości przypadków, jeśli haker (lub przeciwnik) jest w stanie odgadnąć Twoje hasło, zyskuje on dostęp do konta, do którego to hasło należy. Konto z MFA zmusza hakera do posiadania zarówno hasła (coś co *wiesz*) oraz urządzenia, które posiadasz (coś co *masz*), takiego jak Twój telefon.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## Więcej miejsc do ustawienia MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/pl/basics/passwords-overview.md b/i18n/pl/basics/passwords-overview.md
index f4d89b31..58ec8e31 100644
--- a/i18n/pl/basics/passwords-overview.md
+++ b/i18n/pl/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/pl/basics/threat-modeling.md b/i18n/pl/basics/threat-modeling.md
index 6f69f8e8..5b60e797 100644
--- a/i18n/pl/basics/threat-modeling.md
+++ b/i18n/pl/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Aby określić, co może stać się z cennymi dla Ciebie rzeczami oraz ustalić,
Przed odpowiedzeniem na te pytania warto ustalić, kto może chcieć próbować dotrzeć do Ciebie lub Twoich danych. ==Osoba lub podmiot, który stanowi zagrożenie dla Twoich zasobów to "przeciwnik".== Przykładem potencjalnego przeciwnika może być Twój szef, były partner, konkurencja firmy, rząd kraju lub haker w publicznej sieci.
-*Sporządź listę swoich przeciwników lub podmiotów, którzy mogą chcieć uzyskać dostęp do Twoich zasobów. Twoja lista może zawierać osoby fizyczne, agencje rządowe lub korporacje.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Twoja lista może zawierać osoby fizyczne, agencje rządowe lub korporacje.*
W zależności od tego, kim są Twoi przeciwnicy, ta lista może być czymś, co chcesz zniszczyć po zakończeniu tworzenia modelu zagrożeń.
diff --git a/i18n/pl/browser-extensions.md b/i18n/pl/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/pl/browser-extensions.md
+++ b/i18n/pl/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/pl/calendar.md b/i18n/pl/calendar.md
index 01c9342b..67da4c5f 100644
--- a/i18n/pl/calendar.md
+++ b/i18n/pl/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Wiele kalendarzy oraz rozszerzone funkcje udostępniania są ograniczone do płatnych subskrybentów.
diff --git a/i18n/pl/cloud.md b/i18n/pl/cloud.md
index aa8c3e40..145708ed 100644
--- a/i18n/pl/cloud.md
+++ b/i18n/pl/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/pl/cryptocurrency.md b/i18n/pl/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/pl/cryptocurrency.md
+++ b/i18n/pl/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/pl/data-broker-removals.md b/i18n/pl/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/pl/data-broker-removals.md
+++ b/i18n/pl/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/pl/desktop-browsers.md b/i18n/pl/desktop-browsers.md
index d837af71..94bfecc7 100644
--- a/i18n/pl/desktop-browsers.md
+++ b/i18n/pl/desktop-browsers.md
@@ -109,7 +109,7 @@ Jest to wymagane, aby zapobiec zaawansowanym formom śledzenia, ale odbywa się
### Mullvad Leta
-Mullvad Browser jest dostarczany z DuckDuckGo ustawionym jako domyślna wyszukiwarka [](search-engines.md), ale jest również preinstalowany z wyszukiwarką **Mullvad Leta**, która wymaga aktywnej subskrypcji Mullvad VPN, aby uzyskać do niej dostęp. Mullvad Leta odpytuje bezpośrednio API płatnego wyszukiwania Google, dlatego jest ograniczona do płatnych subskrybentów. Jednak z powodu tego ograniczenia Mullvad może skorelować zapytania wyszukiwania i konta Mullvad VPN. Z tego powodu odradzamy korzystanie z Mullvad Leta, mimo że Mullvad zbiera bardzo mało informacji o swoich subskrybentach VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta odpytuje bezpośrednio API płatnego wyszukiwania Google, dlatego jest ograniczona do płatnych subskrybentów. Jednak z powodu tego ograniczenia Mullvad może skorelować zapytania wyszukiwania i konta Mullvad VPN. Z tego powodu odradzamy korzystanie z Mullvad Leta, mimo że Mullvad zbiera bardzo mało informacji o swoich subskrybentach VPN.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox wysyła o nas dane o wersji i języku Firefoksa, systemie operacyjnym urządzeniach i konfiguracji sprzętowej, pamięci, podstawowe informacje o awariach i błędach oraz wynikach zautomatyzowanych procesów, takich jak aktualizacje, bezpieczne przeglądanie i aktywacja. Gdy przeglądarka Firefox wysyła nasze dane, adres IP użytkownika jest tymczasowo gromadzony w dziennikach serwera.
-Ponadto usługa Mozilla Accounts gromadzi [pewne dane techniczne](https://mozilla.org/privacy/mozilla-accounts). Jeśli korzystasz z konta Firefox, możesz z tego zrezygnować:
+Ponadto usługa Mozilla Accounts gromadzi [pewne dane techniczne](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Otwórz ustawienia profilu [na accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Usuń zaznaczenie **Gromadzenie i wykorzystywanie danych** > **Pomóż ulepszyć konta Firefox**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-Zapobiega to niezamierzonemu łączeniu się z witryną internetową w postaci zwykłego tekstu HTTP. Witryny bez HTTPS są obecnie rzadkością, więc nie powinno to mieć żadnego wpływu na codzienne przeglądanie.
+Zapobiega to niezamierzonemu łączeniu się z witryną internetową w postaci zwykłego tekstu HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS przez HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/pl/desktop.md b/i18n/pl/desktop.md
index c92ea00b..fcd5e9ee 100644
--- a/i18n/pl/desktop.md
+++ b/i18n/pl/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/pl/device-integrity.md b/i18n/pl/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/pl/device-integrity.md
+++ b/i18n/pl/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/pl/dns.md b/i18n/pl/dns.md
index 62c2383e..4eddafd5 100644
--- a/i18n/pl/dns.md
+++ b/i18n/pl/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/pl/document-collaboration.md b/i18n/pl/document-collaboration.md
index ad1a0602..7b3f16be 100644
--- a/i18n/pl/document-collaboration.md
+++ b/i18n/pl/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/pl/email-aliasing.md b/i18n/pl/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/pl/email-aliasing.md
+++ b/i18n/pl/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/pl/email.md b/i18n/pl/email.md
index a697ec43..ab3848a4 100644
--- a/i18n/pl/email.md
+++ b/i18n/pl/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/pl/encryption.md b/i18n/pl/encryption.md
index 33282e7b..b0755ff5 100644
--- a/i18n/pl/encryption.md
+++ b/i18n/pl/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/pl/file-sharing.md b/i18n/pl/file-sharing.md
index b053aadd..eeaa657a 100644
--- a/i18n/pl/file-sharing.md
+++ b/i18n/pl/file-sharing.md
@@ -13,7 +13,7 @@ Dowiedz się, jak prywatnie udostępniać piki pomiędzy swoimi urządzeniami, z
## Udostępnianie plików
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/pl/frontends.md b/i18n/pl/frontends.md
index f127ea85..05ff5a9e 100644
--- a/i18n/pl/frontends.md
+++ b/i18n/pl/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/pl/index.md b/i18n/pl/index.md
index 2fc6f048..29806af2 100644
--- a/i18n/pl/index.md
+++ b/i18n/pl/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/pl/meta/brand.md b/i18n/pl/meta/brand.md
index 0974e7ee..0c23862d 100644
--- a/i18n/pl/meta/brand.md
+++ b/i18n/pl/meta/brand.md
@@ -12,7 +12,7 @@ Nazwa strony to **Privacy Guides** i **nie** powinna być zmieniana na:
- PG.org
-Nazwa subreddita to **r/PrivacyGuides** lub **Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Dodatkowe wytyczne dotyczące marki można znaleźć na stronie [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/pl/meta/translations.md b/i18n/pl/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/pl/meta/translations.md
+++ b/i18n/pl/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/pl/meta/uploading-images.md b/i18n/pl/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/pl/meta/uploading-images.md
+++ b/i18n/pl/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/pl/meta/writing-style.md b/i18n/pl/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/pl/meta/writing-style.md
+++ b/i18n/pl/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/pl/mobile-browsers.md b/i18n/pl/mobile-browsers.md
index 0c9ca465..554b2631 100644
--- a/i18n/pl/mobile-browsers.md
+++ b/i18n/pl/mobile-browsers.md
@@ -247,7 +247,7 @@ Zapobiega to niezamierzonemu łączeniu się z witryną internetową w postaci z
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/pl/multi-factor-authentication.md b/i18n/pl/multi-factor-authentication.md
index db09a068..c8ca78d9 100644
--- a/i18n/pl/multi-factor-authentication.md
+++ b/i18n/pl/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Uwierzytelnianie wieloskładnikowe"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/pl/notebooks.md b/i18n/pl/notebooks.md
index 2ec42af8..4ed92dfc 100644
--- a/i18n/pl/notebooks.md
+++ b/i18n/pl/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Prowadź swoje notatniki i dzienniki bez udostępniania ich stronom trzecim.
+Keep track of your notes and journals without giving them to a third party.
Jeśli obecnie używasz aplikacji, takiej jak Evernote, Google Keep lub Microsoft OneNote, sugerujemy, aby wybrać jedną z tych alternatyw, która obsługuje E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**EteSync Notes** to bezpieczna, szyfrowana od końca do końca i respektująca prywatność aplikacja do robienia notatek. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md
index 4399bff7..a92a1376 100644
--- a/i18n/pl/os/android-overview.md
+++ b/i18n/pl/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/pl/os/ios-overview.md b/i18n/pl/os/ios-overview.md
index 287ab034..e6325b55 100644
--- a/i18n/pl/os/ios-overview.md
+++ b/i18n/pl/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/pl/os/linux-overview.md b/i18n/pl/os/linux-overview.md
index 72c8d7a8..ffd0fc52 100644
--- a/i18n/pl/os/linux-overview.md
+++ b/i18n/pl/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/pl/os/macos-overview.md b/i18n/pl/os/macos-overview.md
index a0282691..ceded411 100644
--- a/i18n/pl/os/macos-overview.md
+++ b/i18n/pl/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Kopie zapasowe
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Źródła
diff --git a/i18n/pl/os/windows/group-policies.md b/i18n/pl/os/windows/group-policies.md
index 5ff4adb7..d826a507 100644
--- a/i18n/pl/os/windows/group-policies.md
+++ b/i18n/pl/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/pl/os/windows/index.md b/i18n/pl/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/pl/os/windows/index.md
+++ b/i18n/pl/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/pl/passwords.md b/i18n/pl/passwords.md
index 4b9661fd..1c763265 100644
--- a/i18n/pl/passwords.md
+++ b/i18n/pl/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/pl/photo-management.md b/i18n/pl/photo-management.md
index e429d06f..1078632e 100644
--- a/i18n/pl/photo-management.md
+++ b/i18n/pl/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Musi być open source.
diff --git a/i18n/pl/real-time-communication.md b/i18n/pl/real-time-communication.md
index 50465504..5051a9bc 100644
--- a/i18n/pl/real-time-communication.md
+++ b/i18n/pl/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/pl/router.md b/i18n/pl/router.md
index 7ed072e3..331ce991 100644
--- a/i18n/pl/router.md
+++ b/i18n/pl/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** to system operacyjny oparty na oprogramowaniu Linux; jest używany głównie w urządzeniach wbudowanych do kierowania ruchem sieciowym. Zawiera util-linux, uClibc oraz BusyBox. Wszystkie komponenty zostały zoptymalizowane pod kątem routerów domowych.
+**OpenWrt** to system operacyjny oparty na oprogramowaniu Linux; jest używany głównie w urządzeniach wbudowanych do kierowania ruchem sieciowym. Zawiera util-linux, uClibc oraz BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Strona WWW](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Dokumentacja}
diff --git a/i18n/pl/security-keys.md b/i18n/pl/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/pl/security-keys.md
+++ b/i18n/pl/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/pl/tools.md b/i18n/pl/tools.md
index 03d9528a..4184be72 100644
--- a/i18n/pl/tools.md
+++ b/i18n/pl/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/pl/tor.md b/i18n/pl/tor.md
index 91da036e..a88a0f56 100644
--- a/i18n/pl/tor.md
+++ b/i18n/pl/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/pl/vpn.md b/i18n/pl/vpn.md
index b5f90515..08973303 100644
--- a/i18n/pl/vpn.md
+++ b/i18n/pl/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/pt-BR/about.md b/i18n/pt-BR/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/pt-BR/about.md
+++ b/i18n/pt-BR/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/pt-BR/about/contributors.md b/i18n/pt-BR/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/pt-BR/about/contributors.md
+++ b/i18n/pt-BR/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/pt-BR/about/criteria.md b/i18n/pt-BR/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/pt-BR/about/criteria.md
+++ b/i18n/pt-BR/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/pt-BR/about/executive-policy.md b/i18n/pt-BR/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/pt-BR/about/executive-policy.md
+++ b/i18n/pt-BR/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/pt-BR/about/notices.md b/i18n/pt-BR/about/notices.md
index 4060fcad..7bb0b9b0 100644
--- a/i18n/pt-BR/about/notices.md
+++ b/i18n/pt-BR/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/pt-BR/about/privacytools.md b/i18n/pt-BR/about/privacytools.md
index 930b7784..063f99ba 100644
--- a/i18n/pt-BR/about/privacytools.md
+++ b/i18n/pt-BR/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/pt-BR/about/statistics.md b/i18n/pt-BR/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/pt-BR/about/statistics.md
+++ b/i18n/pt-BR/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/pt-BR/advanced/communication-network-types.md b/i18n/pt-BR/advanced/communication-network-types.md
index 23886941..4db791a1 100644
--- a/i18n/pt-BR/advanced/communication-network-types.md
+++ b/i18n/pt-BR/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Quando auto-hospedados, os membros de um servidor federado podem descobrir e se
- Permite maior controle sobre seus próprios dados ao usar seu próprio servidor.
- Permite que você escolha com quem confiar seus dados, escolhendo entre vários servidores "públicos".
- Muitas vezes permitem clientes de terceiros que podem fornecer uma experiência mais nativa, personalizada ou acessível.
-- O software do servidor pode ser verificado para saber se ele corresponde ao código-fonte original, assumindo que você tem acesso ao servidor ou confia na pessoa que o mantém (por exemplo, um membro de sua família).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Desvantagens:**
@@ -60,7 +60,7 @@ Quando auto-hospedados, os membros de um servidor federado podem descobrir e se
Os mensageiros P2P se conectam a uma [ rede distribuída](https://en.wikipedia.org/wiki/Distributed_networking) de nós para retransmitir uma mensagem ao destinatário sem um servidor de terceiros.
-Clientes (peers) geralmente encontram um ao outro através do uso de um [sistema de processamento distribuído](https://pt.wikipedia.org/wiki/Sistema_de_processamento_distribu%C3%ADdo). Exemplos disso incluem [Distributed hash table](https://pt.wikipedia.org/wiki/Distributed_hash_table) (DHT), usado por [torrents](https://pt.wikipedia.org/wiki/BitTorrent) e [IPFS](https://pt.wikipedia.org/wiki/Sistema_de_Arquivos_Interplanet%C3%A1rio) por exemplo. Outra abordagem é redes baseadas em proximidade, onde uma conexão é estabelecida através de WiFi ou Bluetooth (por exemplo, Briar ou o protocolo de rede social [Scuttlebutt](https://scuttlebutt.nz)).
+Clientes (peers) geralmente encontram um ao outro através do uso de um [sistema de processamento distribuído](https://pt.wikipedia.org/wiki/Sistema_de_processamento_distribu%C3%ADdo). Exemplos disso incluem [Distributed hash table](https://pt.wikipedia.org/wiki/Distributed_hash_table) (DHT), usado por [torrents](https://pt.wikipedia.org/wiki/BitTorrent) e [IPFS](https://pt.wikipedia.org/wiki/Sistema_de_Arquivos_Interplanet%C3%A1rio) por exemplo. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Uma vez que um peer tenha encontrado uma rota para o seu contato através de qualquer um desses métodos, uma conexão direta entre eles é feita. Embora as mensagens sejam geralmente criptografadas, um observador ainda pode deduzir a localização e a identidade do remetente e do destinatário.
@@ -85,9 +85,9 @@ As redes P2P não usam servidores, pois os peers se comunicam diretamente entre
Um mensageiro usando [roteamento anônimo](https://doi.org/10.1007/978-1-4419-5906-5_628) oculta a identidade do remetente, do destinatário ou a evidência de que eles estão se comunicando. Idealmente, um mensageiro deve esconder todos os três.
-Existem [muitas](https://doi.org/10.1145/3182658) maneiras diferentes de implementar o roteamento anônimo. Um dos mais famosos é o [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (ou seja, [Tor](tor-overview.md)), que comunica mensagens criptografadas através de uma [rede sopbreposta](https://pt.wikipedia.org/wiki/Rede_sobreposta) virtual, que esconde a localização de cada nó, bem como o destinatário e o remetente de cada mensagem. O remetente e o destinatário nunca interagem diretamente e só se encontram através de um nó de encontro secreto para que não haja vazamento de endereços IP ou localização física. Os nós não podem descriptografar mensagens, nem o destino final; apenas o destinatário pode. Cada nó intermediário só pode descriptografar uma parte que indica para onde enviar a mensagem criptografada, até chegar ao destinatário que pode descriptografá-la totalmente, daí as "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Um dos mais famosos é o [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (ou seja, [Tor](tor-overview.md)), que comunica mensagens criptografadas através de uma [rede sopbreposta](https://pt.wikipedia.org/wiki/Rede_sobreposta) virtual, que esconde a localização de cada nó, bem como o destinatário e o remetente de cada mensagem. O remetente e o destinatário nunca interagem diretamente e só se encontram através de um nó de encontro secreto para que não haja vazamento de endereços IP ou localização física. Os nós não podem descriptografar mensagens, nem o destino final; apenas o destinatário pode. Cada nó intermediário só pode descriptografar uma parte que indica para onde enviar a mensagem criptografada, até chegar ao destinatário que pode descriptografá-la totalmente, daí as "onion layers."
-A auto-hospedagem de um nó em uma rede de roteamento anônimo não fornece ao hoster benefícios adicionais de privacidade, mas contribui para a resiliência de toda a rede contra ataques de identificação para o benefício de todos.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Vantagens:**
diff --git a/i18n/pt-BR/advanced/dns-overview.md b/i18n/pt-BR/advanced/dns-overview.md
index 078ec384..34602a3e 100644
--- a/i18n/pt-BR/advanced/dns-overview.md
+++ b/i18n/pt-BR/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: O Sistema de Nome de Domínio é a "agenda telefônica da internet", ajudando seu navegador a encontrar o site que ele está procurando.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. O DNS converte nomes de domínio em endereços IP para que os navegadores e outros serviços possam carregar recursos da Internet, através de uma rede descentralizada de servidores.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. O DNS converte nomes de domínio em endereços IP para que os navegadores e outros serviços possam carregar recursos da Internet, através de uma rede descentralizada de servidores.
## O que é DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS sobre TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/pt-BR/advanced/tor-overview.md b/i18n/pt-BR/advanced/tor-overview.md
index 8997da7a..52cfed5d 100644
--- a/i18n/pt-BR/advanced/tor-overview.md
+++ b/i18n/pt-BR/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/pt-BR/ai-chat.md b/i18n/pt-BR/ai-chat.md
index cb3164df..826feffb 100644
--- a/i18n/pt-BR/ai-chat.md
+++ b/i18n/pt-BR/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Melhor Caso
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/pt-BR/alternative-networks.md b/i18n/pt-BR/alternative-networks.md
index 9c8429c8..6f47fee7 100644
--- a/i18n/pt-BR/alternative-networks.md
+++ b/i18n/pt-BR/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/pt-BR/android/general-apps.md b/i18n/pt-BR/android/general-apps.md
index 98e77acc..5bdcc512 100644
--- a/i18n/pt-BR/android/general-apps.md
+++ b/i18n/pt-BR/android/general-apps.md
@@ -95,7 +95,7 @@ Os principais recursos de privacidade incluem:
Nota
-Os metadados não serão excluídos dos arquivos de vídeo, mas isso está planejado.
+Metadata is not currently deleted from video files, but that is planned.
Os metadados da orientação da imagem não são excluídos. Se você ativar a localização (na Câmera Segura) isso **não** será excluído também. Se você deseja excluir isso mais tarde, você precisará usar um aplicativo externo, como [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/pt-BR/basics/account-creation.md b/i18n/pt-BR/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/pt-BR/basics/account-creation.md
+++ b/i18n/pt-BR/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/pt-BR/basics/account-deletion.md b/i18n/pt-BR/basics/account-deletion.md
index a14ca466..1814dfde 100644
--- a/i18n/pt-BR/basics/account-deletion.md
+++ b/i18n/pt-BR/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Excluindo Contas Antigas
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Sobrescrevendo Informações da Conta
diff --git a/i18n/pt-BR/basics/common-misconceptions.md b/i18n/pt-BR/basics/common-misconceptions.md
index 2641a206..8fb79846 100644
--- a/i18n/pt-BR/basics/common-misconceptions.md
+++ b/i18n/pt-BR/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/pt-BR/basics/common-threats.md b/i18n/pt-BR/basics/common-threats.md
index 9256c582..c4712657 100644
--- a/i18n/pt-BR/basics/common-threats.md
+++ b/i18n/pt-BR/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Seu modelo de ameaça é personalizado para você, mas estas são algumas das coisas com as quais muitos visitantes deste site se preocupam.
---
-Em resumo, nós agrupamos nossas recomendações considerando as [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Você pode estar preocupado com nenhuma, uma, poucas ou todas essas possibilidades==, e as ferramentas e serviços para você usar vão de depender de quais são seus objetivos. Você também pode ter ameaças específicas fora dessas categorias, o que é perfeitamente normal! A parte importante é desenvolver um entendimento dos benefícios e das deficiências das ferramentas que você escolher usar, pois, praticamente nenhuma delas o protegerá de todas as ameaças.
+Em resumo, nós agrupamos nossas recomendações considerando as [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Você pode estar preocupado com nenhuma, uma, poucas ou todas essas possibilidades==, e as ferramentas e serviços para você usar vão de depender de quais são seus objetivos. You may have specific threats outside these categories as well, which is perfectly fine! A parte importante é desenvolver um entendimento dos benefícios e das deficiências das ferramentas que você escolher usar, pois, praticamente nenhuma delas o protegerá de todas as ameaças.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Para minimizar os danos que um aplicativo malicioso *pode* causar, você deve us
Sistemas operacionais móveis geralmente têm um isolamento (sandboxing) de aplicativos melhor do que os sistemas operacionais de mesa (desktop): Aplicativos não podem obter acesso à raiz e precisam de permissão para acessar os recursos do sistema.
-Sistemas operacionais de mesa geralmente ficam para trás em termos de isolamento adequado. ChromeOS tem recursos de isolamento semelhantes aos do Android, e o macOS tem controle total de permissões do sistema (e os desenvolvedores podem optar pelo isolamento para aplicativos). No entanto, esses sistemas operacionais transmitem informações de identificação para seus respectivos OEMs. Linux tende a não enviar informações aos fornecedores de sistemas, mas tem pouca proteção contra explorações e aplicativos mal-intencionados. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Sistemas operacionais de mesa geralmente ficam para trás em termos de isolamento adequado. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). No entanto, esses sistemas operacionais transmitem informações de identificação para seus respectivos OEMs. Linux tende a não enviar informações aos fornecedores de sistemas, mas tem pouca proteção contra explorações e aplicativos mal-intencionados. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Programas de Vigilância em Massa
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limitação de Informações Públicas
diff --git a/i18n/pt-BR/basics/email-security.md b/i18n/pt-BR/basics/email-security.md
index cb1cfff6..2b8d2d7a 100644
--- a/i18n/pt-BR/basics/email-security.md
+++ b/i18n/pt-BR/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### Quais Clientes de Email Suportam E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Como Protejo Minhas Chaves Privadas?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Visão Geral dos Metadados de Email
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Por Que os Metadados Não Podem Ser E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/pt-BR/basics/hardware.md b/i18n/pt-BR/basics/hardware.md
index 0848caaf..4163484b 100644
--- a/i18n/pt-BR/basics/hardware.md
+++ b/i18n/pt-BR/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Aviso
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/pt-BR/basics/multi-factor-authentication.md b/i18n/pt-BR/basics/multi-factor-authentication.md
index 2ac44044..29184640 100644
--- a/i18n/pt-BR/basics/multi-factor-authentication.md
+++ b/i18n/pt-BR/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Autenticação de Múltiplos Fatores"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/pt-BR/basics/passwords-overview.md b/i18n/pt-BR/basics/passwords-overview.md
index deca7ecc..0e96bfab 100644
--- a/i18n/pt-BR/basics/passwords-overview.md
+++ b/i18n/pt-BR/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/pt-BR/basics/threat-modeling.md b/i18n/pt-BR/basics/threat-modeling.md
index 22663631..39ca2046 100644
--- a/i18n/pt-BR/basics/threat-modeling.md
+++ b/i18n/pt-BR/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/pt-BR/browser-extensions.md b/i18n/pt-BR/browser-extensions.md
index 3056e360..510e178c 100644
--- a/i18n/pt-BR/browser-extensions.md
+++ b/i18n/pt-BR/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/pt-BR/calendar.md b/i18n/pt-BR/calendar.md
index 9ab476b0..1d498530 100644
--- a/i18n/pt-BR/calendar.md
+++ b/i18n/pt-BR/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
A funcionalidade de múltiplos calendários e compartilhamento adicional é limitada a assinantes pagos.
diff --git a/i18n/pt-BR/cloud.md b/i18n/pt-BR/cloud.md
index 09799d7d..77bdb84f 100644
--- a/i18n/pt-BR/cloud.md
+++ b/i18n/pt-BR/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/pt-BR/cryptocurrency.md b/i18n/pt-BR/cryptocurrency.md
index 4dadac7f..48206c87 100644
--- a/i18n/pt-BR/cryptocurrency.md
+++ b/i18n/pt-BR/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Critérios
diff --git a/i18n/pt-BR/data-broker-removals.md b/i18n/pt-BR/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/pt-BR/data-broker-removals.md
+++ b/i18n/pt-BR/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/pt-BR/desktop-browsers.md b/i18n/pt-BR/desktop-browsers.md
index adae5174..6726d90c 100644
--- a/i18n/pt-BR/desktop-browsers.md
+++ b/i18n/pt-BR/desktop-browsers.md
@@ -113,7 +113,7 @@ Isso é necessário para evitar formas avançadas de rastreamento, mas vem com o
### Mullvad Leta
-Navegador de Mullvad vem com o DuckDuckGo definido como o [mecanismo de pesquisa padrão](search-engines.md), mas também vem pré-instalado com o **Mullvad Leta**, um mecanismo de busca que requer uma assinatura ativa do Mullvad VPN para acessar. O Mullvad Leta consulta diretamente a API de pesquisa paga do Google, razão pela qual está limitado aos assinantes pagantes. No entanto, é possível ao Mullvad correlacionar as consultas de pesquisa e as contas VPN do Mullvad devido a esta limitação. Por esse motivo, desencorajamos o uso do Mullvad Leta, mesmo que o Mullvad colete muito pouca informação sobre seus assinantes de VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. O Mullvad Leta consulta diretamente a API de pesquisa paga do Google, razão pela qual está limitado aos assinantes pagantes. No entanto, é possível ao Mullvad correlacionar as consultas de pesquisa e as contas VPN do Mullvad devido a esta limitação. Por esse motivo, desencorajamos o uso do Mullvad Leta, mesmo que o Mullvad colete muito pouca informação sobre seus assinantes de VPN.
## Firefox
@@ -193,7 +193,7 @@ De acordo com a política de privacidade do Mozilla para Firefox,
> O Firefox envia dados sobre a sua versão e língua do Firefox; sistema operacional e configuração de hardware; memória, informação básica sobre crashes e erros; resultados de processos automatizados como atualizações, navegação segura e ativação para nós. Quando o Firefox envia dados para nós, seu endereço IP é temporariamente coletado como parte dos registros do nosso servidor.
-Ademais, o serviço Mozilla Accounts coleta [alguns dados técnicos](https://mozilla.org/privacy/mozilla-accounts). Se você usa uma Conta Firefox, você pode não optar por isso:
+Ademais, o serviço Mozilla Accounts coleta [alguns dados técnicos](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Abra as suas [configurações de perfil em accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Desmarque **Coleta de dados e uso** > **Ajude a melhorar as contas Firefox**
@@ -208,7 +208,7 @@ Com o lançamento do Firefox 128, uma nova configuração para [atribuição de
- Selecione **Ativar modo somente HTTPS em todas as janelas**
-Isso te previne de se conectar sem querer a um site em plain-text HTTP. Sites sem HTTPS são incomuns hoje em dia, então isso deve trazer pouco ou nenhum impacto na sua navegação do dia a dia.
+Isso te previne de se conectar sem querer a um site em plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS sobre HTTPS
@@ -301,7 +301,7 @@ O Brave permite que você selecione filtros de conteúdo adicionais na página i
-1. Essa opção desabilita o JavaScript, o que interromperá muitos sites. Para desbloqueá-los, você pode definir exceções por site clicando no ícone do Shields na barra de endereços e desmarcando essa configuração em *Controles avançados*.
+1. Essa opção desabilita o JavaScript, o que interromperá muitos sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. Se desejar permanecer conectado a um site específico que visita com frequência, você pode definir exceções por site clicando no ícone do Shields na barra de endereços e desmarcando essa configuração em *Controles avançados*.
#### Privacidade e Segurança
diff --git a/i18n/pt-BR/desktop.md b/i18n/pt-BR/desktop.md
index a769de5a..f559f0dd 100644
--- a/i18n/pt-BR/desktop.md
+++ b/i18n/pt-BR/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/pt-BR/device-integrity.md b/i18n/pt-BR/device-integrity.md
index ff2f2d51..6b82af59 100644
--- a/i18n/pt-BR/device-integrity.md
+++ b/i18n/pt-BR/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/pt-BR/dns.md b/i18n/pt-BR/dns.md
index 16aee637..782af4c5 100644
--- a/i18n/pt-BR/dns.md
+++ b/i18n/pt-BR/dns.md
@@ -75,7 +75,7 @@ AdGuard Home apresenta um painel web amigável para ver informações e gerencia
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/pt-BR/document-collaboration.md b/i18n/pt-BR/document-collaboration.md
index eea3db7f..9030bc69 100644
--- a/i18n/pt-BR/document-collaboration.md
+++ b/i18n/pt-BR/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Nosso critério de melhor caso representa o que gostaríamos de ver em um projeto perfeito nessa categoria. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/pt-BR/email-aliasing.md b/i18n/pt-BR/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/pt-BR/email-aliasing.md
+++ b/i18n/pt-BR/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/pt-BR/email.md b/i18n/pt-BR/email.md
index 61b6743f..95b26d36 100644
--- a/i18n/pt-BR/email.md
+++ b/i18n/pt-BR/email.md
@@ -58,7 +58,7 @@ OpenPGP também não suporta Encaminhamento Sigiloso, isso significa que se a su
{ align=right }
-**Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. Eles estão operando desde 2013. Proton AG é localizado em Genève, Suíça. O plano Proton Mail Free vem com 500 Mb de armazenamento de e-mail, que você pode aumentar até 1 GB gratuitamente.
+**Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. Eles estão operando desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Página inicial](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Serviço Onion" }
@@ -97,7 +97,7 @@ Proton Mail [aceita](https://proton.me/support/payment-options) dinheiro por cor
#### :material-check:{ .pg-green } Segurança da Conta
-Proton Mail suporta TOTP [autenticação de dois factores](https://proton.me/support/two-factor-authentication-2fa) e [chaves de segurança de hardware](https://proton.me/support/2fa-security-key) utilizando as normas FIDO2 ou U2F. O uso de uma chave de segurança de hardware requer a configuração da autenticação de dois fatores TOTP primeiro.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Segurança dos Dados
@@ -117,7 +117,7 @@ Se você tiver uma conta paga e sua conta [não for paga](https://proton.me/supp
#### :material-information-outline:{ .pg-blue } Funcionalidades Adicionais
-O plano [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) do Proton Mail também permite o acesso a outros serviços da Proton, além de fornecer vários domínios personalizados, aliases ilimitados do tipo hide-my-email e 500 GB de armazenamento.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
O Proton Mail não oferece um recurso de legado digital.
@@ -127,7 +127,7 @@ O Proton Mail não oferece um recurso de legado digital.
{ align=right }
-O **Mailbox.org** é um serviço de e-mail que se concentra em ser seguro, livre de anúncios e alimentado de forma privada por energia 100% ecológica. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. As contas começam com até 2 GB de armazenamento, que podem ser aumentados conforme necessário.
+O **Mailbox.org** é um serviço de e-mail que se concentra em ser seguro, livre de anúncios e alimentado de forma privada por energia 100% ecológica. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ O Mailbox.org permite que você use seu próprio domínio e oferece suporte a en
#### :material-check:{ .pg-green } Métodos de Pagamento Privados
-Mailbox.org não aceita nenhuma criptomoeda como resultado do seu processador de pagamentos BitPay ter suspendido as operações na Alemanha. No entanto, eles aceitam dinheiro por correio, pagamento em dinheiro para conta bancária, transferência bancária, cartão de crédito, PayPal e alguns processadores específicos da Alemanha: paydirekt and Sofortüberweisung.
+Mailbox.org não aceita nenhuma criptomoeda como resultado do seu processador de pagamentos BitPay ter suspendido as operações na Alemanha. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Segurança da Conta
-O Mailbox.org oferece suporte à [autenticação de dois fatores](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) somente para o webmail. Você pode usar o TOTP ou uma [YubiKey](https://en.wikipedia.org/wiki/YubiKey) por meio do [YubiCloud](https://yubico.com/products/services-software/yubicloud). Padrões da Web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportados.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. Você pode usar o TOTP ou uma [YubiKey](https://en.wikipedia.org/wiki/YubiKey) por meio do [YubiCloud](https://yubico.com/products/services-software/yubicloud). Padrões da Web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportados.
#### :material-information-outline:{ .pg-blue } Segurança dos Dados
@@ -172,7 +172,7 @@ Sua conta será definida como uma conta de usuário restrita quando o contrato t
#### :material-information-outline:{ .pg-blue } Funcionalidades Adicionais
-Você pode acessar sua conta do Mailbox.org via IMAP/SMTP usando o [ serviço .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). No entanto, sua interface webmail não pode ser acessada através do seu serviço ".onion" e você pode experimentar erros de certificado TLS.
+Você pode acessar sua conta do Mailbox.org via IMAP/SMTP usando o [ serviço .onion](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
Todas as contas vêm com armazenamento limitado na nuvem que [pode ser criptografado](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org também oferece o pseudônimo [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), que impõe a criptografia TLS na conexão entre os servidores de email, caso contrário, a mensagem não será enviada. Mailbox.org também suporta [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync), além dos protocolos de acesso padrão como IMAP e POP3.
@@ -195,7 +195,7 @@ Estes provedores armazenam os seus e-mails com criptografia de conhecimento zero
{ align=right }
{ align=right }
-**Tuta** (anteriormente *Tutanota*) é um serviço de e-mail com foco na segurança e privacidade por meio do uso de criptografia. Tutá está em funcionamento desde 2011 e está com sede em Hanover, Alemanha. Contas gratuitas começam com 1GB de armazenamento.
+**Tuta** (anteriormente *Tutanota*) é um serviço de e-mail com foco na segurança e privacidade por meio do uso de criptografia. Tutá está em funcionamento desde 2011 e está com sede em Hanover, Alemanha. Free accounts start with 1 GB of storage.
[:octicons-home-16: Página inicial](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mozilla.org/privacy/firefox){ .card-link title="Política de privacidade" }
@@ -226,11 +226,11 @@ Contas pagas da Tuta podem usar 15 ou 30 pseudônimos, dependendo do plano, e ps
#### :material-information-outline:{ .pg-blue } Métodos de Pagamento Privados
-Tuta só aceita diretamente cartões de crédito e PayPal, mas [a criptomoeda](cryptocurrency.md) pode ser usada para comprar gift cards por meio de sua [parceria](https://tuta.com/support/#cryptocurrency) com a Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Segurança da Conta
-Tuta oferece suporte à [autenticação de dois fatores](https://tuta.com/support#2fa) com TOTP ou U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Segurança dos Dados
@@ -297,7 +297,7 @@ Consideramos esses recursos importantes para fornecer um serviço seguro e otimi
**Mínimo Para Qualificação:**
- Criptografa os dados da conta de e-mail em repouso com criptografia de acesso zero.
-- Recurso de exportação como [Mbox](https://en.wikipedia.org/wiki/Mbox) ou .eml individual com o padrão [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Permite que os usuários usem seu próprio [nome de domínio](https://en.wikipedia.org/wiki/Domain_name). Nomes de domínio personalizados são importantes para os usuários, porque lhes permite manter sua agência a partir do serviço. Deve piorar ou ser adquirido por outra empresa que não priorize a privacidade.
- Opera em uma infraestrutura própria, ou seja, não é baseada em provedores de serviços de e-mail de terceiros.
diff --git a/i18n/pt-BR/encryption.md b/i18n/pt-BR/encryption.md
index d532d793..e4270166 100644
--- a/i18n/pt-BR/encryption.md
+++ b/i18n/pt-BR/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/pt-BR/file-sharing.md b/i18n/pt-BR/file-sharing.md
index db8310cf..86508a63 100644
--- a/i18n/pt-BR/file-sharing.md
+++ b/i18n/pt-BR/file-sharing.md
@@ -13,7 +13,7 @@ Descubra como compartilhar seus arquivos de forma privada entre seus dispositivo
## Compartilhamento de Arquivos
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/pt-BR/frontends.md b/i18n/pt-BR/frontends.md
index 79681368..123ebedb 100644
--- a/i18n/pt-BR/frontends.md
+++ b/i18n/pt-BR/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/pt-BR/index.md b/i18n/pt-BR/index.md
index fbc33a17..2b7fb0bd 100644
--- a/i18n/pt-BR/index.md
+++ b/i18n/pt-BR/index.md
@@ -91,7 +91,7 @@ O **Privacy Guides** tem uma [comunidade](https://discuss.privacyguides.net) ded
---
- Proton Mail é um serviço de e-mail focado em privacidade, criptografia, segurança, e facilidade de uso. Eles estão em operação desde 2013. Proton AG é localizado em Genève, Suíça. O plano Proton Mail Free vem com 500 Mb de armazenamento de e-mail, que você pode aumentar até 1 GB gratuitamente.
+ Proton Mail é um serviço de e-mail focado em privacidade, criptografia, segurança, e facilidade de uso. Eles estão em operação desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Leia a Análise Completa](email.md#proton-mail)
@@ -99,7 +99,7 @@ O **Privacy Guides** tem uma [comunidade](https://discuss.privacyguides.net) ded
---
- Mailbox.org é um serviço de correio electrónico centrado em ser seguro, livre de anúncios e alimentado com energia 100% amiga do meio ambiente. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. As contas começam com até 2 GB de armazenamento, que podem ser aumentados conforme necessário.
+ Mailbox.org é um serviço de correio electrónico centrado em ser seguro, livre de anúncios e alimentado com energia 100% amiga do meio ambiente. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Leia a Análise Completa](email.md#mailboxorg)
@@ -107,7 +107,7 @@ O **Privacy Guides** tem uma [comunidade](https://discuss.privacyguides.net) ded
---
- Tuta (anteriormente *Tutanota*) é um serviço de e-mail com foco na segurança e privacidade através do uso de criptografia. Tutá está em funcionamento desde 2011 e está sediado em Hanover, Alemanha. Contas gratuitas começam com 1GB de armazenamento.
+ Tuta (anteriormente *Tutanota*) é um serviço de e-mail com foco na segurança e privacidade através do uso de criptografia. Tutá está em funcionamento desde 2011 e está sediado em Hanover, Alemanha. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Leia a Análise Completa](email.md#tuta)
@@ -172,7 +172,7 @@ Considerado pela **WIRED**, **Tweakers.net**, **The New York Times**, e muitas o
## O que são ferramentas de privacidade?
-Recomendamos uma grande variedade de **ferramentas de privacidade** (a.k.a. *apps de privacidade*, *utilitários de privacidade*, *softwares de privacidade*) abrangendo software e hardware que você pode adotar para melhorar sua privacidade. Muitas das ferramentas que recomendamos são totalmente gratuitas e de software de código aberto, enquanto algumas são serviços comerciais disponíveis para compra. Mudar do software convencional que consome muitos dados, como o Google Chrome e o Windows, para ferramentas voltadas para a privacidade, como o [Brave](desktop-browsers.md#brave) e o [Linux](desktop.md), pode ajudar muito a controlar as informações que você compartilha com empresas e outras pessoas.
+Recomendamos uma grande variedade de **ferramentas de privacidade** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Muitas das ferramentas que recomendamos são totalmente gratuitas e de software de código aberto, enquanto algumas são serviços comerciais disponíveis para compra. Mudar do software convencional que consome muitos dados, como o Google Chrome e o Windows, para ferramentas voltadas para a privacidade, como o [Brave](desktop-browsers.md#brave) e o [Linux](desktop.md), pode ajudar muito a controlar as informações que você compartilha com empresas e outras pessoas.
[:material-check-all: Nosso Critério Geral](about/criteria.md){ class="md-button" }
diff --git a/i18n/pt-BR/meta/brand.md b/i18n/pt-BR/meta/brand.md
index 730b75f6..aaa9b517 100644
--- a/i18n/pt-BR/meta/brand.md
+++ b/i18n/pt-BR/meta/brand.md
@@ -12,7 +12,7 @@ O nome do site é **Privacy Guides** e **não deve** ser alterado para:
— PG.org
-O nome do subreddit é **r/PrivacyGuides** ou **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Outras diretrizes de marca podem ser encontradas em [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/pt-BR/meta/translations.md b/i18n/pt-BR/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/pt-BR/meta/translations.md
+++ b/i18n/pt-BR/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/pt-BR/meta/uploading-images.md b/i18n/pt-BR/meta/uploading-images.md
index 5080bd2d..86bcb9ab 100644
--- a/i18n/pt-BR/meta/uploading-images.md
+++ b/i18n/pt-BR/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/pt-BR/meta/writing-style.md b/i18n/pt-BR/meta/writing-style.md
index f3dd7fbb..8fabc654 100644
--- a/i18n/pt-BR/meta/writing-style.md
+++ b/i18n/pt-BR/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/pt-BR/mobile-browsers.md b/i18n/pt-BR/mobile-browsers.md
index 3312db04..d3342815 100644
--- a/i18n/pt-BR/mobile-browsers.md
+++ b/i18n/pt-BR/mobile-browsers.md
@@ -247,7 +247,7 @@ Isso te previne de se conectar sem querer a um site em plain-text HTTP. HTTP is
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/pt-BR/multi-factor-authentication.md b/i18n/pt-BR/multi-factor-authentication.md
index 7f65838e..7af5fcd8 100644
--- a/i18n/pt-BR/multi-factor-authentication.md
+++ b/i18n/pt-BR/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Autenticação de Múltiplos Fatores"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/pt-BR/notebooks.md b/i18n/pt-BR/notebooks.md
index b286ec16..07966a5a 100644
--- a/i18n/pt-BR/notebooks.md
+++ b/i18n/pt-BR/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Mantenha o controle de suas anotações e registros de atividades sem entregá-los a terceiros.
+Keep track of your notes and journals without giving them to a third party.
Se você estiver usando atualmente um aplicativo como Evernote, Google Keep, ou Microsoft OneNote, sugerimos que escolha uma alternativa que suporte E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-* *Joplin** é um aplicativo de anotações e tarefas gratuito, de código aberto e com todos os recursos que pode lidar com um grande número de anotações organizadas em blocos de anotações e tags. Ele oferece E2EE e pode sincronizar através do Nextcloud, Dropbox e muito mais. Oferece também uma importação fácil a partir do Evernote e notas de texto simples.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Ele oferece E2EE e pode sincronizar através do Nextcloud, Dropbox e muito mais. Oferece também uma importação fácil a partir do Evernote e notas de texto simples.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md
index 0a310bb7..5633a3d6 100644
--- a/i18n/pt-BR/os/android-overview.md
+++ b/i18n/pt-BR/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/pt-BR/os/ios-overview.md b/i18n/pt-BR/os/ios-overview.md
index 38c63f4d..3358ea03 100644
--- a/i18n/pt-BR/os/ios-overview.md
+++ b/i18n/pt-BR/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/pt-BR/os/linux-overview.md b/i18n/pt-BR/os/linux-overview.md
index 1dd62f98..b66a65a9 100644
--- a/i18n/pt-BR/os/linux-overview.md
+++ b/i18n/pt-BR/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/pt-BR/os/macos-overview.md b/i18n/pt-BR/os/macos-overview.md
index 87a0d09c..b56f395c 100644
--- a/i18n/pt-BR/os/macos-overview.md
+++ b/i18n/pt-BR/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Fontes
diff --git a/i18n/pt-BR/os/windows/group-policies.md b/i18n/pt-BR/os/windows/group-policies.md
index 8c4b7fe2..5c2b4991 100644
--- a/i18n/pt-BR/os/windows/group-policies.md
+++ b/i18n/pt-BR/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/pt-BR/os/windows/index.md b/i18n/pt-BR/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/pt-BR/os/windows/index.md
+++ b/i18n/pt-BR/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/pt-BR/passwords.md b/i18n/pt-BR/passwords.md
index 0bdfe9ac..c5f34073 100644
--- a/i18n/pt-BR/passwords.md
+++ b/i18n/pt-BR/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/pt-BR/photo-management.md b/i18n/pt-BR/photo-management.md
index 1470005d..690f6677 100644
--- a/i18n/pt-BR/photo-management.md
+++ b/i18n/pt-BR/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Deve ser de código aberto.
diff --git a/i18n/pt-BR/real-time-communication.md b/i18n/pt-BR/real-time-communication.md
index 4dff3d25..c96aed9c 100644
--- a/i18n/pt-BR/real-time-communication.md
+++ b/i18n/pt-BR/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/pt-BR/router.md b/i18n/pt-BR/router.md
index dd3d8126..44e30677 100644
--- a/i18n/pt-BR/router.md
+++ b/i18n/pt-BR/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** é um sistema operacional baseado em Linux; ele é usado principalmente em dispositivos incorporados (embedded) para rotear o tráfego de rede. Inclui util-linux, uClibc e BusyBox. Todos os componentes foram otimizados para roteadores domésticos.
+**OpenWrt** é um sistema operacional baseado em Linux; ele é usado principalmente em dispositivos incorporados (embedded) para rotear o tráfego de rede. Inclui util-linux, uClibc e BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentação}
diff --git a/i18n/pt-BR/security-keys.md b/i18n/pt-BR/security-keys.md
index 3248c4b1..bd0fc50b 100644
--- a/i18n/pt-BR/security-keys.md
+++ b/i18n/pt-BR/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/pt-BR/tools.md b/i18n/pt-BR/tools.md
index 60609751..4ee5ba93 100644
--- a/i18n/pt-BR/tools.md
+++ b/i18n/pt-BR/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. Eles estão em operação desde 2013. Proton AG é localizado em Genève, Suíça. O plano Proton Mail Free vem com 500 Mb de armazenamento de e-mail, que você pode aumentar até 1 GB gratuitamente.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. Eles estão em operação desde 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. As contas começam com até 2 GB de armazenamento, que podem ser aumentados conforme necessário.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Eles estão operando desde 2014. Mailbox.org é sediado em Berlim, Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tutá está em funcionamento desde 2011 e está sediado em Hanover, Alemanha. Contas gratuitas começam com 1GB de armazenamento.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tutá está em funcionamento desde 2011 e está sediado em Hanover, Alemanha. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/pt-BR/tor.md b/i18n/pt-BR/tor.md
index 4a47e0ea..9c2f2ce5 100644
--- a/i18n/pt-BR/tor.md
+++ b/i18n/pt-BR/tor.md
@@ -44,7 +44,7 @@ Há uma variedade de maneiras de se conectar à rede Tor a partir do seu disposi
Alguns desses aplicativos são melhores do que outros, e novamente fazer uma determinação equivale ao seu modelo de ameaça. Se você é um usuário casual do Tor que não está preocupado com o ISP que coleta provas contra você, usar aplicativos como o [Orbot](#orbot) ou aplicativos do navegador móvel para acessar a rede Tor provavelmente não é problema. Aumentar o número de pessoas que usam Tor todos os dias ajuda a reduzir o mau estigma do Tor, e diminui a qualidade das "listas de usuários de Tor" que os ISPs e os governos podem compilar.
-Se o anonimato mais completo for fundamental para a sua situação, você deve somente **** utilizar o cliente do navegador Tor para área de trabalho, idealmente em uma configuração de [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Os navegadores móveis são menos comuns no Tor (e, como resultado, mais passíveis de impressão digital), e outras configurações não são tão rigorosamente testadas contra a desanonimização.
+Se o anonimato mais completo for fundamental para a sua situação, você deve somente **** utilizar o cliente do navegador Tor para área de trabalho, idealmente em uma configuração de [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os). Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Navegador Tor
@@ -120,11 +120,11 @@ Antes, recomendávamos habilitar a opção *"Isolar os endereços de destino"* (
Dicas para o Android
-Orbot pode fazer proxy em aplicativos individuais se eles suportarem proxy SOCKS ou HTTP. Ele também pode fazer proxy de todas as suas conexões de rede usando [VpnService](https://developer.android.com/reference/android/net/VpnService) e pode ser usado com o killswitch de VPN em :gear: **Configurações** → **Rede e Internet** → **VPN** → :gear: → **Bloquear conexões sem VPN**.
+Orbot pode fazer proxy em aplicativos individuais se eles suportarem proxy SOCKS ou HTTP. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot costuma estar desatualizado no [repositório F-Droid, do Projeto Guardian](https://guardianproject.info/fdroid) e na [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), então, considere baixar diretamente do [repositório GitHub](https://github.com/guardianproject/orbot/releases) em vez disso.
-Todas as versões são assinadas usando a mesma assinatura, por isso devem ser compatíveis entre si.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/pt-BR/vpn.md b/i18n/pt-BR/vpn.md
index bb2b891f..2cc33aa9 100644
--- a/i18n/pt-BR/vpn.md
+++ b/i18n/pt-BR/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Recomendações e Comparação de Serviços VPN Privados, Sem Patrocinadores ou Anúncios — Privacy Guides"
title: "Serviços de VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Encontre aqui um provedor que não tem como objetivo espionar você.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN tem seus próprios servidores e centros de dados na Suíça, Islândia e Suécia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN tem seus próprios servidores e centros de dados na Suíça, Islândia e Suécia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } O recurso Killswitch não funciona em Macs baseados em Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Se você precisar desse recurso e estiver usando um Mac com chipset Intel, considere usar outro serviço de VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Se você precisar desse recurso e estiver usando um Mac com chipset Intel, considere usar outro serviço de VPN.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Clientes Móveis
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** é uma VPN rápida e barata com uma séria ênfase em transparência e segurança. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** é uma VPN rápida e barata com uma séria ênfase em transparência e segurança. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
### Tecnologia
-Exigimos que todos os nossos provedores de VPN recomendados forneçam arquivos de configuração OpenVPN para serem usados em qualquer cliente. **Se** uma VPN fornecer seu próprio cliente personalizado, será necessário um killswitch para bloquear vazamentos de dados de rede quando desconectado.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Mínimo Para Qualificação:**
-- Suporte para protocolos fortes, como WireGuard & OpenVPN.
-- Killswitch integrado aos clientes.
-- Suporte a Multihop. O Multihopping é importante para manter os dados privados no caso de comprometimento de um único nó.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Melhor Caso:**
-- Killswitch com opções altamente configuráveis (ativar/desativar em determinadas redes, na inicialização, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Clientes VPN fáceis de usar
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. Esperamos que os servidores permitam conexões de entrada via IPv6 e que você possa acessar serviços hospedados em endereços IPv6.
- O recurso de [encaminhamento remoto de portas](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) ajuda a criar conexões ao usar o software de compartilhamento de arquivos P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) ou ao hospedar um servidor (por exemplo, Mumble).
@@ -316,11 +316,11 @@ Preferimos que nossos provedores recomendados coletem o mínimo possível de dad
**Melhor Caso:**
- Aceita múltiplas [opções de pagamento anônimas](advanced/payments.md).
-- Nenhuma informação pessoal é aceita (nome de usuário gerado automaticamente, nenhum e-mail necessário, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Segurança
-Uma VPN é inútil se não puder fornecer nem mesmo a segurança adequada. Exigimos que todos os nossos provedores recomendados cumpram os padrões de segurança atuais para suas conexões OpenVPN. O ideal é que eles usem, por padrão, esquemas de criptografia resistentes às mudanças futuras. Também exigimos que um terceiro independente audite a segurança do provedor, de preferência de forma bastante abrangente e repetida (anualmente).
+Uma VPN é inútil se não puder fornecer nem mesmo a segurança adequada. We require all our recommended providers to abide by current security standards. O ideal é que eles usem, por padrão, esquemas de criptografia resistentes às mudanças futuras. Também exigimos que um terceiro independente audite a segurança do provedor, de preferência de forma bastante abrangente e repetida (anualmente).
**Mínimo Para Qualificação:**
@@ -358,7 +358,7 @@ Com os provedores de VPN que recomendamos, gostamos de ver um marketing respons
**Mínimo Para Qualificação:**
-- Deve hospedar análises por conta própria (ou seja, nada de Google Analytics). O site do provedor também deve estar em conformidade com [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) para pessoas que queiram optar por não participar.
+- Deve hospedar análises por conta própria (ou seja, nada de Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Não deve ter nenhum marketing irresponsável:
diff --git a/i18n/pt/about.md b/i18n/pt/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/pt/about.md
+++ b/i18n/pt/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/pt/about/contributors.md b/i18n/pt/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/pt/about/contributors.md
+++ b/i18n/pt/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/pt/about/criteria.md b/i18n/pt/about/criteria.md
index 72130cbc..5df058a6 100644
--- a/i18n/pt/about/criteria.md
+++ b/i18n/pt/about/criteria.md
@@ -24,7 +24,7 @@ Os programadores que pretendam submeter o seu projeto ou software para apreciaç
- Devem indicar a sua afiliação, ou seja, a sua posição no âmbito do projeto apresentado.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Sempre que possível, devem mencionar quem efetuará a(s) auditoria(s).
- Devem explicar qual a mais-valia que o projeto traz às questões relacionadas com a privacidade.
diff --git a/i18n/pt/about/executive-policy.md b/i18n/pt/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/pt/about/executive-policy.md
+++ b/i18n/pt/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/pt/about/notices.md b/i18n/pt/about/notices.md
index d2ccb2f8..980484af 100644
--- a/i18n/pt/about/notices.md
+++ b/i18n/pt/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Acreditamos que os logótipos e outras imagens em `assets` obtidos de fornecedores terceiros são de domínio público ou de **utilização justa**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. No entanto, esses logótipos e outras imagens podem ainda estar sujeitos à legislação sobre marcas registadas numa ou mais jurisdições. Antes de utilizar esse conteúdo, certifique-se de que é utilizado para identificar a entidade ou organização proprietária da marca registada e de que tem o direito de o utilizar ao abrigo da legislação aplicável nas circunstâncias da utilização pretendida. *Ao copiar conteúdos deste site, o utilizador é o único responsável por garantir que não infringe a marca registada ou os direitos de autor de terceiros.*
+Acreditamos que os logótipos e outras imagens em `assets` obtidos de fornecedores terceiros são de domínio público ou de **utilização justa**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. No entanto, esses logótipos e outras imagens podem ainda estar sujeitos à legislação sobre marcas registadas numa ou mais jurisdições. Antes de utilizar esse conteúdo, certifique-se de que é utilizado para identificar a entidade ou organização proprietária da marca registada e de que tem o direito de o utilizar ao abrigo da legislação aplicável nas circunstâncias da utilização pretendida. *Ao copiar conteúdos deste site, o utilizador é o único responsável por garantir que não infringe a marca registada ou os direitos de autor de terceiros.*
Quando contribui para o nosso site, está a fazê-lo ao abrigo das licenças acima referidas e concede ao Privacy Guides uma licença perpétua, mundial, não exclusiva, transferível, isenta de direitos de autor e irrevogável, com o direito de sublicenciar esses direitos através de vários níveis de sublicenciados, para reproduzir, modificar, apresentar, executar e distribuir o seu contributo como parte do nosso projeto.
diff --git a/i18n/pt/about/privacytools.md b/i18n/pt/about/privacytools.md
index 03515d9d..44dd405b 100644
--- a/i18n/pt/about/privacytools.md
+++ b/i18n/pt/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Controle de r/privacytoolsIO
-Em simultâneo com os problemas contínuos do site privacytools.io, a equipa de moderação do r/privacytoolsIO estava a enfrentar desafios para gerir o subreddit. O subreddit sempre foi gerido de forma independente do desenvolvimento do site, mas BurungHantu também era o principal moderador do subreddit, e o único moderador com privilégios de "Controle total". u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-O Reddit exige que os subreddits tenham moderadores ativos. Se o moderador principal estiver inativo durante um longo período de tempo (por exemplo, um ano), a posição de moderador principal pode ser atribuída ao moderador seguinte. Para que esse pedido fosse atendido, era necessário que BurungHantu tivesse estado completamente ausente de todas as atividades do Reddit durante um longo período de tempo, o que era consistente com o seu comportamento noutras plataformas.
+Reddit requires that Subreddits have active moderators. Se o moderador principal estiver inativo durante um longo período de tempo (por exemplo, um ano), a posição de moderador principal pode ser atribuída ao moderador seguinte. Para que esse pedido fosse atendido, era necessário que BurungHantu tivesse estado completamente ausente de todas as atividades do Reddit durante um longo período de tempo, o que era consistente com o seu comportamento noutras plataformas.
> Se perder o privilégio de moderador de um subreddit através de um pedido do Reddit, significa que foram a sua falta de resposta e falta de atividade que qualificaram o subreddit para uma transferência r/redditrequest.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Arquivamento do código-fonte no GitHub para preservação do trabalho anterior e do rastreador de problemas, que continuámos a usar durante meses no desenvolvimento futuro deste site.
-- Publicação de anúncios no nosso subreddit e em várias comunidades, informando as pessoas da mudança oficial.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Encerramento formal dos serviços privacytools.io, como Matrix e Mastodon, e ações de incentivo para que os utilizadores existentes migrassem o mais rápido possível.
As coisas pareciam estar a correr bem, uma vez que a maioria da nossa comunidade ativa efetuou a mudança para o nosso novo projeto, exatamente como esperávamos.
@@ -66,11 +66,11 @@ Cerca de uma semana após a transição, BurungHantu voltou a ficar online pela
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Acedemos ao pedido e solicitámos que fossem mantidos os subdomínios Matrix, Mastodon e PeerTube ativos para que pudessem prestar um serviço público à nossa comunidade, pelo menos durante alguns meses, a fim de permitir que os utilizadores dessas plataformas migrassem facilmente para outras contas. Devido à natureza federada dos serviços que fornecíamos, estes estavam vinculados a domínios específicos, o que tornava a migração muito difícil (e, em alguns casos, até impossível).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Em seguida, BurungHantu fez falsas acusações de que Jonah roubava donativos ao projeto. Passou mais de um ano desde que o suposto incidente ocorreu, sem que BurungHantu tenha informado alguém, o que veio a acontecer apenas após a migração do Privacy Guides. Repetidamente, a equipa [e a comunidade](https://twitter.com/TommyTran732/status/1526153536962281474) solicitaram a BurungHantu que fornecesse provas e explicasse o motivo do seu silêncio.
-BurungHantu, inclusive, fez uma [publicação no Twitter](https://twitter.com/privacytoolsIO/status/1510560676967710728) alegando que um "advogado" o procurou para lhe dar conselhos, no que consistiu outra tentativa para nos intimidar, de forma a que lhe concedessemos o controle do nosso subreddit e, como parte de sua campanha de difamação, para turvar as águas em torno do lançamento do Privacy Guides, fingindo ser uma vítima.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Agora
@@ -80,7 +80,7 @@ Desde 25 de setembro de 2022, que vemos que os planos de BurungHantu se estão a
## r/privacytoolsIO Agora
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] O crescimento deste sub foi fruto de um grande esforço, ao longo de vários anos, da equipa PrivacyGuides.org. E do esforço de cada um de vós.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Os subreddits não pertencem a ninguém e, sobretudo, não pertencem aos detentores de marcas. Eles pertencem às suas comunidades, e a comunidade e os seus moderadores tomaram a decisão de apoiar a mudança para r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Não é permitido a qualquer moderador retaliar em relação a pedidos de remoção.
-Para uma comunidade com muitos milhares de subscritores, consideramos que seria incrivelmente desrespeitoso devolver o controle dessa enorme plataforma para uma pessoa que a abandonou durante mais de um ano, e que agora gere um site que, na nossa opinião, fornecer informações de muito pouca qualidade. Preservar os anos de discussões passadas nessa comunidade é mais importante para nós e, por isso, u/trai_dep e a restante equipa de moderação do subreddit tomaram a decisão de manter r/privacytoolsIO tal como está.
+Para uma comunidade com muitos milhares de subscritores, consideramos que seria incrivelmente desrespeitoso devolver o controle dessa enorme plataforma para uma pessoa que a abandonou durante mais de um ano, e que agora gere um site que, na nossa opinião, fornecer informações de muito pouca qualidade. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Agora
diff --git a/i18n/pt/about/statistics.md b/i18n/pt/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/pt/about/statistics.md
+++ b/i18n/pt/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/pt/advanced/communication-network-types.md b/i18n/pt/advanced/communication-network-types.md
index e5b737f0..c48ccec2 100644
--- a/i18n/pt/advanced/communication-network-types.md
+++ b/i18n/pt/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ Numa solução auto-hospedada, os membros de um servidor federado podem descobri
- Permite um maior controlo sobre os seus próprios dados, devido a estes residirem no seu próprio servidor.
- Permite-lhe escolher a quem confiar os seus dados, escolhendo entre vários servidores "públicos".
- Não raras vezes, permite clientes de terceiros que podem proporcionar uma experiência mais nativa, personalizada ou acessível.
-- É possível verificar se o software do servidor corresponde ao código-fonte público, assumindo que tem acesso ao servidor ou que confia na pessoa que o tem (por exemplo, um membro da família).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Desvantagens:**
@@ -60,7 +60,7 @@ Numa solução auto-hospedada, os membros de um servidor federado podem descobri
As aplicações de mensagens instantâneas P2P ligam-se a uma [rede distribuída](https://en.wikipedia.org/wiki/Distributed_networking) de nós para retransmitir a mensagem ao destinatário, sem utilizar um servidor de terceiros.
-Os clientes (peers) comunicam através da utilização de uma rede de [computação distribuída](https://en.wikipedia.org/wiki/Distributed_computing). Exemplos do atrás dito incluem [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), utilizadas por [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) e [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System), por exemplo. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Os clientes (peers) comunicam através da utilização de uma rede de [computação distribuída](https://en.wikipedia.org/wiki/Distributed_computing). Exemplos do atrás dito incluem [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), utilizadas por [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) e [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System), por exemplo. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Uma vez que um peer tenha encontrado uma rota para o seu contacto através de qualquer um destes métodos, é estabelecida uma ligação direta entre eles. Embora as mensagens sejam normalmente encriptadas, um observador pode ainda assim deduzir a localização e a identidade do remetente e do destinatário.
@@ -85,9 +85,9 @@ As redes P2P não utilizam servidores, uma vez que os peers comunicam diretament
Uma aplicação de mensagens instantâneas que utilize o [encaminhamento anónimo](https://doi.org/10.1007/978-1-4419-5906-5_628) oculta a identidade do remetente, do destinatário ou a prova de que estão a comunicar. Idealmente, a aplicação deve esconder os três.
-Existem [muitas](https://doi.org/10.1145/3182658) formas diferentes de implementar o encaminhamento anónimo. Um dos mais famosos é o [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (ou seja, [Tor](tor-overview.md)), que comunica mensagens encriptadas através de uma rede virtual [sobreposta](https://en.wikipedia.org/wiki/Overlay_network), que oculta a localização de cada nó, bem como o destinatário e o remetente de cada mensagem. O remetente e o destinatário nunca interagem diretamente e só se encontram através de um nó de encontro secreto, para que não haja fuga de endereços IP nem de localização física. Os nós não podem decifrar as mensagens, nem o destino final; só o destinatário o pode fazer. Cada nó intermediário só pode decifrar uma parte que indica para onde deve ser enviada a mensagem, ainda encriptada, até chegar ao destinatário, que a pode decifrar completamente. Daí o nome "camadas de cebola"
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Um dos mais famosos é o [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (ou seja, [Tor](tor-overview.md)), que comunica mensagens encriptadas através de uma rede virtual [sobreposta](https://en.wikipedia.org/wiki/Overlay_network), que oculta a localização de cada nó, bem como o destinatário e o remetente de cada mensagem. O remetente e o destinatário nunca interagem diretamente e só se encontram através de um nó de encontro secreto, para que não haja fuga de endereços IP nem de localização física. Os nós não podem decifrar as mensagens, nem o destino final; só o destinatário o pode fazer. Cada nó intermediário só pode decifrar uma parte que indica para onde deve ser enviada a mensagem, ainda encriptada, até chegar ao destinatário, que a pode decifrar completamente. Daí o nome "camadas de cebola"
-A auto-hospedagem de um nó numa rede de encaminhamento anónima não proporciona ao anfitrião benefícios adicionais em termos de privacidade, mas contribui para a resiliência de toda a rede contra ataques de identificação, para benefício de todos.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Vantagens:**
diff --git a/i18n/pt/advanced/dns-overview.md b/i18n/pt/advanced/dns-overview.md
index 3648ac4f..7ed88381 100644
--- a/i18n/pt/advanced/dns-overview.md
+++ b/i18n/pt/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: O sistema de nomes de domínio, DNS, é a "lista telefónica da Internet", e ajuda o seu browser a encontrar o site que procura.
---
-O sistema de nomes de domínio [](https://en.wikipedia.org/wiki/Domain_Name_System) é a "lista telefónica da Internet". O DNS traduz os nomes de domínio em endereços IP, para que os navegadores e outros serviços possam carregar os recursos da Internet, através de uma rede descentralizada de servidores.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. O DNS traduz os nomes de domínio em endereços IP, para que os navegadores e outros serviços possam carregar os recursos da Internet, através de uma rede descentralizada de servidores.
## O que é o DNS?
@@ -24,7 +24,7 @@ Abaixo, discutimos e fornecemos um tutorial que prova o que um observador extern
tshark -w /tmp/dns.pcap udp porto 53 e host 1.1.1.1 ou host 8.8.8.8
```
-2. Podemos depois utilizar o [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) ou o [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) para enviar a pesquisa de DNS para ambos os servidores. Software como, por exemplo, os browsers fazem estas pesquisas automaticamente, a menos que estejam configurados para utilizar DNS encriptado.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software como, por exemplo, os browsers fazem estas pesquisas automaticamente, a menos que estejam configurados para utilizar DNS encriptado.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Abaixo, discutimos e fornecemos um tutorial que prova o que um observador extern
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
==== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-O [**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) foi um dos primeiros métodos de encriptação de pedidos DNS. O DNSCrypt funciona na porta 443 e utiliza os protocolos de transporte TCP ou UDP. O DNSCrypt nunca foi submetido à [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force), nem passou pelo processo [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments), pelo que não foi amplamente utilizado, exceto em algumas implementações [](https://dnscrypt.info/implementations). Por esse motivo, foi amplamente substituído pelo mais popular [DNS sobre HTTPS](#dns-over-https-doh).
+O [**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) foi um dos primeiros métodos de encriptação de pedidos DNS. O DNSCrypt funciona na porta 443 e utiliza os protocolos de transporte TCP ou UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). Por esse motivo, foi amplamente substituído pelo mais popular [DNS sobre HTTPS](#dns-over-https-doh).
### DNS sobre TLS (DoT)
@@ -118,7 +118,7 @@ Neste exemplo, vamos registar o que acontece quando fazemos um pedido ao DoH:
3. Depois de fazer o pedido, podemos parar a captura de pacotes com
CTRL +
C.
-4. Analise os resultados no Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Quando fazemos uma pesquisa DNS, geralmente é porque queremos aceder a um recur
A forma mais simples de determinar a sua atividade de navegação é verificar os endereços IP a que os seus dispositivos acedem. Por exemplo, se o observador sabe que `privacyguides.org` está em `198.98.54.105`, e o seu dispositivo está a pedir dados a `198.98.54.105`, há uma boa hipótese de estar a visitar o Privacy Guides.
-Este método só é útil quando o endereço IP pertence a um servidor que aloja um número reduzido de sites. Também não é muito útil se o site estiver alojado numa plataforma partilhada (por exemplo, Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Também não é muito útil se o servidor estiver hospedado atrás de um [proxy reverso](https://en.wikipedia.org/wiki/Reverse_proxy), o que é muito comum na Internet moderna.
+Este método só é útil quando o endereço IP pertence a um servidor que aloja um número reduzido de sites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Também não é muito útil se o servidor estiver hospedado atrás de um [proxy reverso](https://en.wikipedia.org/wiki/Reverse_proxy), o que é muito comum na Internet moderna.
### Indicação do nome do servidor (SNI)
-A indicação do nome do servidor é normalmente utilizada quando um endereço IP aloja uma grande quantidade de sites. Pode ser um serviço como o Cloudflare ou alguma outra proteção contra [ataques de negação de serviço (DoS)](https://en.wikipedia.org/wiki/Denial-of-service_attack).
+Server Name Indication is typically used when an IP address hosts many websites. Pode ser um serviço como o Cloudflare ou alguma outra proteção contra [ataques de negação de serviço (DoS)](https://en.wikipedia.org/wiki/Denial-of-service_attack).
-1. Comece a capturar novamente com o `tshark`. Adicionámos um filtro com o nosso endereço IP para que não capture muitos pacotes:
+1. Comece a capturar novamente com o `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap porto 443 e host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | Não | nothing(Não faça nada)
```
-O DNS encriptado com terceiros só deve ser utilizado para contornar redirecionamentos e o bloqueio básico do DNS [](https://en.wikipedia.org/wiki/DNS_blocking) quando tiver a certeza de que não haverá quaisquer consequências ou quando estiver interessado num fornecedor que efetue uma filtragem rudimentar.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Lista de servidores DNS recomendados](../dns.md ""){.md-button}
diff --git a/i18n/pt/advanced/tor-overview.md b/i18n/pt/advanced/tor-overview.md
index 6fd624d5..73a47d43 100644
--- a/i18n/pt/advanced/tor-overview.md
+++ b/i18n/pt/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/pt/ai-chat.md b/i18n/pt/ai-chat.md
index 670fc24f..b08dc10b 100644
--- a/i18n/pt/ai-chat.md
+++ b/i18n/pt/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Framadate
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Melhor caso
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. As nossas recomendações podem não incluir todas as funcionalidades, mas incluem as que, na nossa opinião, têm um impacto mais elevado.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/pt/alternative-networks.md b/i18n/pt/alternative-networks.md
index 31b1aad7..919958f4 100644
--- a/i18n/pt/alternative-networks.md
+++ b/i18n/pt/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/pt/android/general-apps.md b/i18n/pt/android/general-apps.md
index 27a6e7b1..d5a7605e 100644
--- a/i18n/pt/android/general-apps.md
+++ b/i18n/pt/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/pt/basics/account-creation.md b/i18n/pt/basics/account-creation.md
index 344ebfa6..319d445d 100644
--- a/i18n/pt/basics/account-creation.md
+++ b/i18n/pt/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Muitas vezes, as pessoas inscrevem-se em serviços sem pensar. Talvez seja um serviço de streaming para poder ver aquela nova série de que todos falam, ou uma conta que lhe dá um desconto no seu restaurante de fast food favorito. Seja qual for o caso, deve considerar as implicações para os seus dados agora e mais tarde.
+Muitas vezes, as pessoas inscrevem-se em serviços sem pensar. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Seja qual for o caso, deve considerar as implicações para os seus dados agora e mais tarde.
Há riscos associados a cada novo serviço que utiliza. Violações de dados; divulgação de informações de clientes a terceiros; acesso de funcionários desonestos aos dados; todas estas são possibilidades que devem ser tidas em conta ao se divulgarem informações. É necessário ter a certeza de que pode confiar no serviço, razão pela qual não recomendamos o armazenamento de dados valiosos em nada que não seja os produtos mais maduros e testados. Isto significa, normalmente, serviços que fornecem E2EE e que foram submetidos a uma auditoria criptográfica. Uma auditoria aumenta a garantia de que o produto foi concebido sem problemas de segurança evidentes causados por um programador inexperiente.
@@ -13,11 +13,11 @@ Também pode ser difícil apagar as contas em alguns serviços. Por vezes, [subs
## Termos de Serviço e Política de Privacidade
-Os ToS são as regras que aceita seguir quando utiliza o serviço. Nos serviços de maior dimensão, estas regras são frequentemente aplicadas por sistemas automatizados. Por vezes, estes sistemas automatizados podem cometer erros. Por exemplo, pode ser banido ou bloqueado da sua conta em alguns serviços por utilizar uma VPN, ou VOIP. O recurso a estas proibições é muitas vezes difícil e envolve também um processo automatizado, que nem sempre é bem-sucedido. Esta é uma das razões pelas quais não sugerimos a utilização do Gmail para correio eletrónico, por exemplo. O correio eletrónico é crucial para o acesso a outros serviços em que se tenha inscrito.
+Os ToS são as regras que aceita seguir quando utiliza o serviço. Nos serviços de maior dimensão, estas regras são frequentemente aplicadas por sistemas automatizados. Por vezes, estes sistemas automatizados podem cometer erros. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. O recurso a estas proibições é muitas vezes difícil e envolve também um processo automatizado, que nem sempre é bem-sucedido. Esta é uma das razões pelas quais não sugerimos a utilização do Gmail para correio eletrónico, por exemplo. O correio eletrónico é crucial para o acesso a outros serviços em que se tenha inscrito.
-A Política de Privacidade é como o serviço diz que irá utilizar os seus dados e vale a pena lê-la para compreender como os seus dados serão utilizados. Uma empresa ou organização pode não ser legalmente obrigada a seguir tudo o que está contido na política (depende da jurisdição). Recomendamos que tenha uma ideia das leis locais e do que estas permitem que um fornecedor recolha.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Uma empresa ou organização pode não ser legalmente obrigada a seguir tudo o que está contido na política (depende da jurisdição). Recomendamos que tenha uma ideia das leis locais e do que estas permitem que um fornecedor recolha.
-Recomendamos que procure termos específicos como "recolha de dados", "análise de dados", "cookies", "anúncios" ou serviços "de terceiros". Por vezes, pode optar por não participar na recolha de dados ou na partilha dos seus dados, mas é melhor escolher um serviço que respeite a sua privacidade desde o início.
+Recomendamos que procure termos específicos como "recolha de dados", "análise de dados", "cookies", "anúncios" ou serviços "de terceiros". Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Não se esqueça de que também está a depositar a sua confiança na empresa ou organização e que esta irá cumprir a sua própria política de privacidade.
@@ -42,7 +42,7 @@ Será responsável pela gestão das suas credenciais de início de sessão. Para
#### Aliases de correio eletrónico
-Se não quiser fornecer o seu verdadeiro endereço de correio eletrónico a um serviço, tem a opção de utilizar um pseudónimo. Descrevemos los com mais pormenor na nossa página de recomendações de serviços de correio eletrónico. Essencialmente, os serviços de alias permitem-lhe gerar novos endereços de correio eletrónico que reencaminham todas as mensagens para o seu endereço principal. Isto pode ajudar a evitar o rastreio entre serviços e ajudá-lo a gerir as mensagens eletrónicas de marketing que, por vezes, acompanham o processo de registo. Estes podem ser filtrados automaticamente com base no pseudónimo para o qual são enviados.
+Se não quiser fornecer o seu verdadeiro endereço de correio eletrónico a um serviço, tem a opção de utilizar um pseudónimo. Descrevemos los com mais pormenor na nossa página de recomendações de serviços de correio eletrónico. Essencialmente, os serviços de alias permitem-lhe gerar novos endereços de correio eletrónico que reencaminham todas as mensagens para o seu endereço principal. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Estes podem ser filtrados automaticamente com base no pseudónimo para o qual são enviados.
Se um serviço for comprometido, pode começar a receber mensagens eletrónicas de phishing ou spam no endereço que utilizou para se registar. A utilização de aliases únicos para cada serviço pode ajudar a identificar exatamente qual o serviço comprometido.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
Recomendamos que evite serviços que exijam um número de telefone para se registar. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Se possível, deve evitar dar o seu número de telefone verdadeiro. Alguns serviços permitem a utilização de números VOIP, no entanto, estes acionam frequentemente sistemas de deteção de fraudes, fazendo com que uma conta seja bloqueada, pelo que não recomendamos a sua utilização para contas importantes.
+Se possível, deve evitar dar o seu número de telefone verdadeiro. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
Em muitos casos, é necessário fornecer um número a partir do qual possa receber SMS ou chamadas, especialmente em compras internacionais, para o caso de haver um problema com a sua encomenda no controlo fronteiriço. É comum os serviços utilizarem o seu número como método de verificação; não se deixe bloquear numa conta importante porque quis ser esperto e dar um número falso!
diff --git a/i18n/pt/basics/account-deletion.md b/i18n/pt/basics/account-deletion.md
index e464db72..7c959a94 100644
--- a/i18n/pt/basics/account-deletion.md
+++ b/i18n/pt/basics/account-deletion.md
@@ -27,7 +27,7 @@ As plataformas de ambiente de trabalho também têm frequentemente um gestor de
### Correio eletrónico
-Se não utilizou um gestor de palavras-passe no passado ou se pensa que tem contas que nunca foram adicionadas ao seu gestor de palavras-passe, outra opção é pesquisar a(s) conta(s) de correio eletrónico em que pensa ter-se registado. No seu cliente de correio eletrónico, procure palavras-chave como "verificar" ou "bem-vindo." Quase sempre que cria uma conta em linha, o serviço envia uma ligação de verificação ou uma mensagem introdutória para o seu correio eletrónico. Esta pode ser uma boa forma de encontrar contas antigas e esquecidas.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. No seu cliente de correio eletrónico, procure palavras-chave como "verificar" ou "bem-vindo." Quase sempre que cria uma conta em linha, o serviço envia uma ligação de verificação ou uma mensagem introdutória para o seu correio eletrónico. Esta pode ser uma boa forma de encontrar contas antigas e esquecidas.
## Eliminar Contas Antigas
@@ -39,7 +39,7 @@ Ao tentar recuperar o acesso, se o sítio web devolver uma mensagem de erro a in
### RGPD (somente residentes no EEE)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Se for aplicável ao seu caso, leia a política de privacidade de um determinado serviço para obter informações sobre como exercer o seu direito ao apagamento. A leitura da política de privacidade pode revelar-se importante, uma vez que alguns serviços têm uma opção "Eliminar conta" que apenas desativa a sua conta e, para uma verdadeira eliminação, tem de tomar medidas adicionais. Por vezes, a eliminação efetiva pode implicar o preenchimento de inquéritos, o envio de uma mensagem de correio eletrónico ao responsável pela proteção de dados do serviço ou mesmo a prova da sua residência no EEE. Se pretender seguir este caminho, **não** substitua as informações da conta — a sua identidade como residente no EEE pode ser exigida. Note-se que a localização do serviço não é importante; o RGPD aplica-se a todos os que servem utilizadores europeus. Se o serviço não respeitar o seu direito ao apagamento, pode contactar a sua [Autoridade de Proteção de Dados](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) nacional, e poderá ter direito a uma compensação monetária.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Se for aplicável ao seu caso, leia a política de privacidade de um determinado serviço para obter informações sobre como exercer o seu direito ao apagamento. A leitura da política de privacidade pode revelar-se importante, uma vez que alguns serviços têm uma opção "Eliminar conta" que apenas desativa a sua conta e, para uma verdadeira eliminação, tem de tomar medidas adicionais. Por vezes, a eliminação efetiva pode implicar o preenchimento de inquéritos, o envio de uma mensagem de correio eletrónico ao responsável pela proteção de dados do serviço ou mesmo a prova da sua residência no EEE. Se pretender seguir este caminho, **não** substitua as informações da conta — a sua identidade como residente no EEE pode ser exigida. Note-se que a localização do serviço não é importante; o RGPD aplica-se a todos os que servem utilizadores europeus. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Subscrever Informações da Conta
diff --git a/i18n/pt/basics/common-misconceptions.md b/i18n/pt/basics/common-misconceptions.md
index 11ffdc8c..dcb73d6a 100644
--- a/i18n/pt/basics/common-misconceptions.md
+++ b/i18n/pt/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ As políticas de privacidade e as práticas comerciais dos fornecedores que esco
## "Complicado é melhor"
-É frequente vermos pessoas a descrever modelos de ameaças à privacidade que são demasiado complexos. Muitas vezes, estas soluções incluem problemas como muitas contas de correio eletrónico diferentes ou configurações complicadas com muitas partes móveis e condições. As respostas são geralmente respostas a "Qual é a melhor maneira de fazer *X*?"
+É frequente vermos pessoas a descrever modelos de ameaças à privacidade que são demasiado complexos. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. As respostas são geralmente respostas a "Qual é a melhor maneira de fazer *X*?"
Encontrar a "melhor" solução para si não significa necessariamente que está à procura de uma solução infalível com dezenas de condições — estas soluções são muitas vezes difíceis de trabalhar de forma realista. Tal como referimos anteriormente, a segurança tem muitas vezes um custo em termos de conveniência. Em seguida, apresentamos alguns conselhos:
1. ==As ações têm de servir um determinado objetivo:== pense em como fazer o que pretende com o menor número de ações.
2. ==Remova os pontos de falha humanos:== Falhamos, cansamo-nos e esquecemo-nos de coisas. Para manter a segurança, evite depender de condições e processos manuais dos quais tem de se lembrar.
-3. ==Utilize o nível de proteção adequado para o que pretende== É frequente vermos recomendações das chamadas soluções à prova de intimação ou de aplicação da lei. Estes requerem frequentemente conhecimentos especializados e não são geralmente o que as pessoas querem. Não adianta criar um modelo de ameaças complexo para o anonimato se pode ser facilmente desanonimizado por um simples descuido.
+3. ==Utilize o nível de proteção adequado para o que pretende== É frequente vermos recomendações das chamadas soluções à prova de intimação ou de aplicação da lei. Estes requerem frequentemente conhecimentos especializados e não são geralmente o que as pessoas querem. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Então, o que isto pode parecer?
@@ -94,4 +94,4 @@ Um dos modelos de ameaça mais claros é aquele no qual as pessoas *sabem quem
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/pt/basics/common-threats.md b/i18n/pt/basics/common-threats.md
index 9b240298..bd14e201 100644
--- a/i18n/pt/basics/common-threats.md
+++ b/i18n/pt/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Cada utilizador tem o seu modelo de ameaça, mas estes são alguns dos aspetos que interessam a muitos visitantes deste site.
---
-Em termos gerais, categorizamos as nossas recomendações no tipo de [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Pode preocupar-se com nenhuma, uma, algumas ou todas estas possibilidades==, e as ferramentas e serviços que utiliza dependem dos seus objetivos. Também pode ter ameaças específicas fora destas categorias, o que é perfeitamente normal! O que importa realmente é que compreenda as vantagens e desvantagens das ferramentas que escolher, uma vez que praticamente nenhuma delas o protegerá de todas as ameaças.
+Em termos gerais, categorizamos as nossas recomendações no tipo de [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Pode preocupar-se com nenhuma, uma, algumas ou todas estas possibilidades==, e as ferramentas e serviços que utiliza dependem dos seus objetivos. You may have specific threats outside these categories as well, which is perfectly fine! O que importa realmente é que compreenda as vantagens e desvantagens das ferramentas que escolher, uma vez que praticamente nenhuma delas o protegerá de todas as ameaças.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Para minimizar os danos que um software malicioso *pode* causar, deve utilizar a
Os sistemas operativos móveis têm geralmente uma melhor proteção das aplicações do que os sistemas operativos de secretária: as aplicações não podem obter acesso à raiz e necessitam de permissão para aceder aos recursos do sistema.
-Os sistemas operativos para desktop deixam a desejar no que diz respeito a uma adequada proteção. O ChromeOS tem capacidades de sandbox semelhantes às do Android e o macOS tem controlo total das permissões do sistema (e os programadores podem optar pela sandbox para as aplicações). No entanto, estes sistemas operativos transmitem informações de identificação aos respectivos OEMs. O Linux tende a não enviar informações aos fornecedores de sistemas, mas tem uma fraca proteção contra exploits e aplicações maliciosas. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Os sistemas operativos para desktop deixam a desejar no que diz respeito a uma adequada proteção. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). No entanto, estes sistemas operativos transmitem informações de identificação aos respectivos OEMs. O Linux tende a não enviar informações aos fornecedores de sistemas, mas tem uma fraca proteção contra exploits e aplicações maliciosas. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Por conseguinte, sempre que possível, deve utilizar aplicações nativas em vez
-Mesmo com a E2EE, os fornecedores de serviços podem ainda traçar o seu perfil com base nos **metadados**, que normalmente não estão protegidos. Embora o fornecedor de serviços não possa ler as suas mensagens, pode observar coisas importantes, como com quem está a falar, com que frequência lhes envia mensagens e quando está normalmente ativo. A proteção de metadados é bastante invulgar e, se estiver incluída no seu [modelo de ameaças](threat-modeling.md), deve prestar muita atenção à documentação técnica do software que está a utilizar, de forma a verificar se existe alguma minimização ou proteção de metadados.
+Mesmo com a E2EE, os fornecedores de serviços podem ainda traçar o seu perfil com base nos **metadados**, que normalmente não estão protegidos. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. A proteção de metadados é bastante invulgar e, se estiver incluída no seu [modelo de ameaças](threat-modeling.md), deve prestar muita atenção à documentação técnica do software que está a utilizar, de forma a verificar se existe alguma minimização ou proteção de metadados.
## Programas de vigilância em massa
@@ -156,7 +156,7 @@ A vigilância em massa é o esforço intrincado para monitorizar o "comportament
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
Para muitas pessoas, a localização e vigilância por parte de empresas privadas é uma preocupação crescente. As redes de marketing omnipresentes, como as operadas pela Google e pelo Facebook, abrangem a Internet muito para além dos sites que controlam, acompanhando todas as suas ações ao longo da sua jornada de navegação. A utilização de ferramentas tais como bloqueadores de conteúdos para limitar os pedidos de rede aos seus servidores, bem como a leitura das políticas de privacidade dos serviços que utiliza, pode ajudá-lo a evitar muitos adversários básicos (embora não possa impedir completamente o rastreio).[^4]
-Além disso, mesmo as empresas que não pertencem à *AdTech* ou à indústria de rastreio podem partilhar as suas informações com [corretores de dados](https://en.wikipedia.org/wiki/Information_broker) (como a Cambridge Analytica, a Experian ou a Datalogix) ou outras partes. Não pode assumir que os seus dados estão seguros só porque o serviço que está a utilizar não se enquadra no modelo de negócio típico da AdTech ou do rastreio. A proteção mais forte contra a recolha de dados empresariais é encriptar ou ofuscar os seus dados sempre que possível, dificultando a correlação entre os dados de diferentes fornecedores e a criação de um perfil sobre si.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Não pode assumir que os seus dados estão seguros só porque o serviço que está a utilizar não se enquadra no modelo de negócio típico da AdTech ou do rastreio. A proteção mais forte contra a recolha de dados empresariais é encriptar ou ofuscar os seus dados sempre que possível, dificultando a correlação entre os dados de diferentes fornecedores e a criação de um perfil sobre si.
## Limitação da informação pública
diff --git a/i18n/pt/basics/email-security.md b/i18n/pt/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/pt/basics/email-security.md
+++ b/i18n/pt/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/pt/basics/hardware.md b/i18n/pt/basics/hardware.md
index 300e8070..ee5e048e 100644
--- a/i18n/pt/basics/hardware.md
+++ b/i18n/pt/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/pt/basics/multi-factor-authentication.md b/i18n/pt/basics/multi-factor-authentication.md
index 4a259038..54053cbc 100644
--- a/i18n/pt/basics/multi-factor-authentication.md
+++ b/i18n/pt/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Autenticação multi-fator"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
A idéia por trás do AMF é que mesmo que um hacker (ou adversário) seja capaz de descobrir sua senha (algo que você *sabe*), eles ainda precisarão de um dispositivo que você possui como o seu telefone (algo que você *tem*), a fim de gerar o código necessário para entrar na sua conta. Os métodos de AMF variam na segurança com base nesta premissa: quanto mais difícil for para um atacante ter acesso ao seu método AMF, melhor.
@@ -26,7 +26,7 @@ A segurança da notificação push AMF depende tanto da qualidade do aplicativo,
### Palavra-passe única baseada no tempo (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Se você tem uma chave de segurança de hardware com suporte a TOTP (como uma YubiKey com [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)), recomendamos que você armazene os seus "segredos compartilhados" no hardware. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
Se um site ou serviço suportar FIDO2 / U2F para a autenticação, é altamente recomendável que o utilize em relação a qualquer outra forma de AMF.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Ao configurar o seu método AMF, tenha em mente que ele é apenas tão seguro quanto o seu método de autenticação mais fraco que você usa. It also does not use any third-party cloud server for authentication. Por exemplo, se você já estiver usando TOTP, você deve desativar o e-mail e SMS MFA. Se já estiver a utilizar o FIDO2 / U2F, não deve utilizar o Yubico OTP ou TOTP na sua conta.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## Mais lugares para configurar o AMF
-Yubico tem um guia [Usando o seu YubiKey como Smart Card em macOS](https://support.yubico.com/hc/en-us/articles/360016649059) que o pode ajudar a configurar o seu YubiKey em macOS.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (e KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/pt/basics/passwords-overview.md b/i18n/pt/basics/passwords-overview.md
index 0d041b50..7accd66f 100644
--- a/i18n/pt/basics/passwords-overview.md
+++ b/i18n/pt/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/pt/basics/threat-modeling.md b/i18n/pt/basics/threat-modeling.md
index ab9d9d91..e151a874 100644
--- a/i18n/pt/basics/threat-modeling.md
+++ b/i18n/pt/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Um "bem" é algo que você valoriza e quer proteger. No contexto da segurança d
Para responder a esta pergunta, é importante identificar quem pode querer ter como alvo você ou as suas informações. ==Uma pessoa ou entidade que representa uma ameaça aos seus ativos é um “adversário”.== Exemplos de potenciais adversários são o seu chefe, o seu ex-parceiro, o seu concorrente comercial, o seu governo ou um hacker numa rede pública.
-*Faça uma lista dos seus adversários ou daqueles que podem querer apropriar-se dos seus ativos. A sua lista pode incluir indivíduos, agências governamentais ou corporações.*
+*Make a list of your adversaries or those who might want to get hold of your assets. A sua lista pode incluir indivíduos, agências governamentais ou corporações.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/pt/browser-extensions.md b/i18n/pt/browser-extensions.md
index 58c61b9c..557241b2 100644
--- a/i18n/pt/browser-extensions.md
+++ b/i18n/pt/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/pt/calendar.md b/i18n/pt/calendar.md
index dfc235bf..2c5b66fe 100644
--- a/i18n/pt/calendar.md
+++ b/i18n/pt/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/pt/cloud.md b/i18n/pt/cloud.md
index b02e97ac..93b541dc 100644
--- a/i18n/pt/cloud.md
+++ b/i18n/pt/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Framadate
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/pt/cryptocurrency.md b/i18n/pt/cryptocurrency.md
index fe88dc17..655fe448 100644
--- a/i18n/pt/cryptocurrency.md
+++ b/i18n/pt/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Framadate
diff --git a/i18n/pt/data-broker-removals.md b/i18n/pt/data-broker-removals.md
index 7c2613a5..520ebae2 100644
--- a/i18n/pt/data-broker-removals.md
+++ b/i18n/pt/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/pt/desktop-browsers.md b/i18n/pt/desktop-browsers.md
index 54d342b5..bc09ab83 100644
--- a/i18n/pt/desktop-browsers.md
+++ b/i18n/pt/desktop-browsers.md
@@ -109,7 +109,7 @@ Este procedimento serve para evitar formas avançadas de rastreio, mas sacrifica
### Mullvad Leta
-O Mullvad Browser vem com o motor de pesquisa DuckDuckGo predefinido [](search-engines.md), mas também vem pré-instalado com o **Mullvad Leta**, um motor de pesquisa que requer uma subscrição VPN Mullvad ativa para ser acedido. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Por este motivo, desaconselhamos a utilização do Mullvad Leta, apesar do Mullvad recolher muito poucas informações sobre os seus subscritores de VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. Por este motivo, desaconselhamos a utilização do Mullvad Leta, apesar do Mullvad recolher muito poucas informações sobre os seus subscritores de VPN.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> O Firefox envia-nos dados sobre a sua versão e idioma do Firefox; sistema operativo e configuração de hardware do dispositivo; memória, informações básicas sobre falhas e erros; resultado de processos automatizados como atualizações, navegação segura e ativação. Quando o Firefox nos envia dados, o seu endereço IP é temporariamente recolhido como parte dos registos do nosso servidor.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Abra as definições do seu perfil [em accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Desmarque **Recolha e utilização de dados** > **Ajudar a melhorar as contas Firefox**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Selecione **Ativar o modo apenas HTTPS em todas as janelas**
-Esta opção impede-o de se ligar involuntariamente a um site em texto simples HTTP. Os sites sem HTTPS são raros hoje em dia, pelo que esta opção deverá ter pouco ou nenhum impacto na sua navegação quotidiana.
+Esta opção impede-o de se ligar involuntariamente a um site em texto simples HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS sobre HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/pt/desktop.md b/i18n/pt/desktop.md
index e2112383..045f98d3 100644
--- a/i18n/pt/desktop.md
+++ b/i18n/pt/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS é uma distribuição independente baseada no gerenciador de pacotes Nix c
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/pt/device-integrity.md b/i18n/pt/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/pt/device-integrity.md
+++ b/i18n/pt/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/pt/dns.md b/i18n/pt/dns.md
index 1b74c8c3..6762c0b2 100644
--- a/i18n/pt/dns.md
+++ b/i18n/pt/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### ControlID
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/pt/document-collaboration.md b/i18n/pt/document-collaboration.md
index e7696a96..0ebdfeef 100644
--- a/i18n/pt/document-collaboration.md
+++ b/i18n/pt/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Os nossos melhores critérios representam o que gostaríamos de ver num projeto perfeito desta categoria. As nossas recomendações podem não incluir todas as funcionalidades, mas incluem as que, na nossa opinião, têm um impacto mais elevado.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/pt/email-aliasing.md b/i18n/pt/email-aliasing.md
index de0fea6c..b0d6fcc7 100644
--- a/i18n/pt/email-aliasing.md
+++ b/i18n/pt/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/pt/email.md b/i18n/pt/email.md
index 8f62da71..898fc2e2 100644
--- a/i18n/pt/email.md
+++ b/i18n/pt/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-O **Proton Mail** é um serviço de e-mail que privilegia a privacidade, a encriptação, a segurança e a facilidade de utilização. They have been in operation since 2013. A Proton AG tem sede em Genebra, na Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+O **Proton Mail** é um serviço de e-mail que privilegia a privacidade, a encriptação, a segurança e a facilidade de utilização. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ O Proton Mail [aceita](https://proton.me/support/payment-options) dinheiro por c
#### :material-check:{ .pg-green } Segurança da conta
-O Proton Mail suporta TOTP [autenticação de dois fatores](https://proton.me/support/two-factor-authentication-2fa) e [chaves de segurança de hardware](https://proton.me/support/2fa-security-key) utilizando as normas FIDO2 ou U2F. A utilização de uma chave de segurança de hardware requer a configuração prévia da autenticação de dois fatores TOTP.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Segurança dos dados
@@ -117,7 +117,7 @@ Se tiver uma conta paga e passarem 14 dias da data de pagamento [sem que seja pa
#### :material-information-outline:{ .pg-blue } Funcionalidade adicional
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
O Proton Mail não oferece funcionalidade de legado digital.
@@ -127,7 +127,7 @@ O Proton Mail não oferece funcionalidade de legado digital.
{ align=right }
-**Mailbox.org** é um serviço de e-mail cujo foco é a segurança. Não apresenta nenhum tipo de publicidade e o seu consumo de energia é garantido de forma privada por energia 100% ecológica. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** é um serviço de e-mail cujo foco é a segurança. Não apresenta nenhum tipo de publicidade e o seu consumo de energia é garantido de forma privada por energia 100% ecológica. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Métodos de pagamento privados
-O Mailbox.org não aceita quaisquer criptomoedas devido ao facto do seu processador de pagamentos BitPay ter suspendido as operações na Alemanha. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+O Mailbox.org não aceita quaisquer criptomoedas devido ao facto do seu processador de pagamentos BitPay ter suspendido as operações na Alemanha. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Segurança da conta
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Normas Web como a [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportadas.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Normas Web como a [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportadas.
#### :material-information-outline:{ .pg-blue } Segurança dos dados
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Funcionalidade adicional
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). No entanto, a sua interface de webmail não pode ser acedida através do serviço .onion e podem ocorrer erros de certificado TLS.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. O Mailbox.org também suporta [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync), para além dos protocolos de acesso padrão como IMAP e POP3.
@@ -195,7 +195,7 @@ Estes fornecedores armazenam as suas mensagens eletrónicas com encriptação de
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Métodos de pagamento privados
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Segurança da Conta
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Segurança dos Dados
@@ -297,7 +297,7 @@ Consideramos que estas características são importantes para podermos prestar u
**Mínimos de qualificação:**
- Encriptação de todos os dados da conta de e-mail em estado de repouso, com encriptação de acesso zero.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Permitir que aos utilizadores configurar o seu próprio nome de domínio [](https://en.wikipedia.org/wiki/Domain_name). Os nomes de domínio personalizados são importantes para os utilizadores, porque lhes permitem manter a sua agência do serviço, caso este se torne mau ou seja adquirido por outra empresa que não dê prioridade à privacidade.
- Funciona com uma infraestrutura própria, isto é, não se baseia em fornecedores de serviços de e-mail de terceiros.
diff --git a/i18n/pt/encryption.md b/i18n/pt/encryption.md
index 00c271ee..1a23147b 100644
--- a/i18n/pt/encryption.md
+++ b/i18n/pt/encryption.md
@@ -124,7 +124,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -198,7 +198,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** é a solução de encriptação de volume on-the-fly integrada em macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** é a solução de encriptação de volume on-the-fly integrada em macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/pt/file-sharing.md b/i18n/pt/file-sharing.md
index acdd4acb..d1b5b14b 100644
--- a/i18n/pt/file-sharing.md
+++ b/i18n/pt/file-sharing.md
@@ -13,7 +13,7 @@ Descubra como partilhar os seus ficheiros em privado entre os seus dispositivos,
## Gestores de senhas
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### OnionShare
diff --git a/i18n/pt/frontends.md b/i18n/pt/frontends.md
index 7a55f878..e11f9df0 100644
--- a/i18n/pt/frontends.md
+++ b/i18n/pt/frontends.md
@@ -251,7 +251,7 @@ Por defeito, o LibreTube bloqueia todos os anúncios do YouTube. Additionally, L
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/pt/index.md b/i18n/pt/index.md
index 91fb27ed..cace4ae1 100644
--- a/i18n/pt/index.md
+++ b/i18n/pt/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. A Proton AG tem sede em Genebra, na Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/pt/meta/brand.md b/i18n/pt/meta/brand.md
index 97b1f704..b7363f80 100644
--- a/i18n/pt/meta/brand.md
+++ b/i18n/pt/meta/brand.md
@@ -12,7 +12,7 @@ O nome do site é **Privacy Guides** e **e não** deve ser alterado para:
- PG.org
-O nome do subreddit é **r/PrivacyGuides** ou **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Podem ser encontradas diretrizes de marca adicionais em [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/pt/meta/translations.md b/i18n/pt/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/pt/meta/translations.md
+++ b/i18n/pt/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/pt/meta/uploading-images.md b/i18n/pt/meta/uploading-images.md
index adbe5672..3bc57798 100644
--- a/i18n/pt/meta/uploading-images.md
+++ b/i18n/pt/meta/uploading-images.md
@@ -48,7 +48,7 @@ Na janela **Exportar em SVG** nas **Opções do documento**:
- [ ] Desative **Remover a declaração XML**
- [x] Ative **Remover metadados**
- [x] Ative **Remover comentários**
-- [x] Ative **Embutir imagens raster**
+- [x] Turn on **Embedded raster images**
- [x] Ative **Ativar viewBox**
Na janela **Exportar em SVG** em **Impressão organizada**:
diff --git a/i18n/pt/meta/writing-style.md b/i18n/pt/meta/writing-style.md
index 24c62c42..547ab051 100644
--- a/i18n/pt/meta/writing-style.md
+++ b/i18n/pt/meta/writing-style.md
@@ -64,7 +64,7 @@ Deveremos evitar a utilização de abreviaturas, sempre que possível, embora sa
## Seja conciso
-> Palavras desnecessárias desperdiçam tempo ao seu público. Uma boa escrita é como uma conversa. Omita informações desnecessárias. Pode ser uma tarefa difícil para quem é especialista no tema, pelo que é importante que alguém possa validar a informação da perspetiva do público.
+> Palavras desnecessárias desperdiçam tempo ao seu público. Uma boa escrita é como uma conversa. Omita informações desnecessárias. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/pt/mobile-browsers.md b/i18n/pt/mobile-browsers.md
index f411256d..b226e1b6 100644
--- a/i18n/pt/mobile-browsers.md
+++ b/i18n/pt/mobile-browsers.md
@@ -247,7 +247,7 @@ Esta opção impede-o de se ligar involuntariamente a um site em texto simples H
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-O **Safari** é o navegador predefinido no iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+O **Safari** é o navegador predefinido no iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Abra o Safari e clique no botão Abas, localizado na parte inferior direita. The
- [x] Selecione **Privado**
-O modo de Navegação Privada do Safari oferece adicionais proteções de privacidade. A Navegação Privada usa uma nova sessão [efémera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) para cada aba, o que significa que as abas estão isoladas uma da outra. Também há outras vantagens pequenas em privacidade com a Navegação Privada, como não enviar o endereço de página de web à Apple quando usar a funcionalidade de tradução do Safari.
+O modo de Navegação Privada do Safari oferece adicionais proteções de privacidade. A Navegação Privada usa uma nova sessão [efémera](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) para cada aba, o que significa que as abas estão isoladas uma da outra. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Isto pode ser uma inconveniência.
diff --git a/i18n/pt/multi-factor-authentication.md b/i18n/pt/multi-factor-authentication.md
index f293780b..f200b51b 100644
--- a/i18n/pt/multi-factor-authentication.md
+++ b/i18n/pt/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Autenticação multi-fator"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/pt/notebooks.md b/i18n/pt/notebooks.md
index 4954ade4..624dcd76 100644
--- a/i18n/pt/notebooks.md
+++ b/i18n/pt/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Fornecedores de serviços](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Mantenha um registo das suas notas e diários sem os entregar a terceiros.
+Keep track of your notes and journals without giving them to a third party.
Se estiver a utilizar atualmente uma aplicação como o Evernote, o Google Keep ou o Microsoft OneNote, sugerimos que escolha uma alternativa que suporte E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** é uma aplicação gratuita, de código aberto e com todas as funcionalidades características de uma aplicação do género. É capaz de lidar com um grande número de notas markdown, organizadas em cadernos e tags. Oferece E2EE e pode ser sincronizada através do Nextcloud, Dropbox e muito mais. Também permite a importação fácil do Evernote e de notas de texto simples.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Oferece E2EE e pode ser sincronizada através do Nextcloud, Dropbox e muito mais. Também permite a importação fácil do Evernote e de notas de texto simples.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-O Cryptee oferece 100MB de armazenamento gratuito, com opções pagas para o caso de precisar de mais espaço. O registo não requer um e-mail ou outras informações de identificação pessoal.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. O registo não requer um e-mail ou outras informações de identificação pessoal.
## Aplicações de Notas locais
diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md
index 2c975a48..d662dc68 100644
--- a/i18n/pt/os/android-overview.md
+++ b/i18n/pt/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/pt/os/ios-overview.md b/i18n/pt/os/ios-overview.md
index 8b4f5517..f0bb8278 100644
--- a/i18n/pt/os/ios-overview.md
+++ b/i18n/pt/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/pt/os/linux-overview.md b/i18n/pt/os/linux-overview.md
index f0c32c6c..72cb42c1 100644
--- a/i18n/pt/os/linux-overview.md
+++ b/i18n/pt/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/pt/os/macos-overview.md b/i18n/pt/os/macos-overview.md
index 6af93239..e4ade5c8 100644
--- a/i18n/pt/os/macos-overview.md
+++ b/i18n/pt/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Cópias de segurança
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Fontes
diff --git a/i18n/pt/os/windows/group-policies.md b/i18n/pt/os/windows/group-policies.md
index fcf0c862..d0b5560c 100644
--- a/i18n/pt/os/windows/group-policies.md
+++ b/i18n/pt/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/pt/os/windows/index.md b/i18n/pt/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/pt/os/windows/index.md
+++ b/i18n/pt/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/pt/passwords.md b/i18n/pt/passwords.md
index 9101de74..66448cff 100644
--- a/i18n/pt/passwords.md
+++ b/i18n/pt/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ Estas opções permitem-lhe gerir localmente uma base de dados de palavras-passe
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ O KeePassXC armazena os seus dados de exportação em formato [CSV](https://en.w
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/pt/photo-management.md b/i18n/pt/photo-management.md
index f7f7c051..7d83c4e8 100644
--- a/i18n/pt/photo-management.md
+++ b/i18n/pt/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Deve ser de fonte aberta.
diff --git a/i18n/pt/real-time-communication.md b/i18n/pt/real-time-communication.md
index 6ee7a527..b68b7bba 100644
--- a/i18n/pt/real-time-communication.md
+++ b/i18n/pt/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Critérios
diff --git a/i18n/pt/router.md b/i18n/pt/router.md
index 2512f20b..8e1659cf 100644
--- a/i18n/pt/router.md
+++ b/i18n/pt/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-O **OpenWrt** é um sistema operativo baseado em Linux; é utilizado principalmente em dispositivos incorporados para encaminhar o tráfego de rede. Inclui util-linux, uClibc e BusyBox. Todos os componentes foram otimizados para routers domésticos.
+O **OpenWrt** é um sistema operativo baseado em Linux; é utilizado principalmente em dispositivos incorporados para encaminhar o tráfego de rede. Inclui util-linux, uClibc e BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentação}
diff --git a/i18n/pt/security-keys.md b/i18n/pt/security-keys.md
index 899b8fbb..59d0e5d1 100644
--- a/i18n/pt/security-keys.md
+++ b/i18n/pt/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/pt/tools.md b/i18n/pt/tools.md
index 2039798f..351b7e35 100644
--- a/i18n/pt/tools.md
+++ b/i18n/pt/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. A Proton AG tem sede em Genebra, na Suíça. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Estão em funcionamento desde 2014. A Mailbox.org está sediada em Berlim, na Alemanha. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/pt/tor.md b/i18n/pt/tor.md
index 5cdd346b..4271c043 100644
--- a/i18n/pt/tor.md
+++ b/i18n/pt/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Navegador Tor
@@ -114,17 +114,11 @@ Anteriormente, recomendamos ativar a preferência *Isolar endereço de destino*
Tips for Android
-Os dados de cada usuário são criptografados usando sua própria chave de criptografia exclusiva, e os arquivos do sistema operacional são deixados não criptografados. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Os dados de cada usuário são criptografados usando sua própria chave de criptografia exclusiva, e os arquivos do sistema operacional são deixados não criptografados. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
O Orbot está frequentemente desatualizado no [repositório F-Droid](https://guardianproject.info/fdroid) e no [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) do Projeto Guardian, então considere fazer o download diretamente do [repositório GitHub](https://github.com/guardianproject/orbot/releases).
-[Visite orbot.app](https://orbot.app/){ .md-button .md-button--primary }
-
-**Downloads***
-- [:fontawesome-brands-google-play: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
-- [:pg-f-droid: F-Droid](https://guardianproject.info/fdroid)
-- [:fontawesome-brands-github: GitHub](https://github.com/guardianproject/orbot)
-- [:fontawesome-brands-gitlab: GitLab](https://gitlab.com/guardianproject/orbot)
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/pt/vpn.md b/i18n/pt/vpn.md
index a2081dda..d2583c62 100644
--- a/i18n/pt/vpn.md
+++ b/i18n/pt/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Recomendações e comparações de serviços de privacidade VPN, sem patrocinadores ou anúncios - Privacy Guides"
title: "Serviços VPN"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Encontrará aqui fornecedores de Vpn que não o espiam.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). As aplicações torrent suportam frequentemente NAT-PMP de forma nativa.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). As aplicações torrent suportam frequentemente NAT-PMP de forma nativa.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. O Proton VPN tem os seus próprios servidores e centros de dados na Suíça, Islândia e Suécia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. O Proton VPN tem os seus próprios servidores e centros de dados na Suíça, Islândia e Suécia. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } A funcionalidade Killswitch não funciona nos Macs baseados em Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Se precisar desta funcionalidade e estiver a utilizar um Mac com chipset Intel, deve considerar a utilização de outro serviço VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Se precisar desta funcionalidade e estiver a utilizar um Mac com chipset Intel, deve considerar a utilização de outro serviço VPN.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Clientes para dispositivos móveis
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### IVPN
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-O **Mullvad** é uma VPN rápida e económica, com grande foco na transparência e segurança. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+O **Mullvad** é uma VPN rápida e económica, com grande foco na transparência e segurança. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
### Tecnologia
-Exigimos que todos os nossos fornecedores de VPN recomendados forneçam ficheiros de configuração OpenVPN para serem utilizados em qualquer cliente. **Se** uma VPN fornecer o seu próprio cliente personalizado, é necessário um killswitch que bloqueie as fugas de dados da rede no caso da VPN se desconectar.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Mínimos de qualificação:**
-- Suporte para protocolos fortes, como o WireGuard e OpenVPN.
-- Killswitch incorporado nos clientes.
-- Suporte multihop. O multihopping é importante para manter os dados privados, no caso de um nó de rede ser comprometido.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Melhor caso:**
-- Killswitch com opções altamente configuráveis (ativar/desativar em determinadas redes, no arranque, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Clientes VPN fáceis de utilizar
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. É suposto que os servidores permitam ligações de entrada através do IPv6 e que lhe permitam aceder a serviços alojados em endereços IPv6.
- A capacidade de [reencaminhamento de portas remotas](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) ajuda a criar ligações quando se utiliza software de partilha de ficheiros P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) ou se aloja um servidor (por exemplo, Mumble).
@@ -316,11 +316,11 @@ Preferimos que os nossos fornecedores recomendados recolham o mínimo de dados p
**Melhor caso:**
- Deve aceitar várias opções de pagamento anónimo [](advanced/payments.md).
-- Não devem ser pedidas informações pessoais (deve ser possível utilizar um nome de utilizador gerado automaticamente, não deve ser necessário e-mail, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Segurança
-Uma VPN é inútil se não proporcionar uma segurança adequada. Exigimos que todos os nossos fornecedores recomendados cumpram as normas de segurança atuais para as suas ligações OpenVPN. O ideal será a utilização, por defeito, de esquemas de encriptação mais resistentes ao futuro. Também exigimos que um terceiro independente audite a segurança do fornecedor, idealmente de uma forma muito abrangente e numa base regular (anual).
+Uma VPN é inútil se não proporcionar uma segurança adequada. We require all our recommended providers to abide by current security standards. O ideal será a utilização, por defeito, de esquemas de encriptação mais resistentes ao futuro. Também exigimos que um terceiro independente audite a segurança do fornecedor, idealmente de uma forma muito abrangente e numa base regular (anual).
**Mínimos de qualificação:**
@@ -358,7 +358,7 @@ Os fornecedores de VPN que recomendamos devem ter uma política de marketing res
**Mínimos de qualificação:**
-- Deve ter sistema de análise de estatísticas auto-hospedado (não podem usar o Google Analytics). O site do fornecedor deve estar em conformidade com a norma [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track), no caso das pessoas não pretenderem participar.
+- Deve ter sistema de análise de estatísticas auto-hospedado (não podem usar o Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Não deve implementar políticas de marketing irresponsáveis:
diff --git a/i18n/ru/about.md b/i18n/ru/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/ru/about.md
+++ b/i18n/ru/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/ru/about/contributors.md b/i18n/ru/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/ru/about/contributors.md
+++ b/i18n/ru/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/ru/about/criteria.md b/i18n/ru/about/criteria.md
index df28ed83..5ba5554c 100644
--- a/i18n/ru/about/criteria.md
+++ b/i18n/ru/about/criteria.md
@@ -24,7 +24,7 @@ Below are some general priorities we consider for all submissions to Privacy Gui
- Должны раскрыть связь с проектом, т.е. вашу должность в представляемом проекте.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Если возможно, укажите, кто будет проводить аудит.
- Должен объяснить, что проект дает в плане конфиденциальности.
diff --git a/i18n/ru/about/executive-policy.md b/i18n/ru/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/ru/about/executive-policy.md
+++ b/i18n/ru/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/ru/about/notices.md b/i18n/ru/about/notices.md
index 8cc246a9..cb4d5714 100644
--- a/i18n/ru/about/notices.md
+++ b/i18n/ru/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Мы считаем, что логотипы и другие изображения в `assets`, полученные от сторонних лиц, являются либо публичным достоянием, либо находятся в **добросовестном использовании**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Тем не менее, эти логотипы и другие изображения могут подпадать под действие законов о товарных знаках в тех или иных юрисдикциях. Перед использованием этого контента, пожалуйста, убедитесь, что он используется для идентификации юридического лица или организации, которой принадлежит товарный знак, и что у вас есть право использовать его в соответствии с законами, которые применяются в обстоятельствах вашего предполагаемого использования. *При копировании материалов с этого сайта вы несете полную ответственность за то, что не нарушаете авторские права.*
+Мы считаем, что логотипы и другие изображения в `assets`, полученные от сторонних лиц, являются либо публичным достоянием, либо находятся в **добросовестном использовании**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Тем не менее, эти логотипы и другие изображения могут подпадать под действие законов о товарных знаках в тех или иных юрисдикциях. Перед использованием этого контента, пожалуйста, убедитесь, что он используется для идентификации юридического лица или организации, которой принадлежит товарный знак, и что у вас есть право использовать его в соответствии с законами, которые применяются в обстоятельствах вашего предполагаемого использования. *При копировании материалов с этого сайта вы несете полную ответственность за то, что не нарушаете авторские права.*
Когда вы вносите свой вклад на наш сайт, вы делаете это на основании вышеуказанных лицензий, и вы предоставляете Privacy Guides бессрочную, всемирную, неисключительную, передаваемую, безвозмездную, безотзывную лицензию с правом сублицензирования таких прав через несколько уровней сублицензиатов, на воспроизведение, изменение, отображение, исполнение и распространение вашего вклада в рамках нашего проекта.
diff --git a/i18n/ru/about/privacytools.md b/i18n/ru/about/privacytools.md
index 447cc48c..2eb634c2 100644
--- a/i18n/ru/about/privacytools.md
+++ b/i18n/ru/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Контроль над r/privacytoolsIO
-Одновременно с текущими проблемами с сайтом privacytools.io команда модераторов r/privacytoolsIO столкнулась с трудностями в управлении сабреддитом. Сабреддит всегда управлялся в основном независимо от развития сайта, но BurungHantu был основным модератором сабреддита, и он был единственным модератором, получившим привилегии "Полный контроль". u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit требует, чтобы у сабреддитов были активные модераторы. Если основной модератор неактивен в течение длительного периода времени (например, года), должность основного модератора может быть переназначена следующему по очереди модератору. Для того чтобы эта просьба была удовлетворена, BurungHantu должен был полностью отсутствовать на Reddit в течение длительного периода времени, что соответствовало его поведению на других платформах.
+Reddit requires that Subreddits have active moderators. Если основной модератор неактивен в течение длительного периода времени (например, года), должность основного модератора может быть переназначена следующему по очереди модератору. Для того чтобы эта просьба была удовлетворена, BurungHantu должен был полностью отсутствовать на Reddit в течение длительного периода времени, что соответствовало его поведению на других платформах.
> Если вы были удалены из роли модератора на сабреддите через запрос на Reddit, это произошло потому, что ваша недостаточная активность и отсутствие ответов на сообщения привели к тому, что сабреддит был переведен под управление r/redditrequest.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Архивирование исходного кода на GitHub для сохранения нашей прошлой работы и трекера проблем, который мы продолжали использовать в течение нескольких месяцев будущего развития этого сайта.
-- Размещение объявлений на нашем subreddit и в различных других сообществах, информирующих людей об официальных изменениях.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Официальное закрытие сервисов privacytools.io, таких как Matrix и Mastodon, и поощрение существующих пользователей к скорейшей миграции.
Все шло гладко, и большая часть нашего активного сообщества перешла на новый проект именно так, как мы надеялись.
@@ -66,11 +66,11 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Мы согласились и попросили его оставить поддомены для Matrix, Mastodon и PeerTube активными, чтобы мы могли использовать их в качестве общественной службы для нашего сообщества, по крайней мере, в течение нескольких месяцев, чтобы пользователи этих платформ могли легко перейти на другие аккаунты. Из-за федеративного характера услуг, которые мы предоставляли, они были привязаны к определенным доменным именам, что делало миграцию очень сложной (а в некоторых случаях и невозможной).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
После этого BurungHantu выдвинул ложные обвинения в том, что Jonah крадет пожертвования из проекта. С момента предполагаемого инцидента в BurungHantu прошло более года, но он так и не поставил никого в известность о нем до тех пор, пока не произошла миграция на Privacy Guides. Команда [и сообщество](https://twitter.com/TommyTran732/status/1526153536962281474)неоднократно просили BurungHantu предоставить доказательства и прокомментировать причину его молчания, но он этого так и не сделал.
-BurungHantu также опубликовал сообщение в [своём твиттере](https://twitter.com/privacytoolsIO/status/1510560676967710728), в котором утверждал, что "адвокат" связался с ним и проконсультировался с ним, в очередной попытке запугать нас, чтобы мы отдали ему контроль над нашим сабреддитом, и как часть его клеветнической кампании, чтобы запутать людей вокруг запуска Privacy Guides, притворяясь жертвой.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io сейчас
@@ -80,7 +80,7 @@ BurungHantu также опубликовал сообщение в [своём
## r/privacytoolsIO Сейчас
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] Рост этого сабреддита - результат огромных усилий команды PrivacyGuides.org на протяжении нескольких лет. А также усилий каждого из вас.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Сабреддиты не принадлежат никому, и, в особенности, владельцам брендов. Они принадлежат своим сообществам, и сообщество и его модераторы приняли решение поддержать переход на r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Ответные действия со стороны любого модератора в отношении запросов на удаление запрещены.
-Для сообщества с многими тысячами оставшихся подписчиков мы считаем, что было бы невероятно неуважительно вернуть контроль над этой массивной платформой человеку, который забросил ее более чем на год и который теперь управляет сайтом, предоставляющим, по нашему мнению, очень низкокачественную информацию. Для нас важнее сохранить многолетние обсуждения в этом сообществе, и поэтому u/trai_dep и остальная команда модераторов сабреддита приняли решение оставить r/privacytoolsIO как есть.
+Для сообщества с многими тысячами оставшихся подписчиков мы считаем, что было бы невероятно неуважительно вернуть контроль над этой массивной платформой человеку, который забросил ее более чем на год и который теперь управляет сайтом, предоставляющим, по нашему мнению, очень низкокачественную информацию. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective сейчас
diff --git a/i18n/ru/about/statistics.md b/i18n/ru/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/ru/about/statistics.md
+++ b/i18n/ru/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/ru/advanced/communication-network-types.md b/i18n/ru/advanced/communication-network-types.md
index d7512947..d8c235f6 100644
--- a/i18n/ru/advanced/communication-network-types.md
+++ b/i18n/ru/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ description: Обзор нескольких сетевых архитектур
- Позволяют получить больший контроль над собственными данными при работе на собственном сервере.
- Позволяют выбирать, кому доверять свои данные, выбирая между несколькими "публичными" серверами.
- Часто позволяют использовать сторонние клиенты, которые могут обеспечить более нативный, индивидуальный или доступный опыт использования.
-- Программное обеспечение сервера может быть проверено на соответствие публичному исходному коду, если у вас есть доступ к серверу или вы доверяете человеку, который имеет такой доступ (например, члену семьи).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Недостатки:**
@@ -60,7 +60,7 @@ description: Обзор нескольких сетевых архитектур
Мессенджеры P2P подключаются к [распределенной сети](https://en.wikipedia.org/wiki/Distributed_networking) узлов, чтобы передать сообщение получателю без стороннего сервера.
-Клиенты (peers) обычно находят друг друга с помощью сети [распределенных вычислений](https://en.wikipedia.org/wiki/Distributed_computing). Примером могут служить [распределенные хэш-таблицы](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), используемые, например, в [торрентах](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) и [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System). Другой подход – сети, основанные на принципе близости, когда соединение устанавливается по WiFi или Bluetooth (например, Briar или протокол социальной сети [Scuttlebutt](https://scuttlebutt.nz)).
+Клиенты (peers) обычно находят друг друга с помощью сети [распределенных вычислений](https://en.wikipedia.org/wiki/Distributed_computing). Примером могут служить [распределенные хэш-таблицы](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), используемые, например, в [торрентах](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) и [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System). Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Если клиент нашел маршрут к своему контакту с помощью любого из этих методов, между ними устанавливается прямое соединение. Хотя сообщения обычно шифруются, наблюдатель все равно может определить местоположение и личность отправителя и получателя.
@@ -85,9 +85,9 @@ description: Обзор нескольких сетевых архитектур
Мессенджер, использующий [анонимную маршрутизацию](https://doi.org/10.1007/978-1-4419-5906-5_628), скрывает либо личность отправителя, либо личность получателя, либо доказательства того, что они общаются. В идеале, мессенджер должен скрывать все эти три составляющие.
-Существует [много](https://doi.org/10.1145/3182658) различных способов реализации анонимной маршрутизации. Одним из самых известных является [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (т.е. [Tor](tor-overview.md)), который передает зашифрованные сообщения через виртуальную [оверлейную сеть](https://ru.wikipedia.org/wiki/%D0%9E%D0%B2%D0%B5%D1%80%D0%Bb%D0%B5%D0%B9%D0%Bd%D0%B0%D1%8F_%D1%81%D0%B5%D1%82%D1%8C), скрывающую местоположение каждого узла, а также получателя и отправителя каждого сообщения. Отправитель и получатель никогда не взаимодействуют напрямую и встречаются только через секретный узел рандеву(rendezvous node), так что утечки IP-адресов и физического местоположения не происходит. Узлы не могут расшифровывать сообщения, как и конечный пункт назначения; это может сделать только получатель. Каждый промежуточный узел может расшифровать только ту часть, в которой содержится информация, указывающая дальнейший путь зашифрованного сообщения. Только получатель сможет полностью расшифровать сообщение, отсюда и "луковые слои."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. Одним из самых известных является [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (т.е. [Tor](tor-overview.md)), который передает зашифрованные сообщения через виртуальную [оверлейную сеть](https://ru.wikipedia.org/wiki/%D0%9E%D0%B2%D0%B5%D1%80%D0%Bb%D0%B5%D0%B9%D0%Bd%D0%B0%D1%8F_%D1%81%D0%B5%D1%82%D1%8C), скрывающую местоположение каждого узла, а также получателя и отправителя каждого сообщения. Отправитель и получатель никогда не взаимодействуют напрямую и встречаются только через секретный узел рандеву(rendezvous node), так что утечки IP-адресов и физического местоположения не происходит. Узлы не могут расшифровывать сообщения, как и конечный пункт назначения; это может сделать только получатель. Каждый промежуточный узел может расшифровать только ту часть, в которой содержится информация, указывающая дальнейший путь зашифрованного сообщения. Только получатель сможет полностью расшифровать сообщение, отсюда и "луковые слои."
-Самостоятельный хостинг узла в анонимной сети маршрутизации не дает хостеру дополнительных преимуществ в плане конфиденциальности, однако это способствует повышению устойчивости всей сети к атакам идентификации, что выгодно всем.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Преимущества:**
diff --git a/i18n/ru/advanced/dns-overview.md b/i18n/ru/advanced/dns-overview.md
index 5b1ea9a9..41c9a58e 100644
--- a/i18n/ru/advanced/dns-overview.md
+++ b/i18n/ru/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: Система доменных имен - это "телефонная книга интернета", помогающая вашему браузеру найти нужный сайт.
---
-[Система доменных имен](https://en.wikipedia.org/wiki/Domain_Name_System) - это "телефонная книга Интернета". DNS переводит доменные имена в IP адреса, чтобы браузеры и другие службы могли загружать интернет-ресурсы, через децентрализованную сеть серверов.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS переводит доменные имена в IP адреса, чтобы браузеры и другие службы могли загружать интернет-ресурсы, через децентрализованную сеть серверов.
## Что такое DNS?
@@ -24,7 +24,7 @@ DNS существует с [первых дней](https://en.wikipedia.org/wik
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. Затем мы можем использовать [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS и т.д.) или [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) для поиска DNS на обоих серверах. Такие программы, как веб-браузеры, выполняют эти поиски автоматически, если только они не настроены на использование зашифрованного DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Такие программы, как веб-браузеры, выполняют эти поиски автоматически, если только они не настроены на использование зашифрованного DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ DNS существует с [первых дней](https://en.wikipedia.org/wik
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) был одним из первых методов шифрования DNS-запросов. DNSCrypt работает через порт 443 и работает с транспортными протоколами TCP или UDP. DNSCrypt никогда не был представлен в [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) и не проходил через [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) процесс, поэтому он не использовался широко за пределами нескольких [реализаций](https://dnscrypt.info/implementations). В результате он был в значительной степени заменён более популярным [DNS через HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) был одним из первых методов шифрования DNS-запросов. DNSCrypt работает через порт 443 и работает с транспортными протоколами TCP или UDP. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). В результате он был в значительной степени заменён более популярным [DNS через HTTPS](#dns-over-https-doh).
### DNS через TLS (DoT)
@@ -118,7 +118,7 @@ Apple не предоставляет нативного интерфейса д
3. После выполнения запроса мы можем остановить захват пакетов с помощью
CTRL +
C.
-4. Проанализируйте результаты в программе Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
Самым простым способом определения активности в интернете может быть просмотр IP-адресов, к которым обращаются ваши устройства. Например, если наблюдатель знает, что сайт `privacyguides.org` находится по адресу `198.98.54.105`, а ваше устройство запрашивает данные с `198.98.54.105`, то велика вероятность, что вы посещаете Privacy Guides.
-Этот метод полезен только в том случае, если IP-адрес принадлежит серверу, на котором размещено всего несколько веб-сайтов. Он также не очень полезен, если сайт размещен на общей платформе (например, Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger и т.д.). Он также не очень полезен, если сервер размещен за [обратным прокси](https://en.wikipedia.org/wiki/Reverse_proxy), что очень часто встречается в современном интернете.
+Этот метод полезен только в том случае, если IP-адрес принадлежит серверу, на котором размещено всего несколько веб-сайтов. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). Он также не очень полезен, если сервер размещен за [обратным прокси](https://en.wikipedia.org/wiki/Reverse_proxy), что очень часто встречается в современном интернете.
### Индикация имени сервера (SNI)
-Индикация имени сервера обычно используется, когда на одном IP-адресе размещается множество веб-сайтов. Это может быть сервис, например Cloudflare, или какая-либо другая защита от [Denial-of-Service атак](https://en.wikipedia.org/wiki/Denial-of-service_attack).
+Server Name Indication is typically used when an IP address hosts many websites. Это может быть сервис, например Cloudflare, или какая-либо другая защита от [Denial-of-Service атак](https://en.wikipedia.org/wiki/Denial-of-service_attack).
-1. Снова запустите захват с помощью `tshark`. Мы добавили фильтр с нашим IP-адресом, чтобы не перехватывать много пакетов:
+1. Снова запустите захват с помощью `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | Нет | nothing(Ничего не делайте)
```
-Зашифрованный DNS, предоставляемые не вашим интернет-провайдером, следует использовать только для обхода перенаправлений и обхода базовой [блокировки DNS](https://en.wikipedia.org/wiki/DNS_blocking) тогда, когда вы можете быть уверены, что это не повлечет за собой никаких последствий или вы заинтересованы в провайдере, который осуществляет элементарную фильтрацию.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[Список рекомендуемых DNS-серверов](../dns.md ""){.md-button}
diff --git a/i18n/ru/advanced/tor-overview.md b/i18n/ru/advanced/tor-overview.md
index 42786679..b367e9a0 100644
--- a/i18n/ru/advanced/tor-overview.md
+++ b/i18n/ru/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/ru/ai-chat.md b/i18n/ru/ai-chat.md
index 92ee1025..23b63114 100644
--- a/i18n/ru/ai-chat.md
+++ b/i18n/ru/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Критерии
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### В лучшем случае
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/ru/alternative-networks.md b/i18n/ru/alternative-networks.md
index 31472787..0fc07010 100644
--- a/i18n/ru/alternative-networks.md
+++ b/i18n/ru/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/ru/android/general-apps.md b/i18n/ru/android/general-apps.md
index 80a01a6e..782836fc 100644
--- a/i18n/ru/android/general-apps.md
+++ b/i18n/ru/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/ru/basics/account-creation.md b/i18n/ru/basics/account-creation.md
index 8051119b..2b3243e4 100644
--- a/i18n/ru/basics/account-creation.md
+++ b/i18n/ru/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Создание аккаунтов в интернете является, практически, необходимостью; предпримите следующие шаги, чтобы сохранить вашу конфиденциальность.
---
-Часто люди регистрируются на сайтах, не задумываясь. Возможно, это стриминг, позволяющий смотреть новое шоу, о котором все говорят, или аккаунт, предоставляющий скидку в любимом заведении быстрого питания. В любом случае вы должны рассмотреть сегодняшние и последующие последствия для ваших данных.
+Часто люди регистрируются на сайтах, не задумываясь. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. В любом случае вы должны рассмотреть сегодняшние и последующие последствия для ваших данных.
Определённые риски связаны с каждой новой услугой, которой вы пользуетесь. Утечки данных; раскрытие информации о клиенте третьим лицам; недобросовестные сотрудники, получившие доступ к данным - все это возможности, которые необходимо учитывать при передаче информации. Вы должны быть уверены, что можете доверять сервису, поэтому мы не рекомендуем хранить ценные данные ни на чем, кроме самых совершенных и проверенных в боях продуктов. Обычно это означает сервисы, предоставляющие E2EE и прошедшие криптографический аудит. Аудит повышает уверенность в том, что продукт был разработан без проблем безопасности, вызванных неопытностью разработчиков.
@@ -13,11 +13,11 @@ description: Создание аккаунтов в интернете явля
## Условия использования & Политика конфиденциальности
-Условия использования - это правила использования сервиса, с которыми вы соглашаетесь. В крупных сервисах за соблюдением этих правил часто следят автоматизированные системы. Иногда эти автоматизированные системы могут допускать ошибки. Например, вас могут забанить или заблокировать ваш аккаунт в некоторых сервисах за использование VPN или номера VOIP. Обжаловать такие запреты часто бывает сложно, к тому же этот процесс автоматизирован и не всегда успешен. Это одна из причин, по которой мы не советуем использовать Gmail для электронной почты. Электронная почта имеет критическое значение для доступа к другим сервисам, на которые вы, возможно, подписались.
+Условия использования - это правила использования сервиса, с которыми вы соглашаетесь. В крупных сервисах за соблюдением этих правил часто следят автоматизированные системы. Иногда эти автоматизированные системы могут допускать ошибки. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Обжаловать такие запреты часто бывает сложно, к тому же этот процесс автоматизирован и не всегда успешен. Это одна из причин, по которой мы не советуем использовать Gmail для электронной почты. Электронная почта имеет критическое значение для доступа к другим сервисам, на которые вы, возможно, подписались.
-Политика конфиденциальности - это то, как сервис заявляет, что будет использовать ваши данные, и ее стоит прочитать, чтобы вы понимали, как будут использоваться ваши данные. Компания или организация может не быть юридически обязана следовать всему, что содержится в этой политике (это зависит от юрисдикции). Мы рекомендуем иметь представление о местных законах и о том, какие данные о вас они позволяют собирать провайдеру.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Компания или организация может не быть юридически обязана следовать всему, что содержится в этой политике (это зависит от юрисдикции). Мы рекомендуем иметь представление о местных законах и о том, какие данные о вас они позволяют собирать провайдеру.
-Мы рекомендуем искать конкретные термины, такие как "сбор данных", "анализ данных", "cookies", "реклама" или "сторонние" услуги. Иногда вы можете отказаться от сбора данных или от обмена информацией, но лучше всего выбирать сервис, который с самого начала уважает вашу конфиденциальность.
+Мы рекомендуем искать конкретные термины, такие как "сбор данных", "анализ данных", "cookies", "реклама" или "сторонние" услуги. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Помните, что вы также доверяете компании или организации и уверены, что они будут соблюдать собственную политику конфиденциальности.
@@ -42,7 +42,7 @@ description: Создание аккаунтов в интернете явля
#### Псевдонимы электронной почты
-Если вы не хотите предоставлять сервису свой настоящий адрес электронной почты, у вас есть возможность использовать псевдоним. Более подробно мы описали их на странице рекомендаций по использованию сервисов электронной почты. По сути, службы почты позволяют создавать новые адреса электронной почты, которые пересылают все письма на ваш основной адрес. Это поможет избежать отслеживания в разных службах и поможет вам управлять маркетинговыми письмами, которые иногда приходят в процессе регистрации. Они могут быть автоматически отфильтрованы на основе псевдонима, на который они отправлены.
+Если вы не хотите предоставлять сервису свой настоящий адрес электронной почты, у вас есть возможность использовать псевдоним. Более подробно мы описали их на странице рекомендаций по использованию сервисов электронной почты. По сути, службы почты позволяют создавать новые адреса электронной почты, которые пересылают все письма на ваш основной адрес. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Они могут быть автоматически отфильтрованы на основе псевдонима, на который они отправлены.
Если сервис будет взломан, вы можете начать получать фишинговые или спамерские письма на адрес, который вы использовали при регистрации. Использование уникальных псевдонимов для каждого сервиса может помочь определить, какой именно сервис был взломан.
@@ -76,7 +76,7 @@ OAuth может быть особенно полезен в тех случая
Мы рекомендуем избегать сервисов, которые требуют номер телефона для регистрации. Номер телефона может идентифицировать вас в нескольких сервисах, и в зависимости от соглашений об обмене данными это облегчит отслеживание вашего пользования, особенно если один из этих сервисов будет взломан, поскольку номер телефона часто **не** зашифрован.
-По возможности не сообщайте свой настоящий номер телефона. Некоторые сервисы позволяют использовать номера VOIP, однако они часто вызывают срабатывание систем обнаружения мошенничества, что приводит к блокировке аккаунта, поэтому мы не рекомендуем использовать их для важных аккаунтов.
+По возможности не сообщайте свой настоящий номер телефона. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
Во многих случаях вам необходимо указать номер, с которого вы можете получать SMS или звонки, особенно при совершении международных покупок, на случай, если с вашим заказом возникнут проблемы при прохождении пограничного контроля. Обычно сервисы используют ваш номер в качестве метода проверки; не позволяйте себе заблокировать доступ к важному счету из-за того, что вы хотели поступить умно и указать фальшивый номер!
diff --git a/i18n/ru/basics/account-deletion.md b/i18n/ru/basics/account-deletion.md
index 3f0b524f..52b0ba0e 100644
--- a/i18n/ru/basics/account-deletion.md
+++ b/i18n/ru/basics/account-deletion.md
@@ -27,7 +27,7 @@ description: Очень легко накопить много аккаунто
### Электронная почта
-Если в прошлом вы не пользовались менеджером паролей или считаете, что у вас есть учетные записи, которые никогда не добавлялись в менеджер паролей, другой вариант - поискать учетную запись(и) электронной почты, с которой, по вашему мнению, вы зарегистрировались. В своем почтовом клиенте найдите такие ключевые слова, как "подтверждение" или "приветствие." Почти каждый раз, когда вы регистрируетесь где-либо в интернете, сервис отправляет на вашу электронную почту проверочную ссылку или вводное сообщение. Это может быть хорошим способом найти старые, забытые аккаунты.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. В своем почтовом клиенте найдите такие ключевые слова, как "подтверждение" или "приветствие." Почти каждый раз, когда вы регистрируетесь где-либо в интернете, сервис отправляет на вашу электронную почту проверочную ссылку или вводное сообщение. Это может быть хорошим способом найти старые, забытые аккаунты.
## Удаление старых аккаунтов
@@ -39,7 +39,7 @@ description: Очень легко накопить много аккаунто
### GDPR (только для резидентов ЕЭЗ)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Если к вам это применимо, прочитайте политику конфиденциальности для конкретного сервиса, чтобы найти информацию о том, как воспользоваться своим правом на удаление данных. Чтение политики конфиденциальности может оказаться важным, поскольку некоторые сервисы имеют опцию "Удалить аккаунт", которая только отключает ваш аккаунт, а для реального удаления необходимо предпринять дополнительные действия. Иногда для фактического удаления может потребоваться заполнение анкет, отправка электронного письма сотруднику службы по защите данных или даже подтверждение вашего проживания в ЕЭЗ. Если вы планируете пойти этим путем, **не** перезаписывайте информацию в аккаунте - может потребоваться ваша личность как резидента ЕЭЗ. Обратите внимание, что местонахождение службы не имеет значения; GDPR применяется ко всем, кто обслуживает европейских пользователей. Если служба не соблюдает ваше право на удаление данных, вы можете обратиться в национальный [орган по защите данных](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en), и вам может быть предоставлено право на денежную компенсацию.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. Если к вам это применимо, прочитайте политику конфиденциальности для конкретного сервиса, чтобы найти информацию о том, как воспользоваться своим правом на удаление данных. Чтение политики конфиденциальности может оказаться важным, поскольку некоторые сервисы имеют опцию "Удалить аккаунт", которая только отключает ваш аккаунт, а для реального удаления необходимо предпринять дополнительные действия. Иногда для фактического удаления может потребоваться заполнение анкет, отправка электронного письма сотруднику службы по защите данных или даже подтверждение вашего проживания в ЕЭЗ. Если вы планируете пойти этим путем, **не** перезаписывайте информацию в аккаунте - может потребоваться ваша личность как резидента ЕЭЗ. Обратите внимание, что местонахождение службы не имеет значения; GDPR применяется ко всем, кто обслуживает европейских пользователей. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Перезапись информации в аккаунте
diff --git a/i18n/ru/basics/common-misconceptions.md b/i18n/ru/basics/common-misconceptions.md
index 07aef48e..5dd468aa 100644
--- a/i18n/ru/basics/common-misconceptions.md
+++ b/i18n/ru/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## "Сложнее - лучше"
-Мы часто видим, как люди описывают слишком сложные модели угроз конфиденциальности. Часто эти решения включают такие проблемы, как множество различных учетных записей электронной почты или сложные настройки с большим количеством условий. Ответы, как правило, являются ответами на вопрос "Как лучшего всего сделать *X*?"
+Мы часто видим, как люди описывают слишком сложные модели угроз конфиденциальности. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Ответы, как правило, являются ответами на вопрос "Как лучшего всего сделать *X*?"
Поиск "лучшего" решения для себя не обязательно означает, что вам нужно безошибочное решение с десятками условий - с такими решениями часто трудно работать в реальности. Как мы уже говорили ранее, безопасность часто достигается ценой удобства. Ниже мы приводим несколько советов:
1. ==Действия должны служить определенной цели:== подумайте о том, как сделать то, что вы хотите, с помощью наименьшего количества действий.
2. ==Избегание человеческого фактора:== Мы терпим неудачи, устаем и забываем. Чтобы поддерживать безопасность, не полагайтесь на ручные условия и действия, которые вы должны помнить.
-3. ==Используйте правильный уровень защиты для того, что вы задумали.== Мы часто встречаем рекомендации так называемых решений, защищенных от правоохранительных органов или судебных решений. Они часто требуют специальных знаний и, как правило, не являются тем, что нужно людям. Нет смысла строить сложную модель угроз для анонимности, если вас можно легко деанонимизировать из-за простой оплошности.
+3. ==Используйте правильный уровень защиты для того, что вы задумали.== Мы часто встречаем рекомендации так называемых решений, защищенных от правоохранительных органов или судебных решений. Они часто требуют специальных знаний и, как правило, не являются тем, что нужно людям. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Итак, как это может выглядеть?
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ru/basics/common-threats.md b/i18n/ru/basics/common-threats.md
index 1fdf5c74..03415e84 100644
--- a/i18n/ru/basics/common-threats.md
+++ b/i18n/ru/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Модель угрозы уникальна для каждого, но здесь описаны некоторые из тех вещей, которые волнуют многих посетителей этого сайта.
---
-В широком смысле мы разделяем наши рекомендации по категориям [угроз](threat-modeling.md) или целей, которые применимы к большинству людей. ==Вас может волновать одна, несколько, все эти возможности или они могут не волновать вас вовсе==, и инструменты и услуги, которые вы используете, зависят от ваших целей. У вас могут быть специфичные угрозы, не относящиеся к этим категориям, что определённо нормально! Важно понять преимущества и недостатки выбранных вами инструментов, потому что практически ни один из них не защитит вас от всех угроз.
+В широком смысле мы разделяем наши рекомендации по категориям [угроз](threat-modeling.md) или целей, которые применимы к большинству людей. ==Вас может волновать одна, несколько, все эти возможности или они могут не волновать вас вовсе==, и инструменты и услуги, которые вы используете, зависят от ваших целей. You may have specific threats outside these categories as well, which is perfectly fine! Важно понять преимущества и недостатки выбранных вами инструментов, потому что практически ни один из них не защитит вас от всех угроз.
:material-incognito: **Анонимность**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Пассивные атаки**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Публичная экспозиция**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Цензура**
:
@@ -76,7 +76,7 @@ Avoiding censored access to information or being censored yourself when speaking
Мобильные операционные системы, как правило, имеют лучшую "песочницу" для приложений, чем настольные операционные системы: приложения не могут получить root-доступ и требуют разрешения на доступ к системным ресурсам.
-Настольные операционные системы, как правило, отстают по части надлежащей "песочницы". ChromeOS имеет возможности "песочницы", аналогичные Android, а macOS имеет полный контроль системных разрешений (и разработчики могут отказаться от "песочницы" для приложений). Однако эти операционные системы передают идентифицирующую информацию своим соответствующим OEM-производителям. Linux, как правило, не предоставляет информацию поставщикам систем, но имеет слабую защиту от эксплойтов и вредоносных приложений. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Настольные операционные системы, как правило, отстают по части надлежащей "песочницы". ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Однако эти операционные системы передают идентифицирующую информацию своим соответствующим OEM-производителям. Linux, как правило, не предоставляет информацию поставщикам систем, но имеет слабую защиту от эксплойтов и вредоносных приложений. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
-Даже при использовании E2EE поставщики услуг все равно могут составить ваш профиль на основе **метаданных**, которые, как правило, не защищены. Хотя поставщик услуг не может читать ваши сообщения, он все же может наблюдать за такими важными вещами, как то, с кем вы общаетесь, как часто вы пишете им сообщения и когда вы обычно активны. Защита метаданных - довольно редкое явление, и, если это входит в вашу [модель угроз](threat-modeling.md), вам следует обратить пристальное внимание на техническую документацию используемого вами программного обеспечения, чтобы узнать, есть ли в нем минимизация или защита метаданных вообще.
+Даже при использовании E2EE поставщики услуг все равно могут составить ваш профиль на основе **метаданных**, которые, как правило, не защищены. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Защита метаданных - довольно редкое явление, и, если это входит в вашу [модель угроз](threat-modeling.md), вам следует обратить пристальное внимание на техническую документацию используемого вами программного обеспечения, чтобы узнать, есть ли в нем минимизация или защита метаданных вообще.
## Программы массового наблюдения
@@ -156,7 +156,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
Для многих людей слежка и наблюдение со стороны частных корпораций вызывает растущее беспокойство. Всепроникающие рекламные сети, такие как Google и Facebook, распространяются в Интернете далеко за пределы контролируемых ими сайтов, отслеживая ваши действия на всём пути. Использование таких инструментов, как блокировщики контента, для ограничения сетевых запросов к их серверам, а также чтение политики конфиденциальности сервисов, которыми вы пользуетесь, может помочь вам избежать многих основных недоброжелателей (хотя это не может полностью предотвратить слежку).[^4]
-Кроме того, даже компании, не относящиеся к *AdTech* или индустрии отслеживания, могут передавать вашу информацию брокерам данных [](https://en.wikipedia.org/wiki/Information_broker) (таким как Cambridge Analytica, Experian или Datalogix) или другим сторонам. Вы не можете автоматически считать, что ваши данные в безопасности только потому, что сервис, которым вы пользуетесь, не относится к типичной бизнес-модели AdTech или отслеживания. Самой надежной защитой от сбора корпоративных данных является шифрование или обфускация ваших данных всегда, когда это возможно, что затрудняет различным провайдерам соотнесение данных друг с другом и создание профиля на вас.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Вы не можете автоматически считать, что ваши данные в безопасности только потому, что сервис, которым вы пользуетесь, не относится к типичной бизнес-модели AdTech или отслеживания. Самой надежной защитой от сбора корпоративных данных является шифрование или обфускация ваших данных всегда, когда это возможно, что затрудняет различным провайдерам соотнесение данных друг с другом и создание профиля на вас.
## Ограничение публичной информации
diff --git a/i18n/ru/basics/email-security.md b/i18n/ru/basics/email-security.md
index 0e8ce8aa..1dd0db7c 100644
--- a/i18n/ru/basics/email-security.md
+++ b/i18n/ru/basics/email-security.md
@@ -29,13 +29,13 @@ description: Электронная почта по своей природе н
### Какие почтовые клиенты поддерживают E2EE?
-Провайдеры электронной почты, позволяющие использовать стандартные протоколы доступа, такие как IMAP и SMTP, можно использовать с любым [ почтовым клиентом, которые мы рекомендуем](../email-clients.md). В зависимости от метода аутентификации, это может привести к снижению безопасности, если провайдер или почтовый клиент не поддерживает OATH или приложение-мост, поскольку [многофакторная аутентификация](multi-factor-authentication.md) невозможна при аутентификации по простому паролю.
+Провайдеры электронной почты, позволяющие использовать стандартные протоколы доступа, такие как IMAP и SMTP, можно использовать с любым [ почтовым клиентом, которые мы рекомендуем](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Как я могу защитить свои приватные ключи?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Затем сообщение расшифровывается смарт-картой, и расшифрованное содержимое отправляется обратно на устройство.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Расшифровку лучше производить на смарт-карте, чтобы избежать возможное раскрытие приватного ключа на скомпрометированном устройстве.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Обзор метаданных электронной почты
@@ -49,4 +49,4 @@ A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/36001379
### Почему метаданные не могут быть E2EE?
-Метаданные электронной почты имеют решающее значение для самой базовой функциональности электронной почты (откуда она пришла и куда должна отправиться). E2EE изначально не был встроен в почтовые протоколы, вместо этого потребовалось дополнительное программное обеспечение, такое как OpenPGP. Поскольку сообщения OpenPGP по-прежнему должны работать с традиционными почтовыми провайдерами, он не может шифровать метаданные электронной почты, только само тело сообщения. Это означает, что даже при использовании OpenPGP сторонние наблюдатели могут увидеть много информации о ваших сообщениях, например, кому вы отправили письмо, тему письма, когда вы отправили письмо и т.д.
+Метаданные электронной почты имеют решающее значение для самой базовой функциональности электронной почты (откуда она пришла и куда должна отправиться). E2EE изначально не был встроен в почтовые протоколы, вместо этого потребовалось дополнительное программное обеспечение, такое как OpenPGP. Поскольку сообщения OpenPGP по-прежнему должны работать с традиционными почтовыми провайдерами, он не может шифровать метаданные электронной почты, только само тело сообщения. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/ru/basics/hardware.md b/i18n/ru/basics/hardware.md
index 6f05613f..a4e6d2e9 100644
--- a/i18n/ru/basics/hardware.md
+++ b/i18n/ru/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Предупреждение
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/ru/basics/multi-factor-authentication.md b/i18n/ru/basics/multi-factor-authentication.md
index 77e34271..fb698c40 100644
--- a/i18n/ru/basics/multi-factor-authentication.md
+++ b/i18n/ru/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Многофакторная аутентификация"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA - это важнейший механизм безопасности для защиты ваших учетных записей в интернете, однако некоторые методы MFA безопаснее, чем другие.
---
-**Многофакторная аутентификация** (**МФА**) - это механизм безопасности, который требует от вас дополнительных действий, помимо ввода логина (или электронной почты) и пароля. Самым распространенным методом являются одноразовые пароли, которые вы можете получить по СМС или в приложении.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Самым распространенным методом являются одноразовые пароли, которые вы можете получить по СМС или в приложении.
Обычно, если хакеру (или злоумышленнику) удается узнать ваш пароль, то он получает доступ к учетной записи, которую этот пароль защищал. Чтобы взломать учетную запись с включенной MFA хакеру необходимо заполучить как пароль (то, что вы *знаете*), так и устройство (например телефон), которым вы владеете (то, что у вас *есть*).
@@ -26,7 +26,7 @@ MFA с помощью пуш-уведомления представляет с
### Одноразовый пароль основанный на времени (TOTP)
-TOTP - одна из наиболее распространенных форм MFA. При настройке TOTP обычно необходимо отсканировать [QR-код](https://en.wikipedia.org/wiki/QR_code), который содержит "[общий секрет](https://en.wikipedia.org/wiki/Shared_secret)" для сервиса, который вы собираетесь использовать. Общий секрет хранится внутри данных приложения-аутентификатора и иногда защищен паролем.
+TOTP - одна из наиболее распространенных форм MFA. При настройке TOTP обычно необходимо отсканировать [QR-код](https://en.wikipedia.org/wiki/QR_code), который содержит "[общий секрет](https://en.wikipedia.org/wiki/Shared_secret)" для сервиса, который вы собираетесь использовать. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
Код с ограничением по времени затем генерируется на основе общего секрета и текущего времени. Поскольку код действителен лишь в течение ограниченного времени, злоумышленник не сможет сгенерировать новые коды без доступа к общему секрету.
@@ -82,7 +82,7 @@ WebAuthn - это наиболее безопасная и приватная ф
FIDO2 и WebAuthn обеспечивают более высокий уровень безопасности и конфиденциальности в сравнении с другими методами MFA.
-Обычно для веб-сервисов он используется вместе с WebAuthn, который является частью [рекомендаций W3C](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Он использует аутентификацию с открытым ключом и является более безопасным, чем общие секреты, используемые в методах Yubico OTP и TOTP, поскольку включает имя происхождения (обычно доменное имя) при аутентификации. Аттестация предоставляется для защиты от фишинговых атак, так как помогает определить, что вы используете оригинальный сервис, а не поддельную копию.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Он использует аутентификацию с открытым ключом и является более безопасным, чем общие секреты, используемые в методах Yubico OTP и TOTP, поскольку включает имя происхождения (обычно доменное имя) при аутентификации. Аттестация предоставляется для защиты от фишинговых атак, так как помогает определить, что вы используете оригинальный сервис, а не поддельную копию.
В отличие от Yubico OTP, WebAuthn не использует публичный идентификатор, поэтому ключ **не** идентифицировать на разных сайтах. Он также не использует сторонние облачные серверы для аутентификации. Все коммуникации осуществляются между ключом и веб-сайтом, на который вы заходите. FIDO также использует счетчик, который увеличивается при использовании, чтобы предотвратить повторное использование сеанса и клонирование ключей.
@@ -116,15 +116,15 @@ FIDO2 и WebAuthn обеспечивают более высокий урове
## Больше мест для установки МФА
-Многофакторная аутентификация может использоваться не только для защиты логинов на сайте, но и для защиты локальных логинов, ключей SSH и даже баз данных паролей.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-В macOS есть [нативная поддержка](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) аутентификации с помощью смарт-карт (PIV). Если у вас есть смарт-карта или аппаратный ключ безопасности, поддерживающий интерфейс PIV (например YubiKey), мы рекомендуем вам следовать документации производителя смарт-карты/аппаратного ключа безопасности и настроить двухфакторную аутентификацию на компьютере с macOS.
+В macOS есть [нативная поддержка](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) аутентификации с помощью смарт-карт (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
У Yubico есть руководство ["Использование YubiKey в качестве смарт-карты в macOS](https://support.yubico.com/hc/articles/360016649059) ", которое поможет вам настроить YubiKey на macOS.
-После того как смарт-карта/ключ безопасности настроены, рекомендуется выполнить следующую команду в командной строке:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLog
### KeePass (и KeePassXC)
-Базы данных KeePass и KeePassXC могут быть защищены с помощью Challenge-Response или HOTP в качестве второго фактора аутентификации. У Yubico есть руководство для KeePass [Использование YubiKey с KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass), подобное также есть на сайте [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. У Yubico есть руководство для KeePass [Использование YubiKey с KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass), подобное также есть на сайте [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa).
diff --git a/i18n/ru/basics/passwords-overview.md b/i18n/ru/basics/passwords-overview.md
index ad224085..a0aa2131 100644
--- a/i18n/ru/basics/passwords-overview.md
+++ b/i18n/ru/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: These are some tips and tricks on how to create the strongest passw
Вам не следует слишком часто менять пароли, которые вы должны помнить (например, мастер-пароль от вашего менеджера паролей), если у вас нет оснований полагать, что он был взломан, поскольку слишком частая смена пароля подвергает вас риску его забыть.
-Что касается паролей, которые вам не нужно запоминать (например, пароли, хранящиеся в менеджере паролей), если [модель угроз](threat-modeling.md) требует этого, мы рекомендуем просматривать важные учетные записи (особенно те, которые не используют многофакторную аутентификацию) и менять их пароль каждые пару месяцев, на случай, если они были скомпрометированы в результате утечки данных, которая еще не стала известной. Большинство менеджеров паролей позволяют установить срок действия пароля, чтобы облегчить отслеживание их давности.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Большинство менеджеров паролей позволяют установить срок действия пароля, чтобы облегчить отслеживание их давности.
Checking for data breaches
@@ -54,13 +54,13 @@ description: These are some tips and tricks on how to create the strongest passw
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Другие списки слов могут требовать больше или меньше бросков на слово, и могут потребоваться другое количество слов для достижения той же энтропии.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Бросьте шестигранный кубик пять раз, записывая число после каждого броска.
-2. В качестве примера, допустим, вы бросили `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. В качестве примера, допустим, вы бросили `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Вы найдете слово `encrypt`. Запишите это слово.
@@ -75,25 +75,25 @@ These instructions assume that you are using [EFF's large wordlist](https://eff.
Если у вас нет доступа к настоящим игральным костям или вы предпочитаете не использовать их, вы можете воспользоваться встроенным в менеджере паролей генератором паролей, поскольку большинство из них имеют возможность генерировать парольные фразы в дополнение к обычным паролям.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. Есть также [другие списки слов на разных языках](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), если вы не хотите, чтобы ваша парольная фраза была на английском языке.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
В среднем, чтобы угадать вашу фразу, нужно попробовать 50% всех возможных комбинаций. Учитывая это, даже если ваш противник способен на ~1 000 000 000 000 000 000 угадываний в секунду, ему все равно потребуется ~27 255 689 лет, чтобы угадать вашу кодовую фразу. Это так, даже если верны следующие вещи:
- Ваш противник знает, что вы использовали метод с кубиком.
-- Ваш противник знает конкретный список слов, который вы использовали.
+- Your adversary knows the specific word list that you used.
- Ваш противник знает, сколько слов содержит ваша парольная фраза.
@@ -113,7 +113,7 @@ Let's put all of this in perspective: A seven word passphrase using [EFF's large
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Хранение TOTP-токенов в том же месте, что и паролей, хотя и удобно, но сводит защиту учетных записей к одному фактору в случае, если злоумышленник получит доступ к вашему менеджеру паролей.
diff --git a/i18n/ru/basics/threat-modeling.md b/i18n/ru/basics/threat-modeling.md
index 297340ab..649ba06f 100644
--- a/i18n/ru/basics/threat-modeling.md
+++ b/i18n/ru/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: Баланс между безопасностью, конфиде
Чтобы ответить на этот вопрос, важно определить, кто может хотеть вашу информацию. ==Физическое или юридическое лицо, представляющее угрозу для ваших активов, является "противником".== Примерами потенциальных противников являются ваш начальник, ваш бывший партнер, ваш деловой конкурент, ваше правительство или хакер в публичной сети.
-*Составьте список ваших противников или тех, кто может захотеть завладеть вашим имуществом. В ваш список могут входить отдельные люди, государственные учреждения или корпорации.*
+*Make a list of your adversaries or those who might want to get hold of your assets. В ваш список могут входить отдельные люди, государственные учреждения или корпорации.*
В зависимости от того, кто является вашими противниками, этот список может быть тем, что вы захотите уничтожить после того, как закончите разработку модели угроз.
diff --git a/i18n/ru/browser-extensions.md b/i18n/ru/browser-extensions.md
index 236192fb..f98ec089 100644
--- a/i18n/ru/browser-extensions.md
+++ b/i18n/ru/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/ru/calendar.md b/i18n/ru/calendar.md
index 0de6138c..28ecff9f 100644
--- a/i18n/ru/calendar.md
+++ b/i18n/ru/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Создание нескольких календарей и расширенный совместный доступ доступны только платным подписчикам.
diff --git a/i18n/ru/cloud.md b/i18n/ru/cloud.md
index bddf3f34..e2fe141c 100644
--- a/i18n/ru/cloud.md
+++ b/i18n/ru/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Критерии
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Должны использовать обязательное сквозное шифрование.
- Должны иметь бесплатную версию или пробный период для тестирования.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Должны иметь веб-интерфейс, поддерживающий основные функции управления файлами.
- Должны обеспечивать легкий экспорт всех файлов/документов.
diff --git a/i18n/ru/cryptocurrency.md b/i18n/ru/cryptocurrency.md
index 0e2951f9..b8dd79ce 100644
--- a/i18n/ru/cryptocurrency.md
+++ b/i18n/ru/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Критерии
diff --git a/i18n/ru/data-broker-removals.md b/i18n/ru/data-broker-removals.md
index ae658f39..fdec0c3e 100644
--- a/i18n/ru/data-broker-removals.md
+++ b/i18n/ru/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/ru/desktop-browsers.md b/i18n/ru/desktop-browsers.md
index a22e801b..a12409b3 100644
--- a/i18n/ru/desktop-browsers.md
+++ b/i18n/ru/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad Browser работает в постоянном режиме прива
### Mullvad Leta
-Mullvad Browser поставляется с включенной по умолчанию [поисковой системой](search-engines.md) DuckDuckGo. В нём также есть предустановленная **Mullvad Leta** - поисковая система, для доступа к которой требуется активная подписка Mullvad VPN. Mullvad Leta напрямую использует платный API поисковика Google, поэтому она доступна только для платных подписчиков. Однако благодаря этому ограничению Mullvad теоретически может сопоставить поисковые запросы и учетные записи Mullvad VPN. По этой причине мы не рекомендуем использовать Mullvad Leta, несмотря на то, что Mullvad собирает очень мало информации о своих подписчиках VPN.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta напрямую использует платный API поисковика Google, поэтому она доступна только для платных подписчиков. Однако благодаря этому ограничению Mullvad теоретически может сопоставить поисковые запросы и учетные записи Mullvad VPN. По этой причине мы не рекомендуем использовать Mullvad Leta, несмотря на то, что Mullvad собирает очень мало информации о своих подписчиках VPN.
## Firefox
@@ -189,7 +189,7 @@ Firefox добавляет уникальный [маркер загрузки](
> Firefox отправляет нам данные о версии и языке вашего Firefox; операционной системе устройства и конфигурации оборудования; памяти, основную информацию о сбоях и ошибках; результаты автоматизированных процессов, таких как обновления, безопасный просмотр и активация. Когда Firefox отправляет нам данные, ваш IP-адрес временно собирается как часть логов нашего сервера.
-Кроме того, аккаунт Mozilla собирает [некоторые технические данные](https://mozilla.org/privacy/mozilla-accounts). Если вы используете аккаунт Mozilla, вы можете отключить сбор этих данных:
+Кроме того, аккаунт Mozilla собирает [некоторые технические данные](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Откройте [настройки вашего профиля на сайте accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Отключите **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ Firefox добавляет уникальный [маркер загрузки](
- [x] Включите **Включить режим «Только HTTPS» во всех окнах**
-Это предотвращает непреднамеренное подключение к веб-сайту с обычным HTTP-текстом. Протокол HTTP в настоящее время используется крайне редко, поэтому эта настройка практически не должна повлиять на твой ежедневный браузинг.
+Это предотвращает непреднамеренное подключение к веб-сайту с обычным HTTP-текстом. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS через HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Конфиденциальность и безопасность
diff --git a/i18n/ru/desktop.md b/i18n/ru/desktop.md
index e8fa8a9a..a63266be 100644
--- a/i18n/ru/desktop.md
+++ b/i18n/ru/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS - это независимый дистрибутив, основанны
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/ru/device-integrity.md b/i18n/ru/device-integrity.md
index 9f8bf085..53856154 100644
--- a/i18n/ru/device-integrity.md
+++ b/i18n/ru/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/ru/dns.md b/i18n/ru/dns.md
index 258c8edc..1f911376 100644
--- a/i18n/ru/dns.md
+++ b/i18n/ru/dns.md
@@ -75,7 +75,7 @@ AdGuard Home предлагает продуманный интерфейс дл
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/ru/document-collaboration.md b/i18n/ru/document-collaboration.md
index 31ed66a2..718bd442 100644
--- a/i18n/ru/document-collaboration.md
+++ b/i18n/ru/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Эти критерии представляют собой то, что мы хотели бы видеть от идеального проекта в этой категории. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/ru/email-aliasing.md b/i18n/ru/email-aliasing.md
index b9d6b2d8..33d321b6 100644
--- a/i18n/ru/email-aliasing.md
+++ b/i18n/ru/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/ru/email.md b/i18n/ru/email.md
index 32215bde..3c1dc051 100644
--- a/i18n/ru/email.md
+++ b/i18n/ru/email.md
@@ -58,7 +58,7 @@ OpenPGP также не поддерживает прямую секретнос
{ align=right }
-**Proton Mail** — это сервис электронной почты, фокусирующийся на приватности, шифровании, безопасности и простоте использования. They have been in operation since 2013. Компания Proton AG базируется в Женеве, Швейцария. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** — это сервис электронной почты, фокусирующийся на приватности, шифровании, безопасности и простоте использования. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [принимает](https://proton.me/support/payment-options) на
#### :material-check:{ .pg-green } Безопасность аккаунта
-Proton Mail поддерживает [двухфакторную аутентификацию](https://proton.me/support/two-factor-authentication-2fa) TOTP и [аппаратные ключи безопасности](https://proton.me/support/2fa-security-key) с использованием стандартов FIDO2 или U2F. Использование аппаратного ключа безопасности сначала требует настройки двухфакторной аутентификации TOTP.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Безопасность данных
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } Дополнительная функциональность
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail не предлагает функцию цифрового наследия.
@@ -127,7 +127,7 @@ Proton Mail не предлагает функцию цифрового насл
{ align=right }
-**Mailbox.org** - это сервис электронной почты, ориентированный на безопасность, отсутствие рекламы и приватное электроснабжение от 100% экологически чистой энергии. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** - это сервис электронной почты, ориентированный на безопасность, отсутствие рекламы и приватное электроснабжение от 100% экологически чистой энергии. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Конфиденциальные способы оплаты
-Mailbox.org не принимает криптовалюты в связи с тем, что их платежная система BitPay приостановила работу в Германии. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org не принимает криптовалюты в связи с тем, что их платежная система BitPay приостановила работу в Германии. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Безопасность аккаунта
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Веб-стандарты, такие, как [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn), пока не поддерживаются.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Веб-стандарты, такие, как [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn), пока не поддерживаются.
#### :material-information-outline:{ .pg-blue } Безопасность данных
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Дополнительная функциональность
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Однако доступ к интерфейсу веб-почты через службу .onion невозможен, и ты можешь столкнуться с ошибками сертификата TLS.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org также поддерживает [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) в дополнение к стандартным протоколам доступа, таким как IMAP и POP3.
@@ -195,7 +195,7 @@ Mailbox.org имеет функцию цифрового наследия для
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Конфиденциальные способы оплаты
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Безопасность аккаунта
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Безопасность данных
@@ -297,7 +297,7 @@ Tuta doesn't offer a digital legacy feature.
**Минимальные требования:**
- Шифрует данные аккаунта электронной почты в состоянии покоя с помощью шифрования с нулевым доступом.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Разрешает пользователям использовать собственное [доменное имя](https://en.wikipedia.org/wiki/Domain_name). Пользовательские доменные имена важны для пользователей, поскольку позволяют им сохранить свое агентство от сервиса, если он окажется плохим или будет приобретен другой компанией, которая не уделяет приоритетного внимания конфиденциальности.
- Работает на собственной инфраструктуре, т.е. не опирается на сторонних провайдеров электронной почты.
diff --git a/i18n/ru/encryption.md b/i18n/ru/encryption.md
index ffd30631..331b0b29 100644
--- a/i18n/ru/encryption.md
+++ b/i18n/ru/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt - это форк, прекратившего свое существ
При шифровании с помощью VeraCrypt ты можешь выбрать различные [хэш-функции](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Мы настоятельно рекомендуем выбрать **только** [SHA-512](https://en.wikipedia.org/wiki/SHA-512) и блочное шифрование по алгоритму [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
-Аудит Truecrypt проводился [несколько раз](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits). Veracrypt [проходил](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit) аудит уже отдельно.
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form
{ align=right }
-**FileVault** - это решение для шифрования томов "на лету", встроенное в macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** - это решение для шифрования томов "на лету", встроенное в macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/ru/file-sharing.md b/i18n/ru/file-sharing.md
index b26e82dc..895620a3 100644
--- a/i18n/ru/file-sharing.md
+++ b/i18n/ru/file-sharing.md
@@ -13,7 +13,7 @@ cover: file-sharing.webp
## Обмен файлами
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/ru/frontends.md b/i18n/ru/frontends.md
index 1b29b0f2..2f295d01 100644
--- a/i18n/ru/frontends.md
+++ b/i18n/ru/frontends.md
@@ -251,7 +251,7 @@ When using LibreTube, your IP address will be visible to YouTube, [Piped](https:
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/ru/index.md b/i18n/ru/index.md
index d1e8ff97..277b89d3 100644
--- a/i18n/ru/index.md
+++ b/i18n/ru/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Компания Proton AG базируется в Женеве, Швейцария. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/ru/meta/brand.md b/i18n/ru/meta/brand.md
index 60747395..c2f6c52f 100644
--- a/i18n/ru/meta/brand.md
+++ b/i18n/ru/meta/brand.md
@@ -12,7 +12,7 @@ description: A guide for journalists and website contributors on proper branding
- PG.org
-Название сабреддита - **r/PrivacyGuides** или **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Дополнительные рекомендации по брендингу можно найти на сайте [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/ru/meta/translations.md b/i18n/ru/meta/translations.md
index 18c9ae14..383369ac 100644
--- a/i18n/ru/meta/translations.md
+++ b/i18n/ru/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/ru/meta/uploading-images.md b/i18n/ru/meta/uploading-images.md
index 04979810..4f493c89 100644
--- a/i18n/ru/meta/uploading-images.md
+++ b/i18n/ru/meta/uploading-images.md
@@ -48,7 +48,7 @@ optipng -o7 file.png
- [ ] Выключите **Удалить объявление XML**
- [x] Включите **Удалить метаданные**
- [x] Включите **Удалить комментарии**
-- [x] Включите **Встроить растровые изображения**
+- [x] Turn on **Embedded raster images**
- [x] Включите **Включить viewbox**
На вкладке **Экспорт в SVG** в разделе **Качественная печать**:
diff --git a/i18n/ru/meta/writing-style.md b/i18n/ru/meta/writing-style.md
index c4e21aa5..83976b00 100644
--- a/i18n/ru/meta/writing-style.md
+++ b/i18n/ru/meta/writing-style.md
@@ -64,7 +64,7 @@ Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/organize/have-a
## Будьте лаконичны
-> Лишние слова тратят время вашей аудитории. Искусство написания текстов - это как разговор. Пропустите информацию, которую аудитории не нужно знать. Это может быть непросто, если вы являетесь экспертом в данной области, поэтому важно, чтобы кто-то посмотрел на информацию с точки зрения аудитории.
+> Лишние слова тратят время вашей аудитории. Искусство написания текстов - это как разговор. Пропустите информацию, которую аудитории не нужно знать. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/ru/mobile-browsers.md b/i18n/ru/mobile-browsers.md
index 3aec0f17..a34ca317 100644
--- a/i18n/ru/mobile-browsers.md
+++ b/i18n/ru/mobile-browsers.md
@@ -247,7 +247,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** — браузер по умолчанию на iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** — браузер по умолчанию на iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ The **Advanced Tracking and Fingerprinting Protection** setting will randomize c
- [x] Выбери **Частный доступ**
-Режим Частный доступ в Safari обеспечивает дополнительную защиту конфиденциальности. Приватный просмотр использует новую [эфемерную](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) сессию для каждой вкладки, то есть вкладки изолированы друг от друга. При использовании частного доступа есть и другие небольшие преимущества, например, не отправлять адрес веб-страницы в Apple при использовании функции перевода в Safari.
+Режим Частный доступ в Safari обеспечивает дополнительную защиту конфиденциальности. Приватный просмотр использует новую [эфемерную](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) сессию для каждой вкладки, то есть вкладки изолированы друг от друга. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Это может доставить неудобства.
diff --git a/i18n/ru/multi-factor-authentication.md b/i18n/ru/multi-factor-authentication.md
index e29ff3b8..24c6bab1 100644
--- a/i18n/ru/multi-factor-authentication.md
+++ b/i18n/ru/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Многофакторная аутентификация"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/ru/notebooks.md b/i18n/ru/notebooks.md
index 5241ec67..4474043b 100644
--- a/i18n/ru/notebooks.md
+++ b/i18n/ru/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Поставщики услуг](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Сохраняйте свои заметки и дневники, не передавая их третьим лицам.
+Keep track of your notes and journals without giving them to a third party.
Если вы в настоящее время используете такие приложения, как Evernote, Google Keep или Microsoft OneNote, то мы предлагаем вам выбрать альтернативу с поддержкой E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** - это бесплатное, открытое приложение с богатой функциональностью для ведения заметок и списков задач, которое может обрабатывать большое количество заметок в формате Markdown, упорядоченных по тегам и записным книжкам. Приложение предлагает E2EE и может синхронизироваться через Nextcloud, Dropbox и др. Приложение также предлагает легкий перенос данных из Evernote и простых текстовых заметок.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Приложение предлагает E2EE и может синхронизироваться через Nextcloud, Dropbox и др. Приложение также предлагает легкий перенос данных из Evernote и простых текстовых заметок.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee предлагает 100 МБ хранилища бесплатно, а если вам нужно больше, вы можете воспользоваться платными опциями. Регистрация не требует указания электронной почты или другой персональной информации.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Регистрация не требует указания электронной почты или другой персональной информации.
## Локальные сервисы
diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md
index 3ff641cf..30d88955 100644
--- a/i18n/ru/os/android-overview.md
+++ b/i18n/ru/os/android-overview.md
@@ -84,7 +84,7 @@ Android 13:
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Эта библиотека включает [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging), которая нужна для поддержки [push-уведомлений](https://en.wikipedia.org/wiki/Push_technology) в приложениях. Именно [это относится](https://fosstodon.org/@bitwarden/109636825700482007) к Bitwarden. Это не означает, что Bitwarden использует все возможности аналитики, которые предоставляет Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). Эта библиотека включает [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging), которая нужна для поддержки [push-уведомлений](https://en.wikipedia.org/wiki/Push_technology) в приложениях. Именно [это относится](https://fosstodon.org/@bitwarden/109636825700482007) к Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. Эта функция может предотвратить утечку данных в случае отключения VPN. Его можно найти в :gear: **Настройки** → **Сеть и интернет** → **VPN** → :gear: → **Блокировать соединения без VPN**.
@@ -124,7 +124,7 @@ Android 7 and above supports a VPN kill switch, and it is available without the
## Сервисы Google
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. Мы по-прежнему рекомендуем полностью отказаться от сервисов Google или ограничить сервисы Google Play определенным профилем пользователя/рабочим профилем, объединив контроллер устройства, такой как *Shelter*, с GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Дополнительная защита
diff --git a/i18n/ru/os/ios-overview.md b/i18n/ru/os/ios-overview.md
index a1665ee6..86fbfe26 100644
--- a/i18n/ru/os/ios-overview.md
+++ b/i18n/ru/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/ru/os/linux-overview.md b/i18n/ru/os/linux-overview.md
index 750fcad1..1b7ac08c 100644
--- a/i18n/ru/os/linux-overview.md
+++ b/i18n/ru/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Наши рекомендации Linux :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Избежать телеметрии, которая часто поставляется с проприетарными операционными системами
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ For frozen distributions such as [Debian](https://debian.org/security/faq#handli
Традиционно дистрибутивы Linux обновляются путем последовательного обновления нужных пакетов. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### Дистрибутивы "ориентированные на безопасность"
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Шифрование диска
-Большинство дистрибутивов Linux имеют опцию в программе установки для включения [LUKS](../encryption.md#linux-unified-key-setup) FDE. Если этот параметр небыл выбран во время установки, вам придется создать резервную копию данных и выполнить повторную установку, поскольку шифрование применяется после [разметки диска](https://ru.wikipedia.org/wiki/%D0%A0%D0%B0%D0%B7%D0%B4%D0%B5%D0%BB_%D0%B4%D0%B8%D1%81%D0%BA%D0%B0), но до [форматирования файловых систем](https://ru.wikipedia.org/wiki/%D0%A4%D0%B0%D0%B9%D0%BB%D0%BE%D0%B2%D0%B0%D1%8F_%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0). Мы также рекомендуем безопасно удалять файлы на вашем накопителе:
+Большинство дистрибутивов Linux имеют опцию в программе установки для включения [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. Мы также рекомендуем безопасно удалять файлы на вашем накопителе:
- [Безопасное удаление данных :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ MAC address randomization is primarily beneficial for Wi-Fi connections. For Eth
Проект Fedora [подсчитывает](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting), сколько уникальных систем обращаются к его зеркалам, используя переменную [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) вместо уникального ID. Fedora делает это для определения нагрузки и предоставления лучших серверов для обновлений, где это необходимо.
-Эта [опция](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) в настоящее время по умолчанию выключена. Мы рекомендуем добавить `countme=false` в `/etc/dnf/dnf.conf` на случай, если она будет включена в будущем. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+Эта [опция](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) в настоящее время по умолчанию выключена. Мы рекомендуем добавить `countme=false` в `/etc/dnf/dnf.conf` на случай, если она будет включена в будущем. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/ru/os/macos-overview.md b/i18n/ru/os/macos-overview.md
index f8a8dcdf..1587d479 100644
--- a/i18n/ru/os/macos-overview.md
+++ b/i18n/ru/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Резервное копирование
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Источники
diff --git a/i18n/ru/os/windows/group-policies.md b/i18n/ru/os/windows/group-policies.md
index 15167ae9..d72f6eee 100644
--- a/i18n/ru/os/windows/group-policies.md
+++ b/i18n/ru/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Параметры групповой политики
description: Краткое руководство по конфигурации групповой политики для повышения конфиденциальности в Windows.
---
-Не учитывая изменения реестра, **Редактор локальной групповой политики** является одним из самых эффективных способов настроить различные параметры системы без необходимости установки сторонних программ. Для изменения этих параметров требуется версия [Pro](index.md#windows-editions) или лучше.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Для изменения этих параметров требуется версия [Pro](index.md#windows-editions) или лучше.
-Эти настройки следует применить при первичной установке Windows. Изменение этих параметров на системе, которая уже работает некоторое время, скорее всего, пройдет без проблем, однако существует риск возникновения непредсказуемых сбоев. В таком случае ответственность за изменения ложится на вас.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
Все эти параметры содержат пояснения в редакторе групповой политики, которые обычно очень подробно объясняют их функциональность. Пожалуйста, обращайте внимание на эти описания при внесении изменений, чтобы точно понимать, что именно мы рекомендуем. Мы также пояснили некоторые из наших решений ниже, когда объяснения, предоставленные в Windows, оказались недостаточными.
@@ -68,7 +68,7 @@ description: Краткое руководство по конфигурации
- Этот параметр политики позволяет вам настроить требование дополнительной проверки подлинности при запуске: **Включено**
- Этот параметр политики позволяет разрешить использование улучшенных ПИН-кодов при запуске компьютера: **Включено**
-Несмотря на названия этих политик, по умолчанию они ничего не требуют, но активируют _опцию_ для более детальной настройки (например, требование ввода ПИН-кода при запуске в дополнение к TPM) в мастере настройки BitLocker.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Содержимое облака
diff --git a/i18n/ru/os/windows/index.md b/i18n/ru/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/ru/os/windows/index.md
+++ b/i18n/ru/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/ru/passwords.md b/i18n/ru/passwords.md
index 9845c89b..0f9d752e 100644
--- a/i18n/ru/passwords.md
+++ b/i18n/ru/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ In April 2024, Psono added [support for passkeys](https://psono.com/blog/psono-i
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC хранит экспортированные данные в виде
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/ru/photo-management.md b/i18n/ru/photo-management.md
index ff37b6d8..8ef4c45e 100644
--- a/i18n/ru/photo-management.md
+++ b/i18n/ru/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Должны иметь бесплатную версию или пробный период для тестирования.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Должны иметь веб-интерфейс, поддерживающий основные функции управления файлами.
- Должны обеспечивать легкий экспорт всех файлов/документов.
- Исходный код проекта должен быть открыт.
diff --git a/i18n/ru/real-time-communication.md b/i18n/ru/real-time-communication.md
index aff45a7c..6ec9f191 100644
--- a/i18n/ru/real-time-communication.md
+++ b/i18n/ru/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Критерии
diff --git a/i18n/ru/router.md b/i18n/ru/router.md
index 77a96be9..0c522673 100644
--- a/i18n/ru/router.md
+++ b/i18n/ru/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** - это операционная система, основанная на ядре Linux, используемая в основном на встраиваемых устройствах для маршрутизации сетевого трафика. Основными компонентами являются ядро Linux, util-linux, uClibc и BusyBox. Все компоненты были оптимизированы по размеру, чтобы быть достаточно маленькими для установки в ограниченной памяти, доступной в домашних роутерах.
+**OpenWrt** - это операционная система, основанная на ядре Linux, используемая в основном на встраиваемых устройствах для маршрутизации сетевого трафика. Основными компонентами являются ядро Linux, util-linux, uClibc и BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Домашняя страница](https://openwrt.org/ru){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/ru/docs/start){ .card-link title=Документация}
diff --git a/i18n/ru/security-keys.md b/i18n/ru/security-keys.md
index d04269fc..b01834db 100644
--- a/i18n/ru/security-keys.md
+++ b/i18n/ru/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/ru/tools.md b/i18n/ru/tools.md
index 93b59bda..cd953855 100644
--- a/i18n/ru/tools.md
+++ b/i18n/ru/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Компания Proton AG базируется в Женеве, Швейцария. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Они работают с 2014 года. Mailbox.org базируется в Берлине, Германия. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/ru/tor.md b/i18n/ru/tor.md
index afd1d329..4b72578e 100644
--- a/i18n/ru/tor.md
+++ b/i18n/ru/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ In addition to installing Tor Browser on your computer directly, there are also
Tips for Android
-Orbot может проксировать отдельные приложения, если они поддерживают SOCKS или HTTP проксирование. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot может проксировать отдельные приложения, если они поддерживают SOCKS или HTTP проксирование. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
В [репозитории F-Droid](https://guardianproject.info/fdroid) проекта Guardian и [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) часто загружена устаревшая версия Orbot, поэтому его лучше загружать непосредственно с [оепозитория GitHub](https://github.com/guardianproject/orbot/releases).
-Все версии подписаны одной и той же подписью, поэтому они должны быть совместимы друг с другом.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/ru/vpn.md b/i18n/ru/vpn.md
index 32547030..114070f0 100644
--- a/i18n/ru/vpn.md
+++ b/i18n/ru/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Рекомендации и сравнение приватных VPN-сервисов, без спонсоров и рекламы - Privacy Guides"
title: "VPN сервисы"
icon: material/vpn
-description: Лучшие VPN-сервисы для защиты вашей конфиденциальности и безопасности в интернете. Найдите провайдера, который не будет шпионить за вами.
+description: Лучшие VPN-сервисы для защиты вашей конфиденциальности и безопасности в интернете. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [теперь поддерживает IPv6](https://protonvpn.com/suppor
#### :material-information-outline:{ .pg-info } Удалённая переадресация портов
-В настоящее время Proton VPN поддерживает только эфемерную удаленную [переадресацию портов](https://protonvpn.com/support/port-forwarding) через NAT-PMP с 60-секундным временем аренды. Приложение для Windows обеспечивает лёгкий доступ к ней, в то время как на других операционных системах вам придётся запустить собственный [клиент NAT-PMP](https://protonvpn.com/support/port-forwarding-manual-setup). Торрент приложения часто поддерживают NAT-PMP нативно.
+В настоящее время Proton VPN поддерживает только эфемерную удаленную [переадресацию портов](https://protonvpn.com/support/port-forwarding) через NAT-PMP с 60-секундным временем аренды. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Торрент приложения часто поддерживают NAT-PMP нативно.
#### :material-information-outline:{ .pg-blue } Борьба с цензурой
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Дополнительные замечания
-Proton VPN clients support two factor authentication on all platforms. Proton VPN имеет собственные серверы и дата-центры в Швейцарии, Исландии и Швеции. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN имеет собственные серверы и дата-центры в Швейцарии, Исландии и Швеции. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Функция Killswitch не работает на Mac на базе Intel
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. Если вам необходима эта функция, и вы используете Mac с чипсетом Intel, вам следует рассмотреть возможность использования другой службы VPN.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. Если вам необходима эта функция, и вы используете Mac с чипсетом Intel, вам следует рассмотреть возможность использования другой службы VPN.
### IVPN
@@ -183,7 +183,7 @@ IVPN позволяет [подключаться к сервисам, испо
#### :material-check:{ .pg-green } Борьба с цензурой
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Приложения для смартфонов
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Дополнительные замечания
-Клиенты IVPN поддерживают двухфакторную аутентификацию. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
{ align=right }
-**Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad позволяет [получить доступ к сервисам,
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad очень открыт в отношении того, какими у
### Технологии
-Мы требуем, чтобы все рекомендуемые нами VPN-провайдеры предоставляли файлы конфигурации OpenVPN для использования в любом клиенте. **Если** VPN предоставляет свой собственный пользовательский клиент, мы требуем наличия killswitch для блокировки утечки сетевых данных при отключении.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Минимальные требования:**
-- Поддержка надежных протоколов, таких как WireGuard & OpenVPN.
-- Killswitch встроен в приложения.
-- Поддержка Multihop. Multihop важен для сохранения конфиденциальности данных в случае компрометации одного узла.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Функции защиты от цензуры, разработанные для обхода брандмауэров без DPI.
**В лучшем случае:**
-- Killswitch с широкими возможностями настройки (включение/выключение в определенных сетях, при включении и т.д.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Простые в использовании приложения VPN
- Поддержка [IPv6](https://en.wikipedia.org/wiki/IPv6). Мы ожидаем, что серверы будут разрешать входящие соединения через IPv6 и позволят вам получить доступ к услугам, размещенным на адресах IPv6.
- Возможность [удаленной переадресации портов](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) помогает создавать соединения при использовании программного обеспечения для обмена файлами P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) или хостинга сервера (например, Mumble).
@@ -316,11 +316,11 @@ Mullvad очень открыт в отношении того, какими у
**В лучшем случае:**
- Принимает множество [анонимных вариантов оплаты](advanced/payments.md).
-- Не принимается личная информация (автогенерируемое имя пользователя, не требуется электронная почта и т.д.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Безопасность
-VPN бессмысленен, если он даже не может обеспечить адекватную безопасность. Мы требуем, чтобы все рекомендуемые нами провайдеры соблюдали современные стандарты безопасности для своих соединений OpenVPN. В идеале, они должны по умолчанию использовать более перспективные схемы шифрования. Мы также требуем, чтобы независимая третья сторона провела аудит безопасности провайдера, в идеале - в полном объеме и на повторяющейся (ежегодной) основе.
+VPN бессмысленен, если он даже не может обеспечить адекватную безопасность. We require all our recommended providers to abide by current security standards. В идеале, они должны по умолчанию использовать более перспективные схемы шифрования. Мы также требуем, чтобы независимая третья сторона провела аудит безопасности провайдера, в идеале - в полном объеме и на повторяющейся (ежегодной) основе.
**Минимальные требования:**
@@ -358,7 +358,7 @@ VPN бессмысленен, если он даже не может обесп
**Минимальные требования:**
-- Должен самостоятельно проводить аналитику (т.е. не Google Analytics). Сайт провайдера также должен соответствовать требованиям [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) для людей, которые хотят отказаться от аналитики.
+- Должен самостоятельно проводить аналитику (т.е. не Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Не должно быть никакого маркетинга, который является безответственным:
diff --git a/i18n/sv/about.md b/i18n/sv/about.md
index c8fd239e..40c2f2ec 100644
--- a/i18n/sv/about.md
+++ b/i18n/sv/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/sv/about/contributors.md b/i18n/sv/about/contributors.md
index e31b1077..6b68dec2 100644
--- a/i18n/sv/about/contributors.md
+++ b/i18n/sv/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Typ | Beskrivning |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/sv/about/criteria.md b/i18n/sv/about/criteria.md
index c10c259b..fff0123c 100644
--- a/i18n/sv/about/criteria.md
+++ b/i18n/sv/about/criteria.md
@@ -24,7 +24,7 @@ Vi har dessa krav på utvecklare som vill lämna in sitt projekt eller sin progr
- Måste uppge tillhörighet, det vill säga din position inom projektet som lämnas in.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Om möjligt, ange vem som kommer att genomföra revisionen.
- Måste förklara vad projektet tillför när det gäller integritetsskydd.
diff --git a/i18n/sv/about/executive-policy.md b/i18n/sv/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/sv/about/executive-policy.md
+++ b/i18n/sv/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/sv/about/notices.md b/i18n/sv/about/notices.md
index bc7fc182..a98db0bb 100644
--- a/i18n/sv/about/notices.md
+++ b/i18n/sv/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
+We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/sv/about/privacytools.md b/i18n/sv/about/privacytools.md
index 93c125fc..a73e910a 100644
--- a/i18n/sv/about/privacytools.md
+++ b/i18n/sv/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Publicera meddelanden på vår subreddit och i andra forum för att informera om den officiella ändringen.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formellt stänga tjänsterna på privacytools.io, som Matrix och Mastodon, och uppmana befintliga användare att flytta över så snart som möjligt.
Allt verkade gå smidigt och de flesta av våra aktiva medlemmar gick över till vårt nya projekt precis som vi hoppades.
@@ -66,11 +66,11 @@ Ungefär en vecka efter övergången återkom BurungHantu online för första g
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). Vi gick med på det och bad honom att hålla subdomänerna för Matrix, Mastodon och PeerTube aktiva så att vi kan köra dem som en offentlig tjänst för vår gemenskap under åtminstone några månader, så att användare på dessa plattformar enkelt kan flytta över till andra konton. På grund av den federerade karaktären hos de tjänster vi tillhandahöll var de bundna till specifika domännamn, vilket gjorde det mycket svårt att migrera (och i vissa fall omöjligt).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
BurungHantu gjorde därefter falska anklagelser om att Jonah skulle ha stulit donationer från projektet. BurungHantu hade över ett år på nacken sedan den påstådda händelsen inträffade, men han informerade aldrig någon om den förrän efter att Privacy Guides migration hade genomförts. BurungHantu har upprepade gånger ombetts av teamet [och gemenskapen](https://twitter.com/TommyTran732/status/1526153536962281474)att lämna bevis och att kommentera orsaken till sin tystnad, men han har inte gjort det.
-BurungHantu gjorde också ett twitterinlägg på [](https://twitter.com/privacytoolsIO/status/1510560676967710728) där han påstod att en "advokat" hade kontaktat honom på Twitter och gav honom råd, i ett annat försök att tvinga oss att ge honom kontroll över vår subreddit, och som en del av hans smutskastningskampanj för att fördunkla vattnet kring lanseringen av Privacy Guides samtidigt som han låtsas vara ett offer.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io nu
@@ -80,7 +80,7 @@ Sedan den 25 september 2022 ser vi hur BurungHantus övergripande planer förver
## privacyTools. io nu
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/sv/about/statistics.md b/i18n/sv/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/sv/about/statistics.md
+++ b/i18n/sv/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/sv/advanced/communication-network-types.md b/i18n/sv/advanced/communication-network-types.md
index d6f08b79..05997b9a 100644
--- a/i18n/sv/advanced/communication-network-types.md
+++ b/i18n/sv/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/sv/advanced/dns-overview.md b/i18n/sv/advanced/dns-overview.md
index 375f45ab..d207c3d2 100644
--- a/i18n/sv/advanced/dns-overview.md
+++ b/i18n/sv/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## Vad är DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/sv/advanced/tor-overview.md b/i18n/sv/advanced/tor-overview.md
index 3d7d97eb..ae055163 100644
--- a/i18n/sv/advanced/tor-overview.md
+++ b/i18n/sv/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/sv/ai-chat.md b/i18n/sv/ai-chat.md
index 03052c52..90bdc54b 100644
--- a/i18n/sv/ai-chat.md
+++ b/i18n/sv/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Kriterier
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Bästa fall
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/sv/alternative-networks.md b/i18n/sv/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/sv/alternative-networks.md
+++ b/i18n/sv/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/sv/android/general-apps.md b/i18n/sv/android/general-apps.md
index 47d5ed2a..c6610774 100644
--- a/i18n/sv/android/general-apps.md
+++ b/i18n/sv/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/sv/basics/account-creation.md b/i18n/sv/basics/account-creation.md
index 8d7d251c..e169792b 100644
--- a/i18n/sv/basics/account-creation.md
+++ b/i18n/sv/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Användarvillkor & Integritetspolicy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/sv/basics/account-deletion.md b/i18n/sv/basics/account-deletion.md
index 83da13e7..db5466e8 100644
--- a/i18n/sv/basics/account-deletion.md
+++ b/i18n/sv/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### E-postadress
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. Om tjänsten inte respekterar din rätt till radering kan du kontakta din nationella dataskyddsmyndighet [](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) och du kan ha rätt till ekonomisk kompensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Överskrivning av kontoinformation
diff --git a/i18n/sv/basics/common-misconceptions.md b/i18n/sv/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/sv/basics/common-misconceptions.md
+++ b/i18n/sv/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/sv/basics/common-threats.md b/i18n/sv/basics/common-threats.md
index bfabc6ba..596508d8 100644
--- a/i18n/sv/basics/common-threats.md
+++ b/i18n/sv/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ För att minimera den skada som en skadlig programvara ** kan orsaka bör du anv
Mobila operativsystem har i allmänhet bättre applikationssandlåda än stationära operativsystem: Appar kan inte få root-åtkomst och kräver tillstånd för åtkomst till systemresurser.
-Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. ChromeOS har liknande sandlådor som Android och macOS har fullständig kontroll över systembehörigheter (och utvecklare kan välja att sandlådor ska användas för program). Dessa operativsystem överför dock identifieringsinformation till sina respektive OEM-tillverkare. Linux tenderar att inte lämna information till systemleverantörer, men har dåligt skydd mot exploateringar och skadliga program. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Dessa operativsystem överför dock identifieringsinformation till sina respektive OEM-tillverkare. Linux tenderar att inte lämna information till systemleverantörer, men har dåligt skydd mot exploateringar och skadliga program. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Därför bör du använda inbyggda applikationer över webbklienter när det är
-Även med E2EE kan tjänsteleverantörer fortfarande profilera dig utifrån **metadata**, som vanligtvis inte är skyddade. Medan tjänsteleverantören inte kan läsa dina meddelanden kan de fortfarande observera viktiga saker, till exempel vem du pratar med, hur ofta du skickar meddelanden till dem och när du vanligtvis är aktiv. Skydd av metadata är ganska ovanligt, och om det ingår i din hotmodell [](threat-modeling.md)- bör du vara uppmärksam på den tekniska dokumentationen för den programvara du använder för att se om det finns någon minimering eller något skydd av metadata överhuvudtaget.
+Även med E2EE kan tjänsteleverantörer fortfarande profilera dig utifrån **metadata**, som vanligtvis inte är skyddade. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Skydd av metadata är ganska ovanligt, och om det ingår i din hotmodell [](threat-modeling.md)- bör du vara uppmärksam på den tekniska dokumentationen för den programvara du använder för att se om det finns någon minimering eller något skydd av metadata överhuvudtaget.
## Massövervakningsprogram
@@ -156,7 +156,7 @@ Massövervakning är ett komplicerat försök att övervaka "beteende, många ak
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
För många människor är spårning och övervakning av privata företag ett växande problem. Genomgripande annonsnätverk, som de som drivs av Google och Facebook, spänner över internet långt bortom bara de webbplatser de kontrollerar och spårar dina handlingar längs vägen. Genom att använda verktyg som innehållsblockerare för att begränsa nätverksförfrågningar till deras servrar och läsa sekretesspolicyn för de tjänster du använder kan du undvika många grundläggande motståndare (även om det inte helt kan förhindra spårning).[^4]
-Dessutom kan även företag utanför *AdTech* eller spårningsbranschen dela din information med [datamäklare](https://en.wikipedia.org/wiki/Information_broker) (t.ex. Cambridge Analytica, Experian eller Datalogix) eller andra parter. Du kan inte automatiskt anta att dina data är säkra bara för att den tjänst du använder inte faller inom den typiska AdTech- eller spårningsaffärsmodellen. Det starkaste skyddet mot företags datainsamling är att kryptera eller dölja dina data när det är möjligt, vilket gör det svårt för olika leverantörer att korrelera data med varandra och bygga en profil på dig.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Du kan inte automatiskt anta att dina data är säkra bara för att den tjänst du använder inte faller inom den typiska AdTech- eller spårningsaffärsmodellen. Det starkaste skyddet mot företags datainsamling är att kryptera eller dölja dina data när det är möjligt, vilket gör det svårt för olika leverantörer att korrelera data med varandra och bygga en profil på dig.
## Begränsning av offentlig information
diff --git a/i18n/sv/basics/email-security.md b/i18n/sv/basics/email-security.md
index 59052f4b..b65f5b3a 100644
--- a/i18n/sv/basics/email-security.md
+++ b/i18n/sv/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### Vilka e-postklienter stöder E2EE?
-E-postleverantörer som tillåter dig att använda standardprotokoll som IMAP och SMTP kan användas med någon av de e-postklienter på [som vi rekommenderar](../email-clients.md). Beroende på autentiseringsmetoden kan detta leda till sämre säkerhet om leverantören eller e-postklienten inte stöder OATH eller en bryggapplikation, eftersom [multi-faktorautentisering](multi-factor-authentication.md) inte är möjlig med vanlig lösenordsautentisering.
+E-postleverantörer som tillåter dig att använda standardprotokoll som IMAP och SMTP kan användas med någon av de e-postklienter på [som vi rekommenderar](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Hur skyddar jag mina privata nycklar?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Meddelandet dekrypteras sedan av smartkortet och det dekrypterade innehållet skickas tillbaka till enheten.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Översikt över metadata för e-post
@@ -49,4 +49,4 @@ E-postmetadata skyddas från utomstående observatörer med [Opportunistic TLS](
### Varför kan metadata inte vara E2EE?
-Metadata för e-post är avgörande för e-postens mest grundläggande funktionalitet (varifrån den kom och vart den ska ta vägen). E2EE var ursprungligen inte inbyggt i e-postprotokollen, utan krävde istället tilläggsprogram som OpenPGP. Eftersom OpenPGP-meddelanden fortfarande måste fungera med traditionella e-postleverantörer kan de inte kryptera metadata, utan endast själva meddelandet. Det innebär att även om du använder OpenPGP kan utomstående observatörer se mycket information om dina meddelanden, t. ex. vem du skickar e-post till, ämnesraden, när du skickar e-post osv.
+Metadata för e-post är avgörande för e-postens mest grundläggande funktionalitet (varifrån den kom och vart den ska ta vägen). E2EE var ursprungligen inte inbyggt i e-postprotokollen, utan krävde istället tilläggsprogram som OpenPGP. Eftersom OpenPGP-meddelanden fortfarande måste fungera med traditionella e-postleverantörer kan de inte kryptera metadata, utan endast själva meddelandet. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/sv/basics/hardware.md b/i18n/sv/basics/hardware.md
index 57695b44..10a77223 100644
--- a/i18n/sv/basics/hardware.md
+++ b/i18n/sv/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Varning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/sv/basics/multi-factor-authentication.md b/i18n/sv/basics/multi-factor-authentication.md
index e46bb658..725888b3 100644
--- a/i18n/sv/basics/multi-factor-authentication.md
+++ b/i18n/sv/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Faktor Autentisering"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Flerfaktorsautentisering** (**MFA**) är en säkerhetsmekanism som kräver ytterligare steg utöver att ange användarnamn (eller e-post) och lösenord. Den vanligaste metoden är tidsbegränsade koder som du kan få från SMS eller en app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. Den vanligaste metoden är tidsbegränsade koder som du kan få från SMS eller en app.
Om en hackare (eller motståndare) kan ta reda på ditt lösenord får han eller hon normalt sett tillgång till det konto som lösenordet tillhör. Ett konto med MFA tvingar hackaren att ha både lösenordet (något som du *känner till*) och en enhet som du äger (något som du *har*), t. ex. din telefon.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-För webbtjänster används det vanligtvis tillsammans med WebAuthn som är en del av [W3C:s rekommendationer](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Det använder autentisering med offentliga nycklar och är säkrare än delade hemligheter som används i Yubico OTP- och TOTP-metoder, eftersom det innehåller ursprungsnamnet (vanligtvis domännamnet) under autentisering. Intyg tillhandahålls för att skydda dig från nätfiskeattacker, eftersom det hjälper dig att avgöra att du använder den autentiska tjänsten och inte en falsk kopia.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Det använder autentisering med offentliga nycklar och är säkrare än delade hemligheter som används i Yubico OTP- och TOTP-metoder, eftersom det innehåller ursprungsnamnet (vanligtvis domännamnet) under autentisering. Intyg tillhandahålls för att skydda dig från nätfiskeattacker, eftersom det hjälper dig att avgöra att du använder den autentiska tjänsten och inte en falsk kopia.
Till skillnad från Yubico OTP använder WebAuthn inget offentligt ID, så nyckeln är **inte** identifierbar på olika webbplatser. Det använder inte heller någon tredje parts molnserver för autentisering. All kommunikation sker mellan nyckeln och den webbplats du loggar in på. FIDO använder också en räknare som ökas vid användning för att förhindra återanvändning av sessioner och klonade tangenter.
@@ -116,15 +116,15 @@ Om du använder SMS MFA, använd en operatör som inte byter ditt telefonnummer
## Fler ställen att inrätta MFA
-Flerfaktorsautentisering kan användas för att säkra lokala inloggningar, SSH-nycklar eller till och med lösenordsdatabaser.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS har [inbyggt stöd](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) för autentisering med smarta kort (PIV). Om du har ett smartkort eller en hårdvarunyckel som stöder PIV-gränssnittet, till exempel YubiKey, rekommenderar vi att du följer dokumentationen från leverantören av smartkortet eller hårdvarunyckeln och konfigurerar andrafaktorsautentisering för din macOS-dator.
+macOS har [inbyggt stöd](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) för autentisering med smarta kort (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-När din smartkort/säkerhetsnyckel har ställts in rekommenderar vi att du kör det här kommandot i terminalen:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA kan också ställas in med TOTP. DigitalOcean has provided a tutorial [H
### KeePass (och KeePassXC)
-KeePass- och KeePassXC-databaser kan säkras med hjälp av Challenge-Response eller HOTP som andrafaktorsautentisering. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/sv/basics/passwords-overview.md b/i18n/sv/basics/passwords-overview.md
index 7a63eb59..dfbfb328 100644
--- a/i18n/sv/basics/passwords-overview.md
+++ b/i18n/sv/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/sv/basics/threat-modeling.md b/i18n/sv/basics/threat-modeling.md
index fb2ce610..3444f842 100644
--- a/i18n/sv/basics/threat-modeling.md
+++ b/i18n/sv/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/sv/browser-extensions.md b/i18n/sv/browser-extensions.md
index 84278029..4b19254d 100644
--- a/i18n/sv/browser-extensions.md
+++ b/i18n/sv/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/sv/calendar.md b/i18n/sv/calendar.md
index 442fca69..315a605c 100644
--- a/i18n/sv/calendar.md
+++ b/i18n/sv/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/sv/cloud.md b/i18n/sv/cloud.md
index e0bae116..fe2e51ff 100644
--- a/i18n/sv/cloud.md
+++ b/i18n/sv/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Kriterier
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Måste genomdriva end-to-end-kryptering.
- Måste erbjuda en gratis plan eller provperiod för testning.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Måste erbjuda ett webbgränssnitt som stöder grundläggande filhanteringsfunktioner.
- Måste möjliggöra enkel export av alla filer/dokument.
diff --git a/i18n/sv/cryptocurrency.md b/i18n/sv/cryptocurrency.md
index a32185f4..76e815a3 100644
--- a/i18n/sv/cryptocurrency.md
+++ b/i18n/sv/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Kriterier
diff --git a/i18n/sv/data-broker-removals.md b/i18n/sv/data-broker-removals.md
index 7922ecb0..d510e8a4 100644
--- a/i18n/sv/data-broker-removals.md
+++ b/i18n/sv/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/sv/desktop-browsers.md b/i18n/sv/desktop-browsers.md
index 6552eed0..5249bf9d 100644
--- a/i18n/sv/desktop-browsers.md
+++ b/i18n/sv/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS över HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/sv/desktop.md b/i18n/sv/desktop.md
index 98297eb1..d6f917bd 100644
--- a/i18n/sv/desktop.md
+++ b/i18n/sv/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/sv/device-integrity.md b/i18n/sv/device-integrity.md
index d27f1cb0..0022ee11 100644
--- a/i18n/sv/device-integrity.md
+++ b/i18n/sv/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/sv/dns.md b/i18n/sv/dns.md
index 7c20fed7..59e96a55 100644
--- a/i18n/sv/dns.md
+++ b/i18n/sv/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/sv/document-collaboration.md b/i18n/sv/document-collaboration.md
index 7ed5d961..b2ff96e9 100644
--- a/i18n/sv/document-collaboration.md
+++ b/i18n/sv/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/sv/email-aliasing.md b/i18n/sv/email-aliasing.md
index cc464c91..a5d9d6f2 100644
--- a/i18n/sv/email-aliasing.md
+++ b/i18n/sv/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/sv/email.md b/i18n/sv/email.md
index caca92a6..adb947ce 100644
--- a/i18n/sv/email.md
+++ b/i18n/sv/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** är en e-posttjänst med fokus på ,integritet, kryptering, säkerhet, och användarvänlighet. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** är en e-posttjänst med fokus på ,integritet, kryptering, säkerhet, och användarvänlighet. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/sv/encryption.md b/i18n/sv/encryption.md
index ed55f55f..8400987c 100644
--- a/i18n/sv/encryption.md
+++ b/i18n/sv/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt är en gaffel i det nedlagda TrueCrypt-projektet. Enligt utvecklarna h
När du krypterar med VeraCrypt kan du välja mellan olika hashfunktioner [](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Vi föreslår att du **endast** väljer [SHA-512](https://en.wikipedia.org/wiki/SHA-512) och håller dig till [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) blockchiffer.
-Truecrypt har granskats [ett antal gånger](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), och VeraCrypt har också granskats [separat](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Säkerhetskopiera `BitLocker-Recovery-Key.txt` på skrivbordet till en separat l
{ align=right }
-**FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/sv/file-sharing.md b/i18n/sv/file-sharing.md
index ae3115dd..9f950a35 100644
--- a/i18n/sv/file-sharing.md
+++ b/i18n/sv/file-sharing.md
@@ -13,7 +13,7 @@ Upptäck hur du kan dela dina filer privat mellan dina enheter, med vänner och
## Fildelningsprogram
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Skicka
diff --git a/i18n/sv/frontends.md b/i18n/sv/frontends.md
index add6e3f4..a420fecb 100644
--- a/i18n/sv/frontends.md
+++ b/i18n/sv/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/sv/index.md b/i18n/sv/index.md
index eaed9e1d..6fd7eb11 100644
--- a/i18n/sv/index.md
+++ b/i18n/sv/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/sv/meta/brand.md b/i18n/sv/meta/brand.md
index 60797dfa..bc71be34 100644
--- a/i18n/sv/meta/brand.md
+++ b/i18n/sv/meta/brand.md
@@ -12,7 +12,7 @@ Webbplatsen heter **Privacy Guides** och bör **inte** ändras till:
- PG.org
-Namnet på underreddit är **r/PrivacyGuides** eller **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Ytterligare riktlinjer för varumärket finns på [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/sv/meta/translations.md b/i18n/sv/meta/translations.md
index d2e71c7f..100760b5 100644
--- a/i18n/sv/meta/translations.md
+++ b/i18n/sv/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/sv/meta/uploading-images.md b/i18n/sv/meta/uploading-images.md
index b4067b5f..53d859de 100644
--- a/i18n/sv/meta/uploading-images.md
+++ b/i18n/sv/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/sv/meta/writing-style.md b/i18n/sv/meta/writing-style.md
index f673f143..6fce7559 100644
--- a/i18n/sv/meta/writing-style.md
+++ b/i18n/sv/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/sv/mobile-browsers.md b/i18n/sv/mobile-browsers.md
index 5d89caad..5072eebd 100644
--- a/i18n/sv/mobile-browsers.md
+++ b/i18n/sv/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** är standardwebbläsaren i iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** är standardwebbläsaren i iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Hemsida](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Integritetspolicy" }
@@ -372,7 +372,7 @@ Funktionen har i sig själv inga större problem med integriteten, så även om
- [x] Välj **Rensa uppgifter vid avslut**
-Safaris läge för privat surfning ger ytterligare skydd för privatlivet. Privat surfning använder en ny [tillfällig](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) -session för varje flik, vilket innebär att flikarna är isolerade från varandra. Det finns också andra mindre sekretessfördelar med privat surfning, till exempel att inte skicka en webbsidas adress till Apple när du använder Safaris översättningsfunktion.
+Safaris läge för privat surfning ger ytterligare skydd för privatlivet. Privat surfning använder en ny [tillfällig](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) -session för varje flik, vilket innebär att flikarna är isolerade från varandra. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. Detta kan vara en olägenhet.
diff --git a/i18n/sv/multi-factor-authentication.md b/i18n/sv/multi-factor-authentication.md
index b484e2ae..0265edaf 100644
--- a/i18n/sv/multi-factor-authentication.md
+++ b/i18n/sv/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Faktor Autentisering"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/sv/notebooks.md b/i18n/sv/notebooks.md
index a93aded1..6e6ada3c 100644
--- a/i18n/sv/notebooks.md
+++ b/i18n/sv/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Tjänsteleverantörer](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Håll koll på dina anteckningar och dagboksanteckningar utan att ge dem till tredje part.
+Keep track of your notes and journals without giving them to a third party.
Om du för närvarande använder ett program som Evernote, Google Keep eller Microsoft OneNote föreslår vi att du väljer ett alternativ som stöder E2EE.
@@ -82,9 +82,9 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
-{ align=right }
+{ align=right }
-**Joplin** är ett kostnadsfritt, öppen källkod och fullt utrustat program för anteckningar och att göra som kan hantera ett stort antal markdown-noter organiserade i anteckningsböcker och taggar. Det erbjuder E2EE och kan synkroniseras via Nextcloud, Dropbox och mer. Det erbjuder också enkel import från Evernote och vanlig text anteckningar.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Det erbjuder E2EE och kan synkroniseras via Nextcloud, Dropbox och mer. Det erbjuder också enkel import från Evernote och vanlig text anteckningar.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee erbjuder 100 Mb lagring gratis, med betalalternativ om du behöver mer. För att registrera dig krävs ingen e-post eller annan personligt identifierbar information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. För att registrera dig krävs ingen e-post eller annan personligt identifierbar information.
## Lokala anteckningsböcker
diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md
index 3237dcfd..6f654445 100644
--- a/i18n/sv/os/android-overview.md
+++ b/i18n/sv/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/sv/os/ios-overview.md b/i18n/sv/os/ios-overview.md
index 04e76f89..6fc4d31c 100644
--- a/i18n/sv/os/ios-overview.md
+++ b/i18n/sv/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/sv/os/linux-overview.md b/i18n/sv/os/linux-overview.md
index 96d7f66e..b2533b7c 100644
--- a/i18n/sv/os/linux-overview.md
+++ b/i18n/sv/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Våra Linux-rekommendationer :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Undvik telemetri som ofta kommer med egna operativsystem
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ Vi tror inte att hålla paket tillbaka och tillämpa tillfälliga patchar är en
Traditionellt sett uppdaterar Linuxdistributioner genom att sekventiellt uppdatera de önskade paketen. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao)
(YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao)
(YouTube)
### "Säkerhetsfokuserad" distribution
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Enhetskryptering
-De flesta Linux-distributioner har ett alternativ i installationsprogrammet för att aktivera [LUKS](../encryption.md#linux-unified-key-setup) fde. Om det här alternativet inte är inställt vid installationstillfället måste du säkerhetskopiera dina data och installera om, eftersom krypteringen tillämpas efter [diskpartitionering](https://en.wikipedia.org/wiki/Disk_partitioning), men innan [filsystem](https://en.wikipedia.org/wiki/File_system) formateras. Vi föreslår också att du raderar din lagringsenhet på ett säkert sätt:
+De flesta Linux-distributioner har ett alternativ i installationsprogrammet för att aktivera [LUKS](../encryption.md#linux-unified-key-setup) fde. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. Vi föreslår också att du raderar din lagringsenhet på ett säkert sätt:
- [Säker radering av data :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ Det finns andra systemidentifierare som du bör vara försiktig med. Du bör fun
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/sv/os/macos-overview.md b/i18n/sv/os/macos-overview.md
index 31315479..accef5f8 100644
--- a/i18n/sv/os/macos-overview.md
+++ b/i18n/sv/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** är ett Unix-baserat operativsystem utvecklat av Apple för deras Macdatorer. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Säkerhetskopior
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Källor
diff --git a/i18n/sv/os/windows/group-policies.md b/i18n/sv/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/sv/os/windows/group-policies.md
+++ b/i18n/sv/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/sv/os/windows/index.md b/i18n/sv/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/sv/os/windows/index.md
+++ b/i18n/sv/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/sv/passwords.md b/i18n/sv/passwords.md
index 858badf3..b58e97e4 100644
--- a/i18n/sv/passwords.md
+++ b/i18n/sv/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ Med dessa alternativ kan du hantera en krypterad lösenordsdatabas lokalt.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Hemsida](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Integritetspolicy" }
@@ -357,7 +357,7 @@ KeePassXC lagrar sina exportdata som [CSV](https://en.wikipedia.org/wiki/Comma-s
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Hemsida](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Dokumentation" }
diff --git a/i18n/sv/photo-management.md b/i18n/sv/photo-management.md
index aad118d6..bef92a47 100644
--- a/i18n/sv/photo-management.md
+++ b/i18n/sv/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Måste erbjuda en gratis plan eller provperiod för testning.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Måste erbjuda ett webbgränssnitt som stöder grundläggande filhanteringsfunktioner.
- Måste möjliggöra enkel export av alla filer/dokument.
- Måste vara öppen källkod.
diff --git a/i18n/sv/real-time-communication.md b/i18n/sv/real-time-communication.md
index 7d0aa4b8..7ee6452b 100644
--- a/i18n/sv/real-time-communication.md
+++ b/i18n/sv/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Kriterier
diff --git a/i18n/sv/router.md b/i18n/sv/router.md
index 507e59e2..71142e96 100644
--- a/i18n/sv/router.md
+++ b/i18n/sv/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** är ett Linuxbaserat operativsystem som främst används på inbyggda enheter för att dirigera nätverkstrafik. Den innehåller util-linux, uClibc och BusyBox. Alla komponenter har optimerats för hem routrar.
+**OpenWrt** är ett Linuxbaserat operativsystem som främst används på inbyggda enheter för att dirigera nätverkstrafik. Den innehåller util-linux, uClibc och BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/sv/security-keys.md b/i18n/sv/security-keys.md
index a0035b3d..f131a323 100644
--- a/i18n/sv/security-keys.md
+++ b/i18n/sv/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/sv/tools.md b/i18n/sv/tools.md
index f1cb19d6..b1e6adf9 100644
--- a/i18n/sv/tools.md
+++ b/i18n/sv/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta har varit verksamt sedan 2011 och har sitt säte i Hannover, Tyskland. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/sv/tor.md b/i18n/sv/tor.md
index 47cef91b..8a670e16 100644
--- a/i18n/sv/tor.md
+++ b/i18n/sv/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/sv/vpn.md b/i18n/sv/vpn.md
index c921dede..3c4a2342 100644
--- a/i18n/sv/vpn.md
+++ b/i18n/sv/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN-tjänster"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Här kan du hitta en tjänst som inte försöker spionera på dig.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch-funktionen är trasig på Intel-baserade Mac-datorer
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/tr/about.md b/i18n/tr/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/tr/about.md
+++ b/i18n/tr/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/tr/about/contributors.md b/i18n/tr/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/tr/about/contributors.md
+++ b/i18n/tr/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/tr/about/criteria.md b/i18n/tr/about/criteria.md
index 6887e5bd..07c275d1 100644
--- a/i18n/tr/about/criteria.md
+++ b/i18n/tr/about/criteria.md
@@ -24,7 +24,7 @@ Projelerini veya yazılımlarını değerlendirmeye göndermek isteyen geliştir
- Bağlılığınızı, yani sunulan projedeki pozisyonunuzu açıklamalısınız.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. Mümkünse lütfen denetimi kimin yapacağını belirtin.
- Projenin mahremiyet konusunda masaya ne getirdiğini açıklamalıdır.
diff --git a/i18n/tr/about/executive-policy.md b/i18n/tr/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/tr/about/executive-policy.md
+++ b/i18n/tr/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/tr/about/notices.md b/i18n/tr/about/notices.md
index 9df63cf1..f7927a2f 100644
--- a/i18n/tr/about/notices.md
+++ b/i18n/tr/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Üçüncü taraf sağlayıcılardan elde edilen `varlıklardaki` logoların ve diğer görüntülerin ya kamu malı ya da **adil kullanımda** olduğuna inanıyoruz. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Bununla birlikte, bu logolar ve diğer görüntüler yine de bir veya daha fazla yargı alanında ticari marka yasalarına tabi olabilir. Bu içeriği kullanmadan önce, lütfen ticari markanın sahibi olan varlığı veya kuruluşu tanımlamak için kullanıldığından ve bunu amaçladığınız kullanım koşullarında geçerli olan yasalar uyarınca kullanma hakkına sahip olduğunuzdan emin olun. *Bu web sitesinden içerik kopyalarken, başka birinin ticari markasını veya telif hakkını ihlal etmediğinizden yalnızca siz sorumlusunuz.*
+Üçüncü taraf sağlayıcılardan elde edilen `varlıklardaki` logoların ve diğer görüntülerin ya kamu malı ya da **adil kullanımda** olduğuna inanıyoruz. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Bununla birlikte, bu logolar ve diğer görüntüler yine de bir veya daha fazla yargı alanında ticari marka yasalarına tabi olabilir. Bu içeriği kullanmadan önce, lütfen ticari markanın sahibi olan varlığı veya kuruluşu tanımlamak için kullanıldığından ve bunu amaçladığınız kullanım koşullarında geçerli olan yasalar uyarınca kullanma hakkına sahip olduğunuzdan emin olun. *Bu web sitesinden içerik kopyalarken, başka birinin ticari markasını veya telif hakkını ihlal etmediğinizden yalnızca siz sorumlusunuz.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/tr/about/privacytools.md b/i18n/tr/about/privacytools.md
index d5121a69..66901af1 100644
--- a/i18n/tr/about/privacytools.md
+++ b/i18n/tr/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/tr/about/statistics.md b/i18n/tr/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/tr/about/statistics.md
+++ b/i18n/tr/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/tr/advanced/communication-network-types.md b/i18n/tr/advanced/communication-network-types.md
index be5a6426..230ae9d9 100644
--- a/i18n/tr/advanced/communication-network-types.md
+++ b/i18n/tr/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/tr/advanced/dns-overview.md b/i18n/tr/advanced/dns-overview.md
index 8826e077..cc58f40a 100644
--- a/i18n/tr/advanced/dns-overview.md
+++ b/i18n/tr/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with
CTRL +
C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/tr/advanced/tor-overview.md b/i18n/tr/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/tr/advanced/tor-overview.md
+++ b/i18n/tr/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/tr/ai-chat.md b/i18n/tr/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/tr/ai-chat.md
+++ b/i18n/tr/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/tr/alternative-networks.md b/i18n/tr/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/tr/alternative-networks.md
+++ b/i18n/tr/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/tr/android/general-apps.md b/i18n/tr/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/tr/android/general-apps.md
+++ b/i18n/tr/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/tr/basics/account-creation.md b/i18n/tr/basics/account-creation.md
index 5974152a..405f9aae 100644
--- a/i18n/tr/basics/account-creation.md
+++ b/i18n/tr/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Çoğu zaman insanlar düşünmeden hizmetlere kaydolurlar. Bu, herkesin konuştuğu yeni diziyi izleyebileceğiniz bir yayın hizmeti ya da en sevdiğiniz fast food restoranında indirim sağlayan bir hesap olabilir. Her ne için olursa olsun, şimdi ve daha sonrası için verileriniz üzerindeki etkilerini göz önünde bulundurmalısınız.
+Çoğu zaman insanlar düşünmeden hizmetlere kaydolurlar. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Her ne için olursa olsun, şimdi ve daha sonrası için verileriniz üzerindeki etkilerini göz önünde bulundurmalısınız.
Kullandığınız her yeni hizmetle ilgili riskler vardır. Veri ihlalleri; müşteri bilgilerinin üçüncü taraflara ifşa edilmesi; kötü niyetli çalışanların verilere erişmesi; tüm bunlar bilgilerinizi dışarıya verirken göz önünde bulundurulması gereken olasılıklardır. Hizmete güvenebileceğinizden emin olmanız gerekir. Bu nedenle değerli verilerinizi olgun ve test edilmiş olanlar dışında herhangi bir yerde saklamanızı önermiyoruz. Bu genellikle uçtan uca şifreleme (E2EE) sağlayan ve kriptografik denetimden geçmiş hizmetler anlamına gelir. Denetim, ürünün deneyimsiz bir geliştiricinin neden olduğu göze çarpan güvenlik sorunları olmadan tasarlandığına dair güvenceyi artırır.
@@ -13,11 +13,11 @@ Bazı hizmetlerde hesapları silmek de zor olabilir. Bazen bir hesapla ilişkili
## Hizmet Koşulları & Gizlilik Politikası
-ToS, hizmeti kullanırken uymayı kabul ettiğiniz kurallardır. Daha büyük hizmetlerde bu kurallar genellikle otomatik sistemler tarafından uygulanır. Bazen bu otomatik sistemler hata yapabilir. Örneğin, bir VPN veya VOIP numarası kullandığınız için bazı hizmetlerde hesabınız yasaklanabilir veya kilitlenebilir. Bu tür yasaklara itiraz etmek genellikle zordur ve her zaman başarılı olmayan otomatik bir süreci de içerir. Örnek olarak e-posta için Gmail'i kullanmanızı önermememizin nedenlerinden biri de budur. E-posta, kaydolduğunuz diğer hizmetlere erişim için çok önemlidir.
+ToS, hizmeti kullanırken uymayı kabul ettiğiniz kurallardır. Daha büyük hizmetlerde bu kurallar genellikle otomatik sistemler tarafından uygulanır. Bazen bu otomatik sistemler hata yapabilir. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Bu tür yasaklara itiraz etmek genellikle zordur ve her zaman başarılı olmayan otomatik bir süreci de içerir. Örnek olarak e-posta için Gmail'i kullanmanızı önermememizin nedenlerinden biri de budur. E-posta, kaydolduğunuz diğer hizmetlere erişim için çok önemlidir.
-Gizlilik Politikası, hizmetin verilerinizi nasıl kullanacağını söyler, ve verilerinizin nasıl kullanılacağını anlamanız için okumaya değerdir. Bir şirket veya kuruluş yasal olarak politikada yer alan her şeye uymak zorunda olmayabilir (yargı yetkisine bağlı). Yerel yasalarınızın ne olduğu ve bir sağlayıcının neleri toplamasına izin verdiği konusunda fikir sahibi olmanızı tavsiye ederiz.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. Bir şirket veya kuruluş yasal olarak politikada yer alan her şeye uymak zorunda olmayabilir (yargı yetkisine bağlı). Yerel yasalarınızın ne olduğu ve bir sağlayıcının neleri toplamasına izin verdiği konusunda fikir sahibi olmanızı tavsiye ederiz.
-"Veri toplama", "veri analizi", "çerezler", "reklamlar" veya "3. taraf" hizmetler gibi belirli terimleri aramanızı öneririz. Bazen veri toplamayı veya verilerinizi paylaşmayı devre dışı bırakabilirsiniz, ancak en iyisi en başından gizliliğinize saygı duyan bir hizmet seçmektir.
+"Veri toplama", "veri analizi", "çerezler", "reklamlar" veya "3. taraf" hizmetler gibi belirli terimleri aramanızı öneririz. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Aynı zamanda şirkete veya kuruluşa kendi gizlilik politikalarına uyacaklarına dair güvendiğinizi unutmayın.
@@ -42,7 +42,7 @@ Oturum açma kimlik bilgilerinizi yönetmekten siz sorumlu olacaksınız. Daha f
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
Kayıt için telefon numarası gerektiren hizmetlerden kaçınmanızı öneririz. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-Mümkünse gerçek telefon numaranızı vermekten kaçınmalısınız. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+Mümkünse gerçek telefon numaranızı vermekten kaçınmalısınız. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/tr/basics/account-deletion.md b/i18n/tr/basics/account-deletion.md
index 98293144..4156f52b 100644
--- a/i18n/tr/basics/account-deletion.md
+++ b/i18n/tr/basics/account-deletion.md
@@ -27,7 +27,7 @@ Masaüstü platformlarında da unutmuş olabileceğiniz parolaları kurtarmanız
### E-Posta
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/tr/basics/common-misconceptions.md b/i18n/tr/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/tr/basics/common-misconceptions.md
+++ b/i18n/tr/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/tr/basics/common-threats.md b/i18n/tr/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/tr/basics/common-threats.md
+++ b/i18n/tr/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/tr/basics/email-security.md b/i18n/tr/basics/email-security.md
index d6128da8..3b39cb16 100644
--- a/i18n/tr/basics/email-security.md
+++ b/i18n/tr/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/tr/basics/hardware.md b/i18n/tr/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/tr/basics/hardware.md
+++ b/i18n/tr/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/tr/basics/multi-factor-authentication.md b/i18n/tr/basics/multi-factor-authentication.md
index ad3bacfe..d016a90d 100644
--- a/i18n/tr/basics/multi-factor-authentication.md
+++ b/i18n/tr/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Çok Faktörlü Kimlik Doğrulama"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/tr/basics/passwords-overview.md b/i18n/tr/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/tr/basics/passwords-overview.md
+++ b/i18n/tr/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/tr/basics/threat-modeling.md b/i18n/tr/basics/threat-modeling.md
index 53d77ba1..0d30c358 100644
--- a/i18n/tr/basics/threat-modeling.md
+++ b/i18n/tr/basics/threat-modeling.md
@@ -35,7 +35,7 @@ Bir “varlık” değer verdiğiniz ve korumak istediğiniz bir şeydir. In the
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Listeniz bireyleri, bir devlet kurumunu veya şirketleri içerebilir.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Listeniz bireyleri, bir devlet kurumunu veya şirketleri içerebilir.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/tr/browser-extensions.md b/i18n/tr/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/tr/browser-extensions.md
+++ b/i18n/tr/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/tr/calendar.md b/i18n/tr/calendar.md
index fc173e0e..6a9e8553 100644
--- a/i18n/tr/calendar.md
+++ b/i18n/tr/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/tr/cloud.md b/i18n/tr/cloud.md
index ce441ddf..cf850128 100644
--- a/i18n/tr/cloud.md
+++ b/i18n/tr/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/tr/cryptocurrency.md b/i18n/tr/cryptocurrency.md
index 38dfa7c2..d1e385f6 100644
--- a/i18n/tr/cryptocurrency.md
+++ b/i18n/tr/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/tr/data-broker-removals.md b/i18n/tr/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/tr/data-broker-removals.md
+++ b/i18n/tr/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/tr/desktop-browsers.md b/i18n/tr/desktop-browsers.md
index dd98d493..3a989fa3 100644
--- a/i18n/tr/desktop-browsers.md
+++ b/i18n/tr/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### HTTPS üzerinden DNS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/tr/desktop.md b/i18n/tr/desktop.md
index d79a1fe8..3a7d0091 100644
--- a/i18n/tr/desktop.md
+++ b/i18n/tr/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/tr/device-integrity.md b/i18n/tr/device-integrity.md
index 4430f650..86677ad2 100644
--- a/i18n/tr/device-integrity.md
+++ b/i18n/tr/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- Bir işletme veya kamu cihazı tehlikeye girerse: işletmenizdeki, departmanınızdaki veya kurumunuzdaki uygun güvenlik sorumlusu
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/tr/dns.md b/i18n/tr/dns.md
index 1361d19b..d2dc7b48 100644
--- a/i18n/tr/dns.md
+++ b/i18n/tr/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/tr/document-collaboration.md b/i18n/tr/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/tr/document-collaboration.md
+++ b/i18n/tr/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/tr/email-aliasing.md b/i18n/tr/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/tr/email-aliasing.md
+++ b/i18n/tr/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/tr/email.md b/i18n/tr/email.md
index 64305bca..81c1cc0a 100644
--- a/i18n/tr/email.md
+++ b/i18n/tr/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** gizlilik, şifreleme, güvenlik ve kullanım kolaylığına odaklanan bir e-posta hizmetidir. They have been in operation since 2013. Proton AG'nin merkezi İsviçre'nin Cenevre kentindedir. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** gizlilik, şifreleme, güvenlik ve kullanım kolaylığına odaklanan bir e-posta hizmetidir. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Hesap Güvenliği
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Veri Güvenliği
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail dijital miras özelliği sunmuyor.
@@ -127,7 +127,7 @@ Proton Mail dijital miras özelliği sunmuyor.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Gizli Ödeme Yöntemleri
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Hesap Güvenliği
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Hesap Güvenliği
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Veri Güvenliği
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/tr/encryption.md b/i18n/tr/encryption.md
index 1a36d548..0a6d75a3 100644
--- a/i18n/tr/encryption.md
+++ b/i18n/tr/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/tr/file-sharing.md b/i18n/tr/file-sharing.md
index a8780463..6e992025 100644
--- a/i18n/tr/file-sharing.md
+++ b/i18n/tr/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## Dosya Paylaşımı
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/tr/frontends.md b/i18n/tr/frontends.md
index 9e83fe5e..b4b5d0c4 100644
--- a/i18n/tr/frontends.md
+++ b/i18n/tr/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/tr/index.md b/i18n/tr/index.md
index b2a02d9a..007ac68b 100644
--- a/i18n/tr/index.md
+++ b/i18n/tr/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG'nin merkezi İsviçre'nin Cenevre kentindedir. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/tr/meta/brand.md b/i18n/tr/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/tr/meta/brand.md
+++ b/i18n/tr/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/tr/meta/translations.md b/i18n/tr/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/tr/meta/translations.md
+++ b/i18n/tr/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/tr/meta/uploading-images.md b/i18n/tr/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/tr/meta/uploading-images.md
+++ b/i18n/tr/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/tr/meta/writing-style.md b/i18n/tr/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/tr/meta/writing-style.md
+++ b/i18n/tr/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/tr/mobile-browsers.md b/i18n/tr/mobile-browsers.md
index 4f639275..55a0fb40 100644
--- a/i18n/tr/mobile-browsers.md
+++ b/i18n/tr/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/tr/multi-factor-authentication.md b/i18n/tr/multi-factor-authentication.md
index 3307efa3..c8ca78d9 100644
--- a/i18n/tr/multi-factor-authentication.md
+++ b/i18n/tr/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Çok Faktörlü Kimlik Doğrulama"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/tr/notebooks.md b/i18n/tr/notebooks.md
index 70cc3157..ca08f071 100644
--- a/i18n/tr/notebooks.md
+++ b/i18n/tr/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/tr/os/android-overview.md b/i18n/tr/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/tr/os/android-overview.md
+++ b/i18n/tr/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/tr/os/ios-overview.md b/i18n/tr/os/ios-overview.md
index 41f143d9..55170c6e 100644
--- a/i18n/tr/os/ios-overview.md
+++ b/i18n/tr/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/tr/os/linux-overview.md b/i18n/tr/os/linux-overview.md
index 4a38ed81..49ad62a7 100644
--- a/i18n/tr/os/linux-overview.md
+++ b/i18n/tr/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/tr/os/macos-overview.md b/i18n/tr/os/macos-overview.md
index 5838699e..61bbbd12 100644
--- a/i18n/tr/os/macos-overview.md
+++ b/i18n/tr/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Kaynaklar
diff --git a/i18n/tr/os/windows/group-policies.md b/i18n/tr/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/tr/os/windows/group-policies.md
+++ b/i18n/tr/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/tr/os/windows/index.md b/i18n/tr/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/tr/os/windows/index.md
+++ b/i18n/tr/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/tr/passwords.md b/i18n/tr/passwords.md
index db7105a3..e0d0832a 100644
--- a/i18n/tr/passwords.md
+++ b/i18n/tr/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/tr/photo-management.md b/i18n/tr/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/tr/photo-management.md
+++ b/i18n/tr/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/tr/real-time-communication.md b/i18n/tr/real-time-communication.md
index 037fde0b..6e77799b 100644
--- a/i18n/tr/real-time-communication.md
+++ b/i18n/tr/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/tr/router.md b/i18n/tr/router.md
index 949e98df..bf416659 100644
--- a/i18n/tr/router.md
+++ b/i18n/tr/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** Linux kernelini temel alan, gömülü cihazlarda ağ trafiğini yönlendirmek için kullanılan bir işletim sistemidir. (Gömülü bir işletim sistemi de denebilir.). Ana bileşenler Linux kerneli, util - linux, uClibc ve BusyBox'tur. Tüm bileşenler, ev yönlendiricilerinde bulunan sınırlı depolama ve belleğe sığacak kadar küçük olacak şekilde optimize edilmiştir.
+**OpenWrt** Linux kernelini temel alan, gömülü cihazlarda ağ trafiğini yönlendirmek için kullanılan bir işletim sistemidir. (Gömülü bir işletim sistemi de denebilir.). Ana bileşenler Linux kerneli, util - linux, uClibc ve BusyBox'tur. All the components have been optimized for home routers.
[:octicons-home-16: Anasayfa](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/tr/security-keys.md b/i18n/tr/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/tr/security-keys.md
+++ b/i18n/tr/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/tr/tools.md b/i18n/tr/tools.md
index 2e6878b2..5ad5a8e7 100644
--- a/i18n/tr/tools.md
+++ b/i18n/tr/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG'nin merkezi İsviçre'nin Cenevre kentindedir. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/tr/tor.md b/i18n/tr/tor.md
index 7a7e4b51..a0dea6a6 100644
--- a/i18n/tr/tor.md
+++ b/i18n/tr/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Tarayıcı
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/tr/vpn.md b/i18n/tr/vpn.md
index 3ac37dc7..f3fdfa8a 100644
--- a/i18n/tr/vpn.md
+++ b/i18n/tr/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -98,11 +98,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -112,11 +112,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -182,7 +182,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -190,7 +190,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -198,7 +198,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -259,7 +259,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -285,19 +285,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -315,11 +315,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -357,7 +357,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/uk/about.md b/i18n/uk/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/uk/about.md
+++ b/i18n/uk/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/uk/about/contributors.md b/i18n/uk/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/uk/about/contributors.md
+++ b/i18n/uk/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/uk/about/criteria.md b/i18n/uk/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/uk/about/criteria.md
+++ b/i18n/uk/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/uk/about/executive-policy.md b/i18n/uk/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/uk/about/executive-policy.md
+++ b/i18n/uk/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/uk/about/notices.md b/i18n/uk/about/notices.md
index 21a6eb90..e397e9ab 100644
--- a/i18n/uk/about/notices.md
+++ b/i18n/uk/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Ми вважаємо, що логотипи та інші зображення в `assets`, отримані від сторонніх постачальників, є або суспільним надбанням, або **добросовісним використанням**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Однак ці логотипи та інші зображення все ще можуть підпадати під дію законів про товарні знаки в одній або декількох юрисдикціях. Перед використанням цього контенту, будь ласка, переконайтеся, що він використовується для ідентифікації юридичної особи або організації, якій належить товарний знак, і що у вас є право використовувати його відповідно до законів, які застосовуються в обставинах вашого передбачуваного використання. *Копіюючи вміст з цього вебсайту, ви несете повну відповідальність за те, щоб не порушувати чужу торгову марку або авторські права.*
+Ми вважаємо, що логотипи та інші зображення в `assets`, отримані від сторонніх постачальників, є або суспільним надбанням, або **добросовісним використанням**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Однак ці логотипи та інші зображення все ще можуть підпадати під дію законів про товарні знаки в одній або декількох юрисдикціях. Перед використанням цього контенту, будь ласка, переконайтеся, що він використовується для ідентифікації юридичної особи або організації, якій належить товарний знак, і що у вас є право використовувати його відповідно до законів, які застосовуються в обставинах вашого передбачуваного використання. *Копіюючи вміст з цього вебсайту, ви несете повну відповідальність за те, щоб не порушувати чужу торгову марку або авторські права.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/uk/about/privacytools.md b/i18n/uk/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/uk/about/privacytools.md
+++ b/i18n/uk/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/uk/about/statistics.md b/i18n/uk/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/uk/about/statistics.md
+++ b/i18n/uk/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/uk/advanced/communication-network-types.md b/i18n/uk/advanced/communication-network-types.md
index 29e535e6..27237fd1 100644
--- a/i18n/uk/advanced/communication-network-types.md
+++ b/i18n/uk/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/uk/advanced/dns-overview.md b/i18n/uk/advanced/dns-overview.md
index d4d5e5c9..baf745cf 100644
--- a/i18n/uk/advanced/dns-overview.md
+++ b/i18n/uk/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/uk/advanced/tor-overview.md b/i18n/uk/advanced/tor-overview.md
index 7f0df9eb..0d4eba4b 100644
--- a/i18n/uk/advanced/tor-overview.md
+++ b/i18n/uk/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/uk/ai-chat.md b/i18n/uk/ai-chat.md
index af64bd7d..8034bbf5 100644
--- a/i18n/uk/ai-chat.md
+++ b/i18n/uk/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Criteria
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/uk/alternative-networks.md b/i18n/uk/alternative-networks.md
index ea5b425e..77dfd2c0 100644
--- a/i18n/uk/alternative-networks.md
+++ b/i18n/uk/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/uk/android/general-apps.md b/i18n/uk/android/general-apps.md
index 04919076..b97efed5 100644
--- a/i18n/uk/android/general-apps.md
+++ b/i18n/uk/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/uk/basics/account-creation.md b/i18n/uk/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/uk/basics/account-creation.md
+++ b/i18n/uk/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/uk/basics/account-deletion.md b/i18n/uk/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/uk/basics/account-deletion.md
+++ b/i18n/uk/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/uk/basics/common-misconceptions.md b/i18n/uk/basics/common-misconceptions.md
index 4314348b..18437225 100644
--- a/i18n/uk/basics/common-misconceptions.md
+++ b/i18n/uk/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## "Складніше — краще"
-Ми часто бачимо, як люди описують надто складні моделі загроз конфіденційності. Часто ці рішення включають в себе такі проблеми, як багато різних облікових записів електронної пошти або складні налаштування з великою кількістю рухомих частин і умов. Відповіді зазвичай відповідають на питання: «Який найкращий спосіб зробити *X*?»
+Ми часто бачимо, як люди описують надто складні моделі загроз конфіденційності. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. Відповіді зазвичай відповідають на питання: «Який найкращий спосіб зробити *X*?»
Пошук "найкращого" рішення для себе не обов'язково означає, що ви шукаєте безпомилкове рішення з десятками умов — з такими рішеннями часто важко працювати на практиці. Як ми обговорювали раніше, безпека часто приходить за рахунок зручності. Нижче ми надаємо кілька порад:
1. ==Дії повинні служити певній меті:== подумайте, як зробити те, що ви хочете, з найменшою кількістю дій.
2. ==Усунення точок людських помилок:== ми зазнаємо невдач, втомлюємося і забуваємо про щось. Щоб підтримувати безпеку, уникайте покладатися на ручні умови та процеси, які вам потрібно запам'ятати.
-3. ==Використовуйте правильний рівень захисту для того, що ви плануєте.== ми часто зустрічаємо рекомендації щодо так званих рішень, захищених від правоохоронних органів або повісток до суду. Вони часто вимагають спеціальних знань і, як правило, не є тим, чого хочуть люди. Немає сенсу будувати складну модель загроз для анонімності, якщо вас можна легко деанонімізувати за допомогою простого нагляду.
+3. ==Використовуйте правильний рівень захисту для того, що ви плануєте.== ми часто зустрічаємо рекомендації щодо так званих рішень, захищених від правоохоронних органів або повісток до суду. Вони часто вимагають спеціальних знань і, як правило, не є тим, чого хочуть люди. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
Отже, як це може виглядати?
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/uk/basics/common-threats.md b/i18n/uk/basics/common-threats.md
index 625d2b03..5962f2b1 100644
--- a/i18n/uk/basics/common-threats.md
+++ b/i18n/uk/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Ваша модель загроз є особистою, але це деякі з речей, які хвилюють багатьох відвідувачів цього сайту.
---
-Загалом, ми класифікуємо наші рекомендації на [загрози](threat-modeling.md) або цілі, які стосуються більшості людей. ==Ви можете бути зацікавлені в жодній, одній, кількох або всіх цих можливостях==, і інструменти та сервіси, які ви використовуєте, залежать від того, які цілі ви ставите перед собою. Ви також можете мати специфічні загрози поза цими категоріями, і це цілком нормально! Важливою частиною є розуміння переваг і недоліків інструментів, які ви обираєте, оскільки практично жоден з них не захистить вас від усіх можливих загроз.
+Загалом, ми класифікуємо наші рекомендації на [загрози](threat-modeling.md) або цілі, які стосуються більшості людей. ==Ви можете бути зацікавлені в жодній, одній, кількох або всіх цих можливостях==, і інструменти та сервіси, які ви використовуєте, залежать від того, які цілі ви ставите перед собою. You may have specific threats outside these categories as well, which is perfectly fine! Важливою частиною є розуміння переваг і недоліків інструментів, які ви обираєте, оскільки практично жоден з них не захистить вас від усіх можливих загроз.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Avoiding censored access to information or being censored yourself when speaking
Мобільні операційні системи зазвичай мають кращу ізоляцію додатків, ніж операційні системи для ПК: програми не можуть отримати root-доступ і потребують дозволу для доступу до системних ресурсів.
-Десктопні операційні системи зазвичай відстають у створенні належної ізоляції. ChromeOS має схожі можливості ізоляції з Android, а macOS має повний контроль прав у системі (і розробники можуть ввімкнути ізоляцію додатків). Однак ці операційні системи передають ідентифікаційну інформацію відповідним виробникам обладнання. Linux, як правило, не надає інформацію постачальникам систем, але має слабкий захист від експлойтів та шкідливих програм. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Десктопні операційні системи зазвичай відстають у створенні належної ізоляції. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). Однак ці операційні системи передають ідентифікаційну інформацію відповідним виробникам обладнання. Linux, як правило, не надає інформацію постачальникам систем, але має слабкий захист від експлойтів та шкідливих програм. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
-Навіть з E2EE постачальники послуг все ще можуть профілювати вас на основі **метаданих**, які, як правило, не захищені. Хоча провайдер не може читати ваші повідомлення, він може спостерігати за важливими речами, наприклад, за тим, з ким ви розмовляєте, як часто ви надсилаєте їм повідомлення і коли ви зазвичай активні. Захист метаданих є досить рідкісним явищем, і — якщо це входить до вашої [моделі загроз](threat-modeling.md) — вам слід звернути пильну увагу на технічну документацію програмного забезпечення, яке ви використовуєте, щоб дізнатися, чи передбачено мінімізацію або захист метаданих взагалі.
+Навіть з E2EE постачальники послуг все ще можуть профілювати вас на основі **метаданих**, які, як правило, не захищені. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Захист метаданих є досить рідкісним явищем, і — якщо це входить до вашої [моделі загроз](threat-modeling.md) — вам слід звернути пильну увагу на технічну документацію програмного забезпечення, яке ви використовуєте, щоб дізнатися, чи передбачено мінімізацію або захист метаданих взагалі.
## Програми масового спостереження
@@ -156,7 +156,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
Для багатьох людей відстеження та нагляд з боку приватних корпорацій викликає дедалі більше занепокоєння. Повсюдні рекламні мережі, такі як Google і Facebook, охоплюють Інтернет далеко за межами сайтів, які вони контролюють, відстежуючи ваші дії по дорозі. Використання таких інструментів, як блокувальники контенту для обмеження мережевих запитів до їх серверів, а також ознайомлення з політикою конфіденційності сервісів, якими ви користуєтеся, може допомогти вам уникнути багатьох основних загроз (хоча повністю запобігти відстеженню не вдасться).[^4]
-Крім того, навіть компанії, що не належать до *AdTech* або трекінгової індустрії, можуть ділитися вашою інформацією з [брокерами даних](https://en.wikipedia.org/wiki/Data_broker) (такими як Cambridge Analytica, Experian або Datalogix) або іншими сторонами. Ви не можете автоматично вважати, що ваші дані в безпеці лише тому, що сервіс, яким ви користуєтеся, не підпадає під типову бізнес-модель рекламних технологій або трекінгу. Найсильнішим захистом від корпоративного збору даних є шифрування або обфускація ваших даних, коли це можливо, що ускладнює різним провайдерам співвіднесення даних один з одним і створення профілю вашої особистості.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. Ви не можете автоматично вважати, що ваші дані в безпеці лише тому, що сервіс, яким ви користуєтеся, не підпадає під типову бізнес-модель рекламних технологій або трекінгу. Найсильнішим захистом від корпоративного збору даних є шифрування або обфускація ваших даних, коли це можливо, що ускладнює різним провайдерам співвіднесення даних один з одним і створення профілю вашої особистості.
## Обмеження публічно доступної інформації
diff --git a/i18n/uk/basics/email-security.md b/i18n/uk/basics/email-security.md
index 155b18e4..29da3d08 100644
--- a/i18n/uk/basics/email-security.md
+++ b/i18n/uk/basics/email-security.md
@@ -29,13 +29,13 @@ description: Електронна пошта за своєю природою є
### Які поштові клієнти підтримують E2EE?
-Провайдери електронної пошти, які дозволяють використовувати стандартні протоколи, такі як IMAP та SMTP, можна використовувати з будь-яким з [рекомендованими поштовими клієнтами](../email-clients.md). Залежно від методу автентифікації, це може призвести до зниження безпеки, якщо провайдер або поштовий клієнт не підтримує OATH або додаток-міст, оскільки багатофакторна автентифікація [](multi-factor-authentication.md) неможлива з автентифікацією за допомогою простого пароля.
+Провайдери електронної пошти, які дозволяють використовувати стандартні протоколи, такі як IMAP та SMTP, можна використовувати з будь-яким з [рекомендованими поштовими клієнтами](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### Як захистити свої приватні ключі?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. Потім повідомлення розшифровується смарткартою, і розшифрований вміст надсилається назад на пристрій.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-Для уникнення можливого потрапляння вашого приватного ключа на скомпрометований пристрій бажано, щоб розшифрування відбувалося на смарткарті.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Огляд метаданих електронної пошти
@@ -49,4 +49,4 @@ A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/36001379
### Чому метадані не можуть бути E2EE?
-Метадані електронної пошти мають вирішальне значення для базової функціональності електронної пошти (звідки вона прийшла і куди має надійти). Спочатку E2EE не був вбудований в протоколи електронної пошти, натомість вимагав додаткового програмного забезпечення, такого як OpenPGP. Оскільки повідомлення OpenPGP все ще мають працювати з традиційними поштовими провайдерами, він не може шифрувати метадані електронної пошти, лише саме тіло повідомлення. Це означає, що навіть при використанні OpenPGP сторонні спостерігачі можуть бачити багато інформації про ваші повідомлення, наприклад, кому ви пишете, тему листа, час відправлення тощо.
+Метадані електронної пошти мають вирішальне значення для базової функціональності електронної пошти (звідки вона прийшла і куди має надійти). Спочатку E2EE не був вбудований в протоколи електронної пошти, натомість вимагав додаткового програмного забезпечення, такого як OpenPGP. Оскільки повідомлення OpenPGP все ще мають працювати з традиційними поштовими провайдерами, він не може шифрувати метадані електронної пошти, лише саме тіло повідомлення. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/uk/basics/hardware.md b/i18n/uk/basics/hardware.md
index 18c6dae5..95842807 100644
--- a/i18n/uk/basics/hardware.md
+++ b/i18n/uk/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/uk/basics/multi-factor-authentication.md b/i18n/uk/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/uk/basics/multi-factor-authentication.md
+++ b/i18n/uk/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/uk/basics/passwords-overview.md b/i18n/uk/basics/passwords-overview.md
index 381682f7..bd5609b8 100644
--- a/i18n/uk/basics/passwords-overview.md
+++ b/i18n/uk/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: These are some tips and tricks on how to create the strongest passw
Вам слід уникати занадто частої зміни паролів, які ви повинні пам'ятати (наприклад, головний пароль вашого менеджера паролів), якщо тільки у вас немає підстав вважати, що він був скомпрометований, оскільки занадто часта зміна пароля наражає вас на ризик його забути.
-Що стосується паролів, які вам не потрібно запам'ятовувати (наприклад, паролі, що зберігаються у вашому менеджері паролів), якщо цього вимагає ваша [модель загроз](threat-modeling.md), ми рекомендуємо переглядати важливі акаунти (особливо ті, що не використовують багатофакторну автентифікацію) і змінювати їхні паролі кожні два місяці, на випадок, якщо вони були скомпрометовані в результаті витоку даних, який ще не став публічним. Більшість менеджерів паролів дозволяють встановити дату закінчення терміну дії пароля, щоб полегшити керування ним.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Більшість менеджерів паролів дозволяють встановити дату закінчення терміну дії пароля, щоб полегшити керування ним.
Checking for data breaches
@@ -54,13 +54,13 @@ description: These are some tips and tricks on how to create the strongest passw
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Інші словники можуть вимагати більшої або меншої кількості кидків на слово, а також іншої кількості слів для досягнення тієї ж самої ентропії.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Киньте шестигранний кубик п'ять разів, записуючи число після кожного кидка.
-2. Для прикладу, припустимо, що ви викинули `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. Для прикладу, припустимо, що ви викинули `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. Ви знайдете слово `encrypt`. Запишіть це слово.
@@ -75,25 +75,25 @@ These instructions assume that you are using [EFF's large wordlist](https://eff.
Якщо у вас немає доступу до справжніх гральних кубиків або ви не хочете використовувати їх, ви можете скористатися вбудованим генератором паролів вашого менеджера паролів, оскільки більшість з них мають можливість генерувати парольні фрази на додачу до звичайних паролів.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. Існують також [інші списки слів різними мовами](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), якщо ви не хочете, щоб ваша парольна фраза була англійською.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
В середньому, щоб вгадати вашу фразу, потрібно спробувати 50% всіх можливих комбінацій. Враховуючи це, навіть якщо ваш супротивник здатний робити ~1 000 000 000 000 000 спроб за секунду, йому все одно знадобиться ~27 255 689 років, щоб вгадати вашу парольну фразу. Це так, навіть якщо чинні наступні умови:
- Ваш супротивник знає, що ви використовували парольну фразу.
-- Ваш супротивник знає конкретний список слів, який ви використовували.
+- Your adversary knows the specific word list that you used.
- Ваш супротивник знає, скільки слів містить ваша парольна фраза.
@@ -113,7 +113,7 @@ Let's put all of this in perspective: A seven word passphrase using [EFF's large
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Зберігання токенів TOTP в одному місці з паролями хоч і зручно, але зводить облікові записи до одного фактору в разі, якщо зловмисник отримає доступ до вашого менеджера паролів.
diff --git a/i18n/uk/basics/threat-modeling.md b/i18n/uk/basics/threat-modeling.md
index 0e027487..5176c2f6 100644
--- a/i18n/uk/basics/threat-modeling.md
+++ b/i18n/uk/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: Баланс між безпекою, конфіденційніс
Щоб відповісти на це питання, важливо визначити, хто може захотіти отримати доступ до вас або вашої інформації. ==Фізична або юридична особа, яка становить загрозу для ваших активів, є "супротивником". Прикладами потенційних супротивників є ваш начальник, колишній партнер, бізнес-конкуренти, уряд або хакер у публічній мережі.
-*Складіть список ваших супротивників або тих, хто може захотіти заволодіти вашими активами. Ваш список може включати фізичних осіб, державні установи або корпорації.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Ваш список може включати фізичних осіб, державні установи або корпорації.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/uk/browser-extensions.md b/i18n/uk/browser-extensions.md
index 611904fc..7e13f070 100644
--- a/i18n/uk/browser-extensions.md
+++ b/i18n/uk/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/uk/calendar.md b/i18n/uk/calendar.md
index 3b3a8b75..58433b07 100644
--- a/i18n/uk/calendar.md
+++ b/i18n/uk/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
Multiple calendars and extended sharing functionality is limited to paid subscribers.
diff --git a/i18n/uk/cloud.md b/i18n/uk/cloud.md
index 9a4fd674..58717778 100644
--- a/i18n/uk/cloud.md
+++ b/i18n/uk/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/uk/cryptocurrency.md b/i18n/uk/cryptocurrency.md
index 81686f9d..59d3b44d 100644
--- a/i18n/uk/cryptocurrency.md
+++ b/i18n/uk/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/uk/data-broker-removals.md b/i18n/uk/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/uk/data-broker-removals.md
+++ b/i18n/uk/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/uk/desktop-browsers.md b/i18n/uk/desktop-browsers.md
index bc34becc..da84a8cf 100644
--- a/i18n/uk/desktop-browsers.md
+++ b/i18n/uk/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS через HTTPS (DNS over HTTPS)
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/uk/desktop.md b/i18n/uk/desktop.md
index 72975119..68af3cab 100644
--- a/i18n/uk/desktop.md
+++ b/i18n/uk/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/uk/device-integrity.md b/i18n/uk/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/uk/device-integrity.md
+++ b/i18n/uk/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/uk/dns.md b/i18n/uk/dns.md
index 9f95bf91..adb529be 100644
--- a/i18n/uk/dns.md
+++ b/i18n/uk/dns.md
@@ -75,7 +75,7 @@ AdGuard Home має відшліфований веб-інтерфейс для
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/uk/document-collaboration.md b/i18n/uk/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/uk/document-collaboration.md
+++ b/i18n/uk/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/uk/email-aliasing.md b/i18n/uk/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/uk/email-aliasing.md
+++ b/i18n/uk/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/uk/email.md b/i18n/uk/email.md
index ab58a589..c86e5d5b 100644
--- a/i18n/uk/email.md
+++ b/i18n/uk/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail — це поштовий сервіс з акцентом на конфіденційності, шифруванні, безпеці та простоті використання. They have been in operation since 2013. Компанія Proton AG базується в Женеві, Швейцарія. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail — це поштовий сервіс з акцентом на конфіденційності, шифруванні, безпеці та простоті використання. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [приймає](https://proton.me/support/payment-options) готі
#### :material-check:{ .pg-green } Безпека облікового запису
-Proton Mail підтримує [двофакторну автентифікацію за допомогою TOTP](https://proton.me/support/two-factor-authentication-2fa) та [апаратні ключі безпеки](https://proton.me/support/2fa-security-key) за стандартами FIDO2 або U2F. Використання апаратного ключа безпеки вимагає попереднього налаштування двофакторної автентифікації за допомогою TOTP.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Безпека даних
@@ -117,7 +117,7 @@ Proton Mail also publishes the public keys of Proton accounts via HTTP from thei
#### :material-information-outline:{ .pg-blue } Додаткова функціональність
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail не пропонує функцію цифрової спадщини.
@@ -127,7 +127,7 @@ Proton Mail не пропонує функцію цифрової спадщин
{ align=right }
-**Mailbox.org** — це поштовий сервіс, який прагне бути безпечним, не містить реклами та працює на 100% екологічно чистій енергії. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** — це поштовий сервіс, який прагне бути безпечним, не містить реклами та працює на 100% екологічно чистій енергії. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Конфіденційні способи оплати
-Mailbox.org не приймає жодних криптовалют, оскільки їхній платіжний процесор BitPay призупинив роботу в Німеччині. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org не приймає жодних криптовалют, оскільки їхній платіжний процесор BitPay призупинив роботу в Німеччині. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Безпека облікового запису
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Веб-стандарти, такі як [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) на цей момент не підтримуються.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Веб-стандарти, такі як [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) на цей момент не підтримуються.
#### :material-information-outline:{ .pg-blue } Безпека даних
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Додаткова функціональність
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). Однак їхній інтерфейс електронної пошти не може бути доступний через сервіс .onion, і у вас можуть виникати помилки TLS сертифіката.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org також підтримує [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) на додаток до стандартних протоколів доступу, таких як IMAP і POP3.
@@ -195,7 +195,7 @@ Mailbox.org має функцію цифрової спадщини для вс
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Конфіденційні способи оплати
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Безпека облікового запису
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Безпека даних
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/uk/encryption.md b/i18n/uk/encryption.md
index 396bce0a..d6efdbf4 100644
--- a/i18n/uk/encryption.md
+++ b/i18n/uk/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/uk/file-sharing.md b/i18n/uk/file-sharing.md
index 8537d18a..7b358366 100644
--- a/i18n/uk/file-sharing.md
+++ b/i18n/uk/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/uk/frontends.md b/i18n/uk/frontends.md
index 566cbf69..542737b1 100644
--- a/i18n/uk/frontends.md
+++ b/i18n/uk/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/uk/index.md b/i18n/uk/index.md
index 9f4bdbc8..64c3005a 100644
--- a/i18n/uk/index.md
+++ b/i18n/uk/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Компанія Proton AG базується в Женеві, Швейцарія. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/uk/meta/brand.md b/i18n/uk/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/uk/meta/brand.md
+++ b/i18n/uk/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/uk/meta/translations.md b/i18n/uk/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/uk/meta/translations.md
+++ b/i18n/uk/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/uk/meta/uploading-images.md b/i18n/uk/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/uk/meta/uploading-images.md
+++ b/i18n/uk/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/uk/meta/writing-style.md b/i18n/uk/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/uk/meta/writing-style.md
+++ b/i18n/uk/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/uk/mobile-browsers.md b/i18n/uk/mobile-browsers.md
index e69d2aa0..02c83134 100644
--- a/i18n/uk/mobile-browsers.md
+++ b/i18n/uk/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/uk/multi-factor-authentication.md b/i18n/uk/multi-factor-authentication.md
index a4887751..c8d93989 100644
--- a/i18n/uk/multi-factor-authentication.md
+++ b/i18n/uk/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/uk/notebooks.md b/i18n/uk/notebooks.md
index 75cede65..fba5d270 100644
--- a/i18n/uk/notebooks.md
+++ b/i18n/uk/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Постачальники послуг](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/uk/os/android-overview.md b/i18n/uk/os/android-overview.md
index 490d6c40..a0655863 100644
--- a/i18n/uk/os/android-overview.md
+++ b/i18n/uk/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. Ця функція може запобігти витоку, якщо VPN відключений. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Android 7 and above supports a VPN kill switch, and it is available without the
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. Ми як і раніше рекомендуємо повністю уникати сервісів Google або обмежити сервіси Google Play профілем користувача/робочим профілем, об'єднавши контролер пристрою, такий як *Shelter* з ізольованим Google Play від GrapheneOS.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Програма додаткового захисту
diff --git a/i18n/uk/os/ios-overview.md b/i18n/uk/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/uk/os/ios-overview.md
+++ b/i18n/uk/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/uk/os/linux-overview.md b/i18n/uk/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/uk/os/linux-overview.md
+++ b/i18n/uk/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/uk/os/macos-overview.md b/i18n/uk/os/macos-overview.md
index 074b8056..2826ff06 100644
--- a/i18n/uk/os/macos-overview.md
+++ b/i18n/uk/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Джерела
diff --git a/i18n/uk/os/windows/group-policies.md b/i18n/uk/os/windows/group-policies.md
index 97d2bc6d..faac8ed6 100644
--- a/i18n/uk/os/windows/group-policies.md
+++ b/i18n/uk/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/uk/os/windows/index.md b/i18n/uk/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/uk/os/windows/index.md
+++ b/i18n/uk/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/uk/passwords.md b/i18n/uk/passwords.md
index fe0c4f5f..543aa898 100644
--- a/i18n/uk/passwords.md
+++ b/i18n/uk/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/uk/photo-management.md b/i18n/uk/photo-management.md
index c526c59a..d7447180 100644
--- a/i18n/uk/photo-management.md
+++ b/i18n/uk/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/uk/real-time-communication.md b/i18n/uk/real-time-communication.md
index d87ba810..85478c04 100644
--- a/i18n/uk/real-time-communication.md
+++ b/i18n/uk/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/uk/router.md b/i18n/uk/router.md
index a4a9c929..5c7a430e 100644
--- a/i18n/uk/router.md
+++ b/i18n/uk/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** - це операційна система (зокрема, вбудована операційна система), заснована на ядрі Linux, яка в основному використовується на вбудованих пристроях для маршрутизації мережевого трафіку. Основними компонентами є ядро Linux, util-linux, uClibc, та BusyBox. Всі компоненти були оптимізовані за розміром, щоб бути досить маленькими для розміщення в обмеженому сховищі і пам'яті, доступних в домашніх маршрутизаторах.
+**OpenWrt** - це операційна система (зокрема, вбудована операційна система), заснована на ядрі Linux, яка в основному використовується на вбудованих пристроях для маршрутизації мережевого трафіку. Основними компонентами є ядро Linux, util-linux, uClibc, та BusyBox. All the components have been optimized for home routers.
[Homepage](https://openwrt.org){ .md-button .md-button--primary }
diff --git a/i18n/uk/security-keys.md b/i18n/uk/security-keys.md
index 2acec8c8..23e55cfa 100644
--- a/i18n/uk/security-keys.md
+++ b/i18n/uk/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/uk/tools.md b/i18n/uk/tools.md
index cbd143c8..f78e43e2 100644
--- a/i18n/uk/tools.md
+++ b/i18n/uk/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Компанія Proton AG базується в Женеві, Швейцарія. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Вони працюють з 2014 року. Mailbox.org базується в Берліні, Німеччина. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/uk/tor.md b/i18n/uk/tor.md
index 521a3c78..eb17e4ca 100644
--- a/i18n/uk/tor.md
+++ b/i18n/uk/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot може спрямовувати через проксі окремі програми, якщо вони підтримують SOCKS або HTTP-проксі. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot може спрямовувати через проксі окремі програми, якщо вони підтримують SOCKS або HTTP-проксі. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot часто застаріває в [F-Droid репозиторії](https://guardianproject.info/fdroid) Guardian Project та [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) Guardian Project, тому краще завантажуйте безпосередньо з [GitHub репозиторію](https://github.com/guardianproject/orbot/releases).
-Всі версії підписуються одним і тим же підписом, тому вони повинні бути сумісні одна з одною.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/uk/vpn.md b/i18n/uk/vpn.md
index b9a51d33..2245f3c5 100644
--- a/i18n/uk/vpn.md
+++ b/i18n/uk/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/vi/about.md b/i18n/vi/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/vi/about.md
+++ b/i18n/vi/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/vi/about/contributors.md b/i18n/vi/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/vi/about/contributors.md
+++ b/i18n/vi/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/vi/about/criteria.md b/i18n/vi/about/criteria.md
index dd2e228d..d8f08fc7 100644
--- a/i18n/vi/about/criteria.md
+++ b/i18n/vi/about/criteria.md
@@ -24,7 +24,7 @@ We have these requirements in regard to developers which wish to submit their pr
- Must disclose affiliation, i.e. your position within the project being submitted.
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.
- Must explain what the project brings to the table in regard to privacy.
diff --git a/i18n/vi/about/executive-policy.md b/i18n/vi/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/vi/about/executive-policy.md
+++ b/i18n/vi/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/vi/about/notices.md b/i18n/vi/about/notices.md
index 2cfc43f3..007c4e43 100644
--- a/i18n/vi/about/notices.md
+++ b/i18n/vi/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-Chúng tôi tin rằng các logo và hình ảnh khác trong `tài sản` thu được từ các nhà cung cấp bên thứ ba thuộc phạm vi công cộng hoặc **sử dụng hợp pháp**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. Tuy nhiên, các logo và hình ảnh khác này vẫn có thể tuân theo luật thương hiệu ở một hoặc nhiều khu vực pháp lý. Trước khi sử dụng nội dung này, vui lòng đảm bảo rằng nội dung được sử dụng để xác định thực thể hoặc tổ chức sở hữu thương hiệu và bạn có quyền sử dụng nội dung đó theo luật áp dụng trong trường hợp bạn dự định sử dụng. *Khi sao chép nội dung từ trang web này, bạn hoàn toàn chịu trách nhiệm đảm bảo rằng bạn không vi phạm thương hiệu hoặc bản quyền của người khác.*
+Chúng tôi tin rằng các logo và hình ảnh khác trong `tài sản` thu được từ các nhà cung cấp bên thứ ba thuộc phạm vi công cộng hoặc **sử dụng hợp pháp**. In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. Tuy nhiên, các logo và hình ảnh khác này vẫn có thể tuân theo luật thương hiệu ở một hoặc nhiều khu vực pháp lý. Trước khi sử dụng nội dung này, vui lòng đảm bảo rằng nội dung được sử dụng để xác định thực thể hoặc tổ chức sở hữu thương hiệu và bạn có quyền sử dụng nội dung đó theo luật áp dụng trong trường hợp bạn dự định sử dụng. *Khi sao chép nội dung từ trang web này, bạn hoàn toàn chịu trách nhiệm đảm bảo rằng bạn không vi phạm thương hiệu hoặc bản quyền của người khác.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/vi/about/privacytools.md b/i18n/vi/about/privacytools.md
index 0a6a564e..ae035f3d 100644
--- a/i18n/vi/about/privacytools.md
+++ b/i18n/vi/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## Control of r/privacytoolsIO
-Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
+Reddit requires that Subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
-- Posting announcements to our subreddit and various other communities informing people of the official change.
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
@@ -66,11 +66,11 @@ Roughly a week following the transition, BurungHantu returned online for the fir
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
-BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
@@ -80,7 +80,7 @@ As of September 25th 2022 we are seeing BurungHantu's overall plans come to frui
## r/privacytoolsIO Now
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
-For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
+For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/vi/about/statistics.md b/i18n/vi/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/vi/about/statistics.md
+++ b/i18n/vi/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/vi/advanced/communication-network-types.md b/i18n/vi/advanced/communication-network-types.md
index f6444ca4..129a5716 100644
--- a/i18n/vi/advanced/communication-network-types.md
+++ b/i18n/vi/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ When self-hosted, members of a federated server can discover and communicate wit
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
-- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**Disadvantages:**
@@ -60,7 +60,7 @@ When self-hosted, members of a federated server can discover and communicate wit
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
-Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
+Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
@@ -85,9 +85,9 @@ P2P networks do not use servers, as peers communicate directly between each othe
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
-There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
-Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**Advantages:**
diff --git a/i18n/vi/advanced/dns-overview.md b/i18n/vi/advanced/dns-overview.md
index 8457af4d..9c92b6a1 100644
--- a/i18n/vi/advanced/dns-overview.md
+++ b/i18n/vi/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
-The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
## What is DNS?
@@ -24,7 +24,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
=== "Linux, macOS"
@@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ In this example we will record what happens when we make a DoH request:
3. After making the request, we can stop the packet capture with CTRL + C.
-4. Analyse the results in Wireshark:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ When we do a DNS lookup, it's generally because we want to access a resource. Be
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
-This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
+This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
-Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
+Server Name Indication is typically used when an IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
-1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
+1. Start capturing again with `tshark`. We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
-Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
diff --git a/i18n/vi/advanced/tor-overview.md b/i18n/vi/advanced/tor-overview.md
index 876222c4..4c0bd4a0 100644
--- a/i18n/vi/advanced/tor-overview.md
+++ b/i18n/vi/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/vi/ai-chat.md b/i18n/vi/ai-chat.md
index ebd723de..e2d97d32 100644
--- a/i18n/vi/ai-chat.md
+++ b/i18n/vi/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
-Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4GB, and most models are larger than that.
+Mozilla has made llamafiles available for only some Llama and Mistral models, while there are few third-party llamafiles available. Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
To circumvent these issues, you can [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights).
@@ -163,7 +163,7 @@ To check the authenticity and safety of the model, look for:
- Matching checksums[^1]
- On Hugging Face, you can find the hash by clicking on a model file and looking for the **Copy SHA256** button below it. You should compare this checksum with the one from the model file you downloaded.
-A downloaded model is generally safe if it satisfies all of the above checks.
+A downloaded model is generally safe if it satisfies all the above checks.
## Framadate
@@ -175,14 +175,14 @@ Please note we are not affiliated with any of the projects we recommend. In addi
- Must not transmit personal data, including chat data.
- Must be multi-platform.
- Must not require a GPU.
-- Must have support for GPU-powered fast inference.
+- Must support GPU-powered fast inference.
- Must not require an internet connection.
### Best-Case
Our best-case criteria represent what we _would_ like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
-- Should be easy to download and set up, e.g. with a one-click install process.
+- Should be easy to download and set up, e.g. with a one-click installation process.
- Should have a built-in model downloader option.
- The user should be able to modify the LLM parameters, such as its system prompt or temperature.
diff --git a/i18n/vi/alternative-networks.md b/i18n/vi/alternative-networks.md
index 4c8a6e25..bc959181 100644
--- a/i18n/vi/alternative-networks.md
+++ b/i18n/vi/alternative-networks.md
@@ -68,7 +68,7 @@ You can enable Snowflake in your browser by opening it in another tab and turnin
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
-Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
### I2P (The Invisible Internet Project)
@@ -77,7 +77,7 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
{ align=right }
{ align=right }
-**I2P** is an network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
@@ -106,7 +106,7 @@ You can try connecting to _Privacy Guides_ via I2P at [privacyguides.i2p](http:/
-Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side-effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottlenecked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
+Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
diff --git a/i18n/vi/android/general-apps.md b/i18n/vi/android/general-apps.md
index 27a6e7b1..d5a7605e 100644
--- a/i18n/vi/android/general-apps.md
+++ b/i18n/vi/android/general-apps.md
@@ -95,7 +95,7 @@ Main privacy features include:
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/vi/basics/account-creation.md b/i18n/vi/basics/account-creation.md
index 22ef70db..0f45c8be 100644
--- a/i18n/vi/basics/account-creation.md
+++ b/i18n/vi/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
-Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
+Often people sign up for services without thinking. Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line.
There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer.
@@ -13,11 +13,11 @@ It can also be difficult to delete the accounts on some services. Sometimes [ove
## Terms of Service & Privacy Policy
-The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
+The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for.
-The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect.
-We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
+We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy.
@@ -42,7 +42,7 @@ You will be responsible for managing your login credentials. For added security,
#### Email aliases
-If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to.
+If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. Those can be filtered automatically based on the alias they are sent to.
Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked.
@@ -76,7 +76,7 @@ Malicious applications, particularly on mobile devices where the application has
We recommend avoiding services that require a phone number for sign up. A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
+You should avoid giving out your real phone number if you can. Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number!
diff --git a/i18n/vi/basics/account-deletion.md b/i18n/vi/basics/account-deletion.md
index 2f79dd0a..54148bd4 100644
--- a/i18n/vi/basics/account-deletion.md
+++ b/i18n/vi/basics/account-deletion.md
@@ -27,7 +27,7 @@ Desktop platforms also often have a password manager which may help you recover
### Email
-If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts.
## Deleting Old Accounts
@@ -39,7 +39,7 @@ When attempting to regain access, if the site returns an error message saying th
### GDPR (EEA residents only)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### Overwriting Account information
diff --git a/i18n/vi/basics/common-misconceptions.md b/i18n/vi/basics/common-misconceptions.md
index 6832f170..31b1b249 100644
--- a/i18n/vi/basics/common-misconceptions.md
+++ b/i18n/vi/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ The privacy policies and business practices of providers you choose are very imp
## "Complicated is better"
-We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
+We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?"
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
-3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
+3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
So, how might this look?
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/vi/basics/common-threats.md b/i18n/vi/basics/common-threats.md
index 7b040b0b..03414577 100644
--- a/i18n/vi/basics/common-threats.md
+++ b/i18n/vi/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
-Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
+Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat.
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ To minimize the damage that a malicious piece of software *could* do, you should
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
-Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ Therefore, you should use native applications over web clients whenever possible
-Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
+Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
## Mass Surveillance Programs
@@ -156,7 +156,7 @@ Mass surveillance is the intricate effort to monitor the "behavior, many activit
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
-Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
## Limiting Public Information
diff --git a/i18n/vi/basics/email-security.md b/i18n/vi/basics/email-security.md
index 0661723a..60513510 100644
--- a/i18n/vi/basics/email-security.md
+++ b/i18n/vi/basics/email-security.md
@@ -29,13 +29,13 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
### What Email Clients Support E2EE?
-Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
+Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### How Do I Protect My Private Keys?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## Email Metadata Overview
@@ -49,4 +49,4 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http
### Why Can't Metadata be E2EE?
-Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.
+Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/vi/basics/hardware.md b/i18n/vi/basics/hardware.md
index 4b795a9a..257624c3 100644
--- a/i18n/vi/basics/hardware.md
+++ b/i18n/vi/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
Warning
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/vi/basics/multi-factor-authentication.md b/i18n/vi/basics/multi-factor-authentication.md
index 044ee58e..6abb539c 100644
--- a/i18n/vi/basics/multi-factor-authentication.md
+++ b/i18n/vi/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone.
@@ -26,7 +26,7 @@ The security of push notification MFA is dependent on both the quality of the ap
### Time-based One-time Password (TOTP)
-TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password.
+TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes.
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
-Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
@@ -116,15 +116,15 @@ If you use SMS MFA, use a carrier who will not switch your phone number to a new
## More Places to Set Up MFA
-Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
+macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-After your smartcard/security key is set up, we recommend running this command in the Terminal:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How
### KeePass (and KeePassXC)
-KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/vi/basics/passwords-overview.md b/i18n/vi/basics/passwords-overview.md
index 898d198d..8464da82 100644
--- a/i18n/vi/basics/passwords-overview.md
+++ b/i18n/vi/basics/passwords-overview.md
@@ -24,7 +24,7 @@ All of our [recommended password managers](../passwords.md) include a built-in p
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
-When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
Checking for data breaches
@@ -54,13 +54,13 @@ To generate a diceware passphrase using real dice, follow these steps:
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. Roll a six-sided die five times, noting down the number after each roll.
-2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. You will find the word `encrypt`. Write that word down.
@@ -75,25 +75,25 @@ You should **not** re-roll words until you get a combination of words that appea
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
- Your adversary knows that you used the diceware method.
-- Your adversary knows the specific wordlist that you used.
+- Your adversary knows the specific word list that you used.
- Your adversary knows how many words your passphrase contains.
@@ -113,7 +113,7 @@ There are many good options to choose from, both cloud-based and local. Choose o
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
diff --git a/i18n/vi/basics/threat-modeling.md b/i18n/vi/basics/threat-modeling.md
index 922c7450..b87382d6 100644
--- a/i18n/vi/basics/threat-modeling.md
+++ b/i18n/vi/basics/threat-modeling.md
@@ -35,7 +35,7 @@ An “asset” is something you value and want to protect. In the context of dig
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
-*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
+*Make a list of your adversaries or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.*
Depending on who your adversaries are, this list might be something you want to destroy after you've finished developing your threat model.
diff --git a/i18n/vi/browser-extensions.md b/i18n/vi/browser-extensions.md
index 1daaf84e..7e7b2cb9 100644
--- a/i18n/vi/browser-extensions.md
+++ b/i18n/vi/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/vi/calendar.md b/i18n/vi/calendar.md
index 238d4317..da76e6dc 100644
--- a/i18n/vi/calendar.md
+++ b/i18n/vi/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
tải xuống
diff --git a/i18n/vi/cloud.md b/i18n/vi/cloud.md
index 3108d841..f598e76d 100644
--- a/i18n/vi/cloud.md
+++ b/i18n/vi/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Framadate
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
diff --git a/i18n/vi/cryptocurrency.md b/i18n/vi/cryptocurrency.md
index e8f07bad..7f6936f6 100644
--- a/i18n/vi/cryptocurrency.md
+++ b/i18n/vi/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Framadate
diff --git a/i18n/vi/data-broker-removals.md b/i18n/vi/data-broker-removals.md
index 7c2613a5..520ebae2 100644
--- a/i18n/vi/data-broker-removals.md
+++ b/i18n/vi/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/vi/desktop-browsers.md b/i18n/vi/desktop-browsers.md
index 800368d2..5f8a072a 100644
--- a/i18n/vi/desktop-browsers.md
+++ b/i18n/vi/desktop-browsers.md
@@ -109,7 +109,7 @@ This is required to prevent advanced forms of tracking, but does come at the cos
### Mullvad Leta
-Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
@@ -204,7 +204,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] Select **Enable HTTPS-Only Mode in all windows**
-This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
+This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### DNS over HTTPS
@@ -297,7 +297,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
#### Privacy and security
diff --git a/i18n/vi/desktop.md b/i18n/vi/desktop.md
index 90f2b3ee..546fb9f8 100644
--- a/i18n/vi/desktop.md
+++ b/i18n/vi/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS is an independent distribution based on the Nix package manager with a foc
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/vi/device-integrity.md b/i18n/vi/device-integrity.md
index 623a4839..142af55b 100644
--- a/i18n/vi/device-integrity.md
+++ b/i18n/vi/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/vi/dns.md b/i18n/vi/dns.md
index 8cb7c3ab..ae7ca80b 100644
--- a/i18n/vi/dns.md
+++ b/i18n/vi/dns.md
@@ -75,7 +75,7 @@ AdGuard Home features a polished web interface to view insights and manage block
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/vi/document-collaboration.md b/i18n/vi/document-collaboration.md
index 2d506972..90dd04db 100644
--- a/i18n/vi/document-collaboration.md
+++ b/i18n/vi/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/vi/email-aliasing.md b/i18n/vi/email-aliasing.md
index de0fea6c..b0d6fcc7 100644
--- a/i18n/vi/email-aliasing.md
+++ b/i18n/vi/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/vi/email.md b/i18n/vi/email.md
index 3b5bff1f..5039fa17 100644
--- a/i18n/vi/email.md
+++ b/i18n/vi/email.md
@@ -58,7 +58,7 @@ OpenPGP also does not support Forward secrecy, which means if either your or the
{ align=right }
-**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail doesn't offer a digital legacy feature.
@@ -127,7 +127,7 @@ Proton Mail doesn't offer a digital legacy feature.
{ align=right }
-**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/vi/encryption.md b/i18n/vi/encryption.md
index b3e3e421..53cad961 100644
--- a/i18n/vi/encryption.md
+++ b/i18n/vi/encryption.md
@@ -126,7 +126,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -200,7 +200,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/vi/file-sharing.md b/i18n/vi/file-sharing.md
index 8097c5f6..4ff8825d 100644
--- a/i18n/vi/file-sharing.md
+++ b/i18n/vi/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## File Sharing
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/vi/frontends.md b/i18n/vi/frontends.md
index 4840e15a..ff256b44 100644
--- a/i18n/vi/frontends.md
+++ b/i18n/vi/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/vi/index.md b/i18n/vi/index.md
index 24891736..d3fe4a59 100644
--- a/i18n/vi/index.md
+++ b/i18n/vi/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/vi/meta/brand.md b/i18n/vi/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/vi/meta/brand.md
+++ b/i18n/vi/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/vi/meta/translations.md b/i18n/vi/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/vi/meta/translations.md
+++ b/i18n/vi/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/vi/meta/uploading-images.md b/i18n/vi/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/vi/meta/uploading-images.md
+++ b/i18n/vi/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/vi/meta/writing-style.md b/i18n/vi/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/vi/meta/writing-style.md
+++ b/i18n/vi/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/vi/mobile-browsers.md b/i18n/vi/mobile-browsers.md
index 95e917b1..06786466 100644
--- a/i18n/vi/mobile-browsers.md
+++ b/i18n/vi/mobile-browsers.md
@@ -247,7 +247,7 @@ This prevents you from unintentionally connecting to a website in plain-text HTT
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/vi/multi-factor-authentication.md b/i18n/vi/multi-factor-authentication.md
index 22dcb75b..e1afd77e 100644
--- a/i18n/vi/multi-factor-authentication.md
+++ b/i18n/vi/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "Multi-Factor Authentication"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/vi/notebooks.md b/i18n/vi/notebooks.md
index 1fff7a6b..6aebc358 100644
--- a/i18n/vi/notebooks.md
+++ b/i18n/vi/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Theo dõi các ghi chú và nhật ký của bạn mà không đưa chúng cho bên thứ ba.
+Keep track of your notes and journals without giving them to a third party.
Nếu bạn hiện đang sử dụng một ứng dụng như Evernote, Google Keep hoặc Microsoft OneNote, chúng tôi khuyên bạn nên chọn một ứng dụng thay thế hỗ trợ E2EE tại đây.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** là một ứng dụng ghi chú và việc cần làm miễn phí, mã nguồn mở và đầy đủ tính năng có thể xử lý một số lượng lớn các ghi chú đánh dấu được sắp xếp thành sổ ghi chép và thẻ. Nó cung cấp E2EE và có thể đồng bộ hóa thông qua Nextcloud, Dropbox, v.v. Nó cũng cung cấp khả năng nhập dễ dàng từ Evernote và ghi chú văn bản thuần túy.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. Nó cung cấp E2EE và có thể đồng bộ hóa thông qua Nextcloud, Dropbox, v.v. Nó cũng cung cấp khả năng nhập dễ dàng từ Evernote và ghi chú văn bản thuần túy.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -132,7 +132,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/vi/os/android-overview.md b/i18n/vi/os/android-overview.md
index 4faff712..f2086618 100644
--- a/i18n/vi/os/android-overview.md
+++ b/i18n/vi/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
@@ -124,7 +124,7 @@ Modern Android devices have global toggles for disabling Bluetooth and location
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
diff --git a/i18n/vi/os/ios-overview.md b/i18n/vi/os/ios-overview.md
index 9cc34876..e1190279 100644
--- a/i18n/vi/os/ios-overview.md
+++ b/i18n/vi/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/vi/os/linux-overview.md b/i18n/vi/os/linux-overview.md
index 69b537ed..90163523 100644
--- a/i18n/vi/os/linux-overview.md
+++ b/i18n/vi/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ We don’t believe holding packages back and applying interim patches is a good
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “Security-focused” distributions
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### Drive Encryption
-Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
+Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ There are other system identifiers which you may wish to be careful about. You s
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
-This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/vi/os/macos-overview.md b/i18n/vi/os/macos-overview.md
index 9b57b2b6..565c4a68 100644
--- a/i18n/vi/os/macos-overview.md
+++ b/i18n/vi/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### Backups
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## Sources
diff --git a/i18n/vi/os/windows/group-policies.md b/i18n/vi/os/windows/group-policies.md
index 74194070..d1a033cb 100644
--- a/i18n/vi/os/windows/group-policies.md
+++ b/i18n/vi/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/vi/os/windows/index.md b/i18n/vi/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/vi/os/windows/index.md
+++ b/i18n/vi/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/vi/passwords.md b/i18n/vi/passwords.md
index 94c7a564..3089fe65 100644
--- a/i18n/vi/passwords.md
+++ b/i18n/vi/passwords.md
@@ -236,7 +236,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -335,7 +335,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -365,7 +365,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/vi/photo-management.md b/i18n/vi/photo-management.md
index 3067b317..85083e35 100644
--- a/i18n/vi/photo-management.md
+++ b/i18n/vi/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must be open source.
diff --git a/i18n/vi/real-time-communication.md b/i18n/vi/real-time-communication.md
index 1957746c..c8906f98 100644
--- a/i18n/vi/real-time-communication.md
+++ b/i18n/vi/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Framadate
diff --git a/i18n/vi/router.md b/i18n/vi/router.md
index 5da2223b..57f5330f 100644
--- a/i18n/vi/router.md
+++ b/i18n/vi/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** là một hệ điều hành (cụ thể là hệ điều hành nhúng) dựa trên nhân Linux, chủ yếu được sử dụng trên các thiết bị nhúng để định tuyến lưu lượng mạng. Các thành phần chính là Linux kernel, using-linux, uClibc và BusyBox. Tất cả các thành phần đã được tối ưu hóa về kích thước, đủ nhỏ để phù hợp với bộ nhớ và lưu trữ hạn chế có sẵn trong bộ định tuyến gia đình.
+**OpenWrt** là một hệ điều hành (cụ thể là hệ điều hành nhúng) dựa trên nhân Linux, chủ yếu được sử dụng trên các thiết bị nhúng để định tuyến lưu lượng mạng. Các thành phần chính là Linux kernel, using-linux, uClibc và BusyBox. All the components have been optimized for home routers.
[Homepage](https://openwrt.org){ .md-button .md-button--primary }
diff --git a/i18n/vi/security-keys.md b/i18n/vi/security-keys.md
index 48d089d0..1fa18585 100644
--- a/i18n/vi/security-keys.md
+++ b/i18n/vi/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/vi/tools.md b/i18n/vi/tools.md
index e476461f..7e870d0c 100644
--- a/i18n/vi/tools.md
+++ b/i18n/vi/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Genève, Switzerland. The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/vi/tor.md b/i18n/vi/tor.md
index e28e88ae..913bedb2 100644
--- a/i18n/vi/tor.md
+++ b/i18n/vi/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor Browser
@@ -120,11 +120,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/vi/vpn.md b/i18n/vi/vpn.md
index 9e9bd028..cfe57dd8 100644
--- a/i18n/vi/vpn.md
+++ b/i18n/vi/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ It is important to note that using a VPN provider will not make you anonymous, b
### Technology
-We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**Minimum to Qualify:**
-- Support for strong protocols such as WireGuard & OpenVPN.
-- Killswitch built in to clients.
-- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### Security
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**Minimum to Qualify:**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible:
diff --git a/i18n/zh-Hant/about.md b/i18n/zh-Hant/about.md
index eac4a24c..a1ed0ab8 100644
--- a/i18n/zh-Hant/about.md
+++ b/i18n/zh-Hant/about.md
@@ -24,7 +24,7 @@ Privacy Guides 是一個具有社會動機的網站,提供資訊以保護您
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=首頁 }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="原始碼" }
-Privacy Guides 是由世界各地的志工和工作人員建立的。 我們對於建議和資源做的所有變更,都至少經過兩位 [可信](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) 成員的審核,而且我們會努力工作,以確保盡快更新我們的內容,以適應不斷變化的網路安全威脅環境。
+Privacy Guides 是由世界各地的志工和工作人員建立的。 All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
除了我們的核心團隊之外,還有 [許多人](about/contributors.md) 也對專案做出了貢獻。 您也可以! 我們在 GitHub 上開放原始碼,並在 [Crowdin](https://crowdin.com/project/privacyguides) 上接受翻譯建議。
diff --git a/i18n/zh-Hant/about/contributors.md b/i18n/zh-Hant/about/contributors.md
index 8bd5285d..1d101def 100644
--- a/i18n/zh-Hant/about/contributors.md
+++ b/i18n/zh-Hant/about/contributors.md
@@ -7,7 +7,7 @@ description: 完整的貢獻者名單,這些貢獻者共同對 Privacy Guides
-本專案遵循 [all-contributors](https://github.com/all-contributors/all-contributors) 規範。 歡迎將**各種**類型的貢獻添加到[此列表](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc),包括對 Privacy Guides 的儲存庫外部貢獻,與內容無關的貢獻(例如分享想法、推廣項目、在論壇上回答問題等)。
+本專案遵循 [all-contributors](https://github.com/all-contributors/all-contributors) 規範。 Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| 表情符號 | 類別 | 敘述 |
| ---- | ------------- | ---------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/zh-Hant/about/criteria.md b/i18n/zh-Hant/about/criteria.md
index efc08a25..1df32fe9 100644
--- a/i18n/zh-Hant/about/criteria.md
+++ b/i18n/zh-Hant/about/criteria.md
@@ -24,7 +24,7 @@ description: 以下是我們在對您提交項目給 Privacy Guides 時所考慮
- 必須揭露您的從屬關係,即您在所提交專案中的職位。
-- 如果是涉及處理敏感資訊的專案,例如通訊軟體、密碼管理器、加密雲端儲存等,必須有安全白皮書。
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- 關於第三方稽核,我們想知道您是否已接受稽核或已有此打算。 如果可以,請說明由誰執行稽核。
- 必須說明專案在隱私權方面所帶來的好處。
diff --git a/i18n/zh-Hant/about/executive-policy.md b/i18n/zh-Hant/about/executive-policy.md
index 97f68770..d1cb3ad6 100644
--- a/i18n/zh-Hant/about/executive-policy.md
+++ b/i18n/zh-Hant/about/executive-policy.md
@@ -5,7 +5,7 @@ description: 這些是我們的執行委員會正式通過的政策,並優先
這些都是 Privacy Guides 的執行委員會正式通過的政策,並優先於本網站上表達的所有其他聲明。
-關鍵字 **must**、**must not**、**required**、**shall**、**shall not**、**should**、**should not**、**recommended**、**may** 及 **optional** 的解釋方式如 [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119) 所述。
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: 免費提供產品樣品
diff --git a/i18n/zh-Hant/about/notices.md b/i18n/zh-Hant/about/notices.md
index 8987ae6b..e310bcf1 100644
--- a/i18n/zh-Hant/about/notices.md
+++ b/i18n/zh-Hant/about/notices.md
@@ -31,7 +31,7 @@ Privacy Guides 是一個開放原始碼專案,貢獻有授權保護,包括
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-我們認為,從第三方供應商`資產` 取得的標誌和圖像不是公有領域,就是**合理使用**。 簡而言之,法律 [合理使用原則](https://copyright.gov/fair-use/more-info.html) 允許使用受版權保護的圖像來識別主題以供公眾評論。 但是,這些標誌和圖像可能仍受一個或多個司法管轄區的商標法約束。 在使用此內容之前,請確保其用於識別擁有商標的實體或組織,並確保您有權根據適用所預期情況下的法律。 *從本網站複製內容時,您自行負責確保您不會侵犯他人的商標或版權。*
+我們認為,從第三方供應商`資產` 取得的標誌和圖像不是公有領域,就是**合理使用**。 In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. 但是,這些標誌和圖像可能仍受一個或多個司法管轄區的商標法約束。 在使用此內容之前,請確保其用於識別擁有商標的實體或組織,並確保您有權根據適用所預期情況下的法律。 *從本網站複製內容時,您自行負責確保您不會侵犯他人的商標或版權。*
當您對我們的網站作出貢獻時,您是根據上述許可,並且您授予 Privacy Guides 永久全球性、非排他、可轉讓、免版稅、不可撤銷的許可,Privacy Guides 有權通過多個層級的轉授權人再許可這些權利,以複製,修改,顯示,執行和分發您的貢獻作為項目的一部分。
diff --git a/i18n/zh-Hant/about/privacytools.md b/i18n/zh-Hant/about/privacytools.md
index c1c5e219..ccc27a39 100644
--- a/i18n/zh-Hant/about/privacytools.md
+++ b/i18n/zh-Hant/about/privacytools.md
@@ -37,9 +37,9 @@ PrivacyTools 由 BurungHantu 於 2015年創建,在斯諾登洩密事件後,
## 控制r/privacytoolsIO
-與privacytools.io持續的網站問題同時, r/privacytoolsIO審核團隊在管理subreddit方面面臨挑戰。 Subreddit 一直以來獨立於網站的開發運作,而 BurungHantu 也是 subreddit 主要主持人,他擁有唯一“完全控制”的主持權限。 u/trai_dep 是當時唯一的活躍版主, [2021年6月28日向 Reddit 管理員發出請求](https://reddit.com/comments/o9tllh) ,要求授予主要版主職位和完全控制權限,以便對 Subreddit 進行必要更改。
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep 是當時唯一的活躍版主, [2021年6月28日向 Reddit 管理員發出請求](https://reddit.com/comments/o9tllh) ,要求授予主要版主職位和完全控制權限,以便對 Subreddit 進行必要更改。
-Reddit要求 subreddit 有活躍的版主。 如果主要主持人長期不活躍(例如一年) ,則可以重新任命下一位主要主持人。 為了讓這個請求獲得批準, BurungHantu 必須很長一段時間內消失在 Reddit 所有活動中,這與他在其他平臺上的行為一致。
+Reddit requires that Subreddits have active moderators. 如果主要主持人長期不活躍(例如一年) ,則可以重新任命下一位主要主持人。 為了讓這個請求獲得批準, BurungHantu 必須很長一段時間內消失在 Reddit 所有活動中,這與他在其他平臺上的行為一致。
> 如果通過 Reddit 請求而被取消 subreddit 版主職位,那是因為版主缺乏回應與活動讓 subreddit 有資格進行r/redditrequest 轉移。
>
@@ -55,7 +55,7 @@ Reddit要求 subreddit 有活躍的版主。 如果主要主持人長期不活
- 重定向` www.privacytools.io `到 [www.privacyguides.org](https://www.privacyguides.org)。
- 在GitHub上存檔源代碼,以保存我們過去的工作和問題跟蹤器,我們繼續使用這個網站未來幾個月的開發。
-- 向我們的 subreddit 和各種其他社區發布公告,通知人們官方變更。
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- 正式關閉 privacytools.io 服務,如 Matrix 和 Mastodon ,並鼓勵現有用戶盡快遷移。
事情進展順利,大多數活躍的社區完全按照我們的期望切換到新專案。
@@ -66,11 +66,11 @@ Reddit要求 subreddit 有活躍的版主。 如果主要主持人長期不活
此時, BurungHantu 聲稱他會繼續開發 privacytools.io ,並要求我們取消把 `www.privacytools.io`重定向到 [www.privacyguides.org](https://www.privacyguides.org)。 我們答應了他的請求,並要求他保持 Matrix , Mastodon 和PeerTube 的子域名活躍,讓我們社區可維持幾個月的公共服務,以便這些平臺上的用戶輕鬆遷移到其他帳戶。 由於我們提供服務的聯邦性質,它們與特定的域名相關聯,因此很難遷移(在某些情況下是不可能的)。
-不幸的是,由於r/privacytoolsIO subreddit的控制權沒有依BurungHantu 的要求歸還給他(詳細信息如下),這些子域名在10月初被 [切斷](https://reddit.com/comments/pymthv/comment/hexwrps) ,扼阻了仍在使用這些服務的用戶的遷移。
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
接下來 BurungHantu 不實指控 Jonah 從該專案竊取捐款。 直到 Privacy Guides遷移後,BurungHantu 才讓人知道而他指控的事件已發生了一年多。 團隊 [和社區](https://twitter.com/TommyTran732/status/1526153536962281474)一再要求 BurungHantu 提出證據並由對他過往的沉默發表評論,但他從未回應。
-BurungHantu 還發布一篇 [推特帖子](https://twitter.com/privacytoolsIO/status/1510560676967710728) ,指稱有“律師”在推特上與他聯繫並提供建議,另一次嘗試欺負我們讓他控制我們的subreddit ,並作為他抹黑活動的一部分,在假裝成受害者來玷污 Privacy Guides。
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io 現況
@@ -80,7 +80,7 @@ BurungHantu 還發布一篇 [推特帖子](https://twitter.com/privacytoolsIO/st
## r/privacytoolsIO Now
-在推出 [r/PrivacyGuides ](https://reddit.com/r/privacyguides)之後, u/trai_dep 繼續主持兩個 subreddits 是不切實際的,隨著社區進入過渡時期, r/privacytoolsIO 在2021年11月1日發文將 [ subreddits 改成限制狀態](https://reddit.com/comments/qk7qrj) :
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] Sub 的發展是 PrivacyGuides.org 團隊多年來付出巨大努力的結果。 以你們每一個人,
>
@@ -88,11 +88,11 @@ BurungHantu 還發布一篇 [推特帖子](https://twitter.com/privacytoolsIO/st
Subreddit不屬於任何人,尤其不屬於品牌持有者。 他們屬於他們的社區,社區及其主持人決定支援轉移到r/PrivacyGuides。
-此後幾個月裏,BurungHantu 一直威乞並濟地希望取回 subreddit 控制權,這已 [違反](https://reddit.com/r/redditrequest/wiki/top_mod_removal) Reddit 規定:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> 不允許任何版主對刪除申請進行報復。
-對於一個數千名用戶的社區來說,我們認為將這個龐大平臺的控制權歸還給放棄它超過一年的人是非常不尊重的,我們認為他們現在網站經營的品質低落。 保留該社區過去多年的討論對我們來說更重要,因此u/trai_dep和 subreddit moderation 團隊的其他成員決定保持r/privacytoolsIO 原樣。
+對於一個數千名用戶的社區來說,我們認為將這個龐大平臺的控制權歸還給放棄它超過一年的人是非常不尊重的,我們認為他們現在網站經營的品質低落。 Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective 現況
diff --git a/i18n/zh-Hant/about/statistics.md b/i18n/zh-Hant/about/statistics.md
index b5ee7975..2188bce5 100644
--- a/i18n/zh-Hant/about/statistics.md
+++ b/i18n/zh-Hant/about/statistics.md
@@ -11,7 +11,7 @@ description: 我們自行託管 Umami,為我們的流量統計建立一個良
透過這個過程:
-- 您的資訊永遠不會與第三方共享,它保留在我們控制的伺服器上
+- Your information is never shared with a third party, it stays on servers we control
- 個人資料永遠不會保存,我們僅收集匯總數據
- 不使用客戶端 JavaScript
diff --git a/i18n/zh-Hant/advanced/communication-network-types.md b/i18n/zh-Hant/advanced/communication-network-types.md
index 91d47a76..7b0a9f2e 100644
--- a/i18n/zh-Hant/advanced/communication-network-types.md
+++ b/i18n/zh-Hant/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ description: 簡介常見的即時通訊應用程式網路架構。
- 運行自己的伺服器可以更加控制自己的資料。
- 可從多個“公共”伺服器之中選擇信任的資料託付者。
- 可讓第三方客戶端提供更原生、定制或親和的體驗。
-- 假設您有存取伺服器的權限或信任有此權限的人(例如,家庭成員),可以驗證伺服器軟體是否與公開原始碼相符。
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**缺點**
@@ -60,7 +60,7 @@ description: 簡介常見的即時通訊應用程式網路架構。
P2P 軟體連接到 [分佈式網路](https://en.wikipedia.org/wiki/Distributed_networking) 中的節點,在沒有第三方伺服器的情況下將訊息傳遞給收件人。
-客戶端(對等軟體)通常通過 [分布式計算](https://en.wikipedia.org/wiki/Distributed_computing) 網路找到彼此。 例如, [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT)被 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 使用。 另一種方法是鄰近的網路,通過WiFi或藍牙建立連接(例如, Briar 或 [Scuttlebutt](https://scuttlebutt.nz) 社交網路協議)。
+客戶端(對等軟體)通常通過 [分布式計算](https://en.wikipedia.org/wiki/Distributed_computing) 網路找到彼此。 例如, [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT)被 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 使用。 Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
一旦對等體通過任何這些方法找到通往其聯繫的路徑,它們之間就會建立直接連接。 通常訊息內容會加密,但觀察者仍然可以推斷寄件人和收件人的位置和身份。
@@ -85,9 +85,9 @@ P2P 網路不使用伺服器,對等方彼此之間直接通訊,因此不能
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的傳訊方式會隱藏發送者、接收者的身份或他們一直在溝通的證據。 理想情況下,這三種東西都該被隱藏。
-匿名路由[有多種](https://doi.org/10.1145/3182658) 實現方式。 其中最著名 [洋蔥路由](https://en.wikipedia.org/wiki/Onion_routing) (即 [Tor](tor-overview.md)) ,該虛擬 [覆蓋網路](https://en.wikipedia.org/wiki/Overlay_network) 隱藏節點位置以及收件人和寄件人之間的加密訊息。 發送者和接收者不會直接互動,而是通過祕密會合節點,這樣就不會洩漏 IP 位址或物理位置。 節點無法解密訊息,也無法解密最終目的地;只有收件人可以。 中間節點只能解密下一步送到哪裡的指示,消息本體仍保持加密直到送達最終有權限解密的收件人,因此是“洋蔥層”。
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. 其中最著名 [洋蔥路由](https://en.wikipedia.org/wiki/Onion_routing) (即 [Tor](tor-overview.md)) ,該虛擬 [覆蓋網路](https://en.wikipedia.org/wiki/Overlay_network) 隱藏節點位置以及收件人和寄件人之間的加密訊息。 發送者和接收者不會直接互動,而是通過祕密會合節點,這樣就不會洩漏 IP 位址或物理位置。 節點無法解密訊息,也無法解密最終目的地;只有收件人可以。 中間節點只能解密下一步送到哪裡的指示,消息本體仍保持加密直到送達最終有權限解密的收件人,因此是“洋蔥層”。
-在匿名路由網路中自我託管節點無法增加額外隱私優勢,但有助於整個網路軔性抵禦識別攻擊。
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**優點**
diff --git a/i18n/zh-Hant/advanced/dns-overview.md b/i18n/zh-Hant/advanced/dns-overview.md
index 55fc7bdc..f6b1cf93 100644
--- a/i18n/zh-Hant/advanced/dns-overview.md
+++ b/i18n/zh-Hant/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: 網域名稱系統是“網際網路電話簿” ,可幫助瀏覽器找到它正在尋找的網站。
---
-[網域名稱系統](https://en.wikipedia.org/wiki/Domain_Name_System) 是「網際網路的電話簿」。 DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。
## 什麼是 DNS?
@@ -24,7 +24,7 @@ DNS 從網際網路的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. 然後我們可以使用 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) ( Linux , MacOS 等)或 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) ( Windows )將 DNS查詢發送到兩個伺服器。 Web 瀏覽器等軟體會自動執行這些查詢,除非它們被設定為使用加密的DNS。
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Web 瀏覽器等軟體會自動執行這些查詢,除非它們被設定為使用加密的DNS。
=== "Linux , macOS"
@@ -39,7 +39,7 @@ DNS 從網際網路的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System
nslookup privacyguides.org 8.8.8.8
```
-3. 接下來,[分析](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs)結果:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ DNS 從網際網路的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是第一種查詢加密 DNS 的方法之一。 DNSCrypt 在 443 端口上運作,與 TCP 或 UDP 傳輸協議一起使用。 DNSCrypt 從未向 [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force)提交文件 ,也未通過 [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) 流程,因此 [實用少](https://dnscrypt.info/implementations)並未被廣泛使用。 因此,它大量被更受歡迎的 [DNS over HTTPS](#dns-over-https-doh) 取代。
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是第一種查詢加密 DNS 的方法之一。 DNSCrypt 在 443 端口上運作,與 TCP 或 UDP 傳輸協議一起使用。 DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). 因此,它大量被更受歡迎的 [DNS over HTTPS](#dns-over-https-doh) 取代。
### 通過 TLS 的 DNS (DoT)
@@ -118,7 +118,7 @@ Apple不提供用於建立加密DNS設定檔的原生介面。 [Secure DNS profi
3. 提出請求後,快速鍵 CTRL + C可停止封包捉取。
-4. 在 Wireshark 中分析結果:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ Apple不提供用於建立加密DNS設定檔的原生介面。 [Secure DNS profi
確定瀏覽活動的最簡單方法可能是查看您的設備正在訪問的 IP 位址。 例如,如果觀察者知道 `privacyguides.org` 位於 `198.98.54.105`,而您的裝置正在請求 `198.98.54.105`的數據,則很有可能您正在訪問隱私指南。
-此方法僅在 IP 位址屬於僅託管少數網站的伺服器時才有用。 如果網站託管在共享平臺(例如 Github Pages , Cloudflare Pages , Netlify , WordPress , Blogger等),它就不太有用。 如果伺服器託管在 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy)之後,這也不是很有用,這在現代網路上非常常見。
+此方法僅在 IP 位址屬於僅託管少數網站的伺服器時才有用。 It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). 如果伺服器託管在 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy)之後,這也不是很有用,這在現代網路上非常常見。
### 伺服器名指示(SNI)
-伺服器名稱指示通常用於IP位址託管多個網站時。 這可能是像 Cloudflare 的服務,或者其他 [阻斷服務攻擊](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保護。
+Server Name Indication is typically used when an IP address hosts many websites. 這可能是像 Cloudflare 的服務,或者其他 [阻斷服務攻擊](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保護。
-1. 再次開始捕捉 `tshark`。 我們新增了一個自身 IP 位址的過濾器,因此您不會捕獲過多封包:
+1. 再次開始捕捉 `tshark`。 We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -333,7 +333,7 @@ graph TB
```
-與第三方合作的加密 DNS 應限於避開重定向和基本的 [DNS 封鎖](https://en.wikipedia.org/wiki/DNS_blocking) ,也就是確定無後顧或對供應商的基本過濾感興趣時才用第三方。
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[推薦的 DNS 伺服器列表](../dns.md ""){.md-button}
diff --git a/i18n/zh-Hant/advanced/tor-overview.md b/i18n/zh-Hant/advanced/tor-overview.md
index 5653f4f6..54e8afb1 100644
--- a/i18n/zh-Hant/advanced/tor-overview.md
+++ b/i18n/zh-Hant/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor 的工作原理是通過志願者運營的伺服器來引導您的網際網
在連接到 Tor 之前,應先仔細考慮想透過 Tor 實現什麼目的,想要對誰隱藏網路活動資訊。
-在自由的國家,透過 Tor 存取普通內容,無需擔心 ISP 或區域網路管理員知道您正在使用 Tor,反而可能會幫助 [消除Tor 使用污名化](https://2019.www.torproject.org/about/torusers.html.en) ,您可以透過標準方式直接連接到Tor,例如[Tor 瀏覽器](../tor.md)。
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
如果您有能力使用可信任的 VPN 供應商,且有**以下任一情況**,那麼最好應透過 VPN 連接 Tor:
diff --git a/i18n/zh-Hant/ai-chat.md b/i18n/zh-Hant/ai-chat.md
index 9480e340..9ca5c258 100644
--- a/i18n/zh-Hant/ai-chat.md
+++ b/i18n/zh-Hant/ai-chat.md
@@ -26,7 +26,7 @@ cover: ai-chatbots.webp
### 本地 AI 模型的硬體
-本地模型也相當容易運行。 只要 8GB 記憶體,就能以較低的速度運行較小的模型。 使用更強大的硬體,例如具有足夠 VRAM 的專用 GPU 或具有快速 LPDDR5X 記憶體的現代系統,可以提供最佳的體驗。
+本地模型也相當容易運行。 It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. 使用更強大的硬體,例如具有足夠 VRAM 的專用 GPU 或具有快速 LPDDR5X 記憶體的現代系統,可以提供最佳的體驗。
LLM 通常可以透過參數的數量來區分用途,對於提供給終端使用者的開放原始碼模型,參數的數量通常介於 1.3B 到 405B 之間。 例如,參數低於 6.7B 的模型只適合文字摘要等基本任務,而參數介於 7B 與 13B 之間的模型則是品質與速度的絕佳折衷。 具備進階推理能力的模型一般在 70B 左右。
@@ -34,9 +34,9 @@ LLM 通常可以透過參數的數量來區分用途,對於提供給終端使
| 模型大小(使用 參數 作為單位) | 最低 RAM 要求 | 最低處理器要求 |
| ---------------- | --------- | ---------------- |
-| 7B | 8GB | 現代 CPU(需支援 AVX2) |
-| 13B | 16GB | 現代 CPU(需支援 AVX2) |
-| 70B | 72GB | 具備 VRAM 的 GPU |
+| 7B | 8 GB | 現代 CPU(需支援 AVX2) |
+| 13B | 16 GB | 現代 CPU(需支援 AVX2) |
+| 70B | 72 GB | 具備 VRAM 的 GPU |
若要在本機執行 AI,您需要 AI 模型和 AI 客戶端。
@@ -144,7 +144,7 @@ Llamafile 也支援 LLaVA。 但是,它不支援語音辨識及圖片生成。
-Mozilla 只為某些 Llama 和 Mistral 模型提供 llamafile,而可用的第三方 llamafile 很少。 此外,Windows 將 `.exe` 檔案大小限制為最大 4GB,而大多數模型都大於此數目。
+Mozilla 只為某些 Llama 和 Mistral 模型提供 llamafile,而可用的第三方 llamafile 很少。 Moreover, Windows limits `.exe` files to 4 GB, and most models are larger than that.
為了迴避這些問題,您可以 [load external weights](https://github.com/Mozilla-Ocho/llamafile#using-llamafile-with-external-weights)。
@@ -163,7 +163,7 @@ Mozilla 只為某些 Llama 和 Mistral 模型提供 llamafile,而可用的第
- 核對 checksum(核對和)[^1]
- 在 Hugging Face 上,您可以按一下模型檔案,並在其下方尋找 **Copy SHA256** 按鈕,以找到雜湊值。 您應該將此 checksum 與您下載的模型檔案之 checksum 進行比對。
-如果下載的模型通過上述所有檢查,則該模型應該是安全的。
+A downloaded model is generally safe if it satisfies all the above checks.
## 標準
@@ -175,14 +175,14 @@ Mozilla 只為某些 Llama 和 Mistral 模型提供 llamafile,而可用的第
- 不得傳輸個人資料,包括聊天資料。
- 必須跨平台。
- 必須不需要 GPU。
-- 必須支援 GPU 驅動的快速推理。
+- Must support GPU-powered fast inference.
- 必須無需網際網路連線。
### 最佳情況
最佳情況標準代表我們 _希望_ 在這個類別的完美項目的應具備的特性。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
-- 應該容易下載和設定,例如具備一鍵安裝程序。
+- Should be easy to download and set up, e.g. with a one-click installation process.
- 應該有內建的模型下載器選項。
- 使用者應能修改 LLM 參數,例如其 system prompt 或 temperature。
diff --git a/i18n/zh-Hant/alternative-networks.md b/i18n/zh-Hant/alternative-networks.md
index e234e9f6..508cc2bb 100644
--- a/i18n/zh-Hant/alternative-networks.md
+++ b/i18n/zh-Hant/alternative-networks.md
@@ -68,7 +68,7 @@ cover: alternative-networks.webp
Snowflake 無法加強隱私,也不會在個人瀏覽器中連接 Tor 網路。 但如果網際網路連接沒有被審查的情形,請考慮使用它,幫助受審查網路中的人們能有更好的隱私。 無需擔心人們通過您的代理訪問哪些網站----他們的可見瀏覽 IP 地址將與其 Tor 出口節點相匹配,而不是您的 IP 地址。
-運行 Snowflake 代理風險很低,甚至低於運行 Tor 中繼或橋接器,而這些中繼器或橋接器已經不算是特別高風險的工作。 但是,它通過您的網路進行代理流量,在某些方面可能會產生影響,特別是所用的網路頻寬有限制的話。 在決定是否要執行代理程式之前,請確保了解 [Snowflake 的工作原理](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) 。
+Running a Snowflake proxy is low-risk, even more so than running a Tor relay or bridge which are already not particularly risky endeavors. 但是,它通過您的網路進行代理流量,在某些方面可能會產生影響,特別是所用的網路頻寬有限制的話。 在決定是否要執行代理程式之前,請確保了解 [Snowflake 的工作原理](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) 。
### I2P (隱形網際網路計劃)
@@ -77,7 +77,7 @@ Snowflake 無法加強隱私,也不會在個人瀏覽器中連接 Tor 網路
{ align=right }
{ align=right }
-**I2P**是一個網路層,對連接進行加密,並透過分佈在世界各地的電腦網路路由它們。 它主要致力創建一個替代性的隱私保護網路,而不是使常規的網路連接匿名。
+**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. 它主要致力創建一個替代性的隱私保護網路,而不是使常規的網路連接匿名。
[:octicons-home-16: 首頁](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=說明文件 }
@@ -106,7 +106,7 @@ Snowflake 無法加強隱私,也不會在個人瀏覽器中連接 Tor 網路
-再者,每個 I2P 節點預設都會為其他使用者中繼流量,而不是依賴專門的中繼志工來運行節點。 Tor 網路大約有[10,000](https://metrics.torproject.org/networksize.html) 個中繼和網橋,而I2P 上有大約50,000 個中繼和網橋,這意味著流量可能有更多的路由方式來最大化匿名性。 I2P 也比 Tor 效能更高,這可能是由於 Tor 更關注常規「clearnet」網路流量使用更多瓶頸出口節點的副作用。 與 Tor 相比,通常認為 I2P 上的隱藏服務效能更優。 在 Tor 上運行 BitTorrent 等 P2P 應用程式具有挑戰性(並且會極大地影響 Tor 網路效能),而在 I2P 上運行卻非常簡單且高效能。
+再者,每個 I2P 節點預設都會為其他使用者中繼流量,而不是依賴專門的中繼志工來運行節點。 Tor 網路大約有[10,000](https://metrics.torproject.org/networksize.html) 個中繼和網橋,而I2P 上有大約50,000 個中繼和網橋,這意味著流量可能有更多的路由方式來最大化匿名性。 I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. 與 Tor 相比,通常認為 I2P 上的隱藏服務效能更優。 在 Tor 上運行 BitTorrent 等 P2P 應用程式具有挑戰性(並且會極大地影響 Tor 網路效能),而在 I2P 上運行卻非常簡單且高效能。
然而,I2P 的方法也有缺點。 Tor 依賴專用的出口節點,這意味著更多的人可以在不太安全的環境中使用它,而且Tor 上確實存在的中繼可能性能更高、更穩定,因為它們通常不在長駐連接上運行。 Tor 也更關注**瀏覽器隱私**(即防指紋),並配有專用的 [Tor 瀏覽器](tor.md) 來盡可能使瀏覽活動匿名。 I2P 透過[常用網頁瀏覽器](desktop-browsers.md) 使用,雖然可以將瀏覽器設定為更保護隱私,但可能不會與其他 I2P 使用者有相同的瀏覽器指紋(沒有在這方面混在「人群」)。
diff --git a/i18n/zh-Hant/android/general-apps.md b/i18n/zh-Hant/android/general-apps.md
index 26ef73d7..29199236 100644
--- a/i18n/zh-Hant/android/general-apps.md
+++ b/i18n/zh-Hant/android/general-apps.md
@@ -95,7 +95,7 @@ Shelter 支援阻止跨配置檔案的聯絡人搜尋以及透過預設檔案管
Note
-目前拍攝的影片不會被自動刪除元資料,但此功能已確認將在未來添加。
+Metadata is not currently deleted from video files, but that is planned.
圖片的 方向元資料 不會被自動刪除。 如果您啟用了定位功能(在Secure Camera中),需要注意的是,位置資料與圖片的方向元資料一樣 **不會** 被自動刪除。 如果您在拍攝後想刪除元資料,您將需要使用外部應用程式,例如: [ExifEraser](../data-redaction.md#exiferaser-android) 。
diff --git a/i18n/zh-Hant/basics/account-creation.md b/i18n/zh-Hant/basics/account-creation.md
index 97be1083..4005547f 100644
--- a/i18n/zh-Hant/basics/account-creation.md
+++ b/i18n/zh-Hant/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: 創建帳戶為實際連線網際網路所必要,請採取下列步驟確保您的線上隱私。
---
-人們經常不假思索地註冊網路服務。 這些帳號也許是一個串流媒體服務可觀看人人都在談論的新節目,或是取得喜歡的快餐店折扣。 無論在什麼樣的場景,您都應該考慮現在和以後對個資的影響。
+人們經常不假思索地註冊網路服務。 Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. 無論在什麼樣的場景,您都應該考慮現在和以後對個資的影響。
在新的服務申請帳號時,都伴著相關風險。 資料洩露;向第三方披露客戶資訊、員工有不當的權限可以訪問所有資料,在給出您的個資時都必須考慮的接下來可能的狀況。 您需要確信足夠信任該服務,這就是為什麼我們建議把重要資料儲存在最成熟且通過測試的產品。 這通常意味著提供 E2EE 並經過加密審計的服務。 審計增加了產品設計的保證,減低因開發人員缺乏經驗所導致的安全問題。
@@ -13,11 +13,11 @@ description: 創建帳戶為實際連線網際網路所必要,請採取下列
## 服務條款 & 隱私權政策
-服務條款是您在使用服務時同意遵守的規則。 隨著更大的服務,這些規則通常由自動化系統強制執行。 有時這些自動化系統可能會出錯。 例如,您的帳號可能會因為使用 VPN 或 VOIP 號碼而被禁止或無法使用某些服務。 對這種禁令提出上訴通常很困難,而且通常都由系統自動處理而不是人工審核,造成了上訴的困難度。 這也是我們不建議使用 Gmail 作為電子郵件的原因之一。 電子郵件對於訪問您已註冊的其他服務至關重要。
+服務條款是您在使用服務時同意遵守的規則。 隨著更大的服務,這些規則通常由自動化系統強制執行。 有時這些自動化系統可能會出錯。 For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. 對這種禁令提出上訴通常很困難,而且通常都由系統自動處理而不是人工審核,造成了上訴的困難度。 這也是我們不建議使用 Gmail 作為電子郵件的原因之一。 電子郵件對於訪問您已註冊的其他服務至關重要。
-隱私權政策是該服務表示他們將如何使用您的數據,因此值得閱讀,以便您了解如何使用您的數據。 公司或組織可能沒有法律義務遵守政策中包含的所有內容(取決於司法管轄區)。 我們建議您了解當地法律以及這些法律允許供應商收集哪些資訊。
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. 公司或組織可能沒有法律義務遵守政策中包含的所有內容(取決於司法管轄區)。 我們建議您了解當地法律以及這些法律允許供應商收集哪些資訊。
-我們建議您尋找特定的術語,例如「資料收集」、「資料分析」、「Cookie」、「廣告」或「第三方」服務。 有時您可以選擇退出資料收集或拒絕分享資料,但最好從一開始就選擇尊重您隱私權的服務。
+我們建議您尋找特定的術語,例如「資料收集」、「資料分析」、「Cookie」、「廣告」或「第三方」服務。 Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
請記住,您把信任託付給該公司或組織,冀望其真的遵守自己的隱私政策。
@@ -42,7 +42,7 @@ description: 創建帳戶為實際連線網際網路所必要,請採取下列
#### 電子郵件別名
-如果您不想將您的真實電子郵件地址提供給服務,您可以選擇使用別名。 我們在電子郵件服務推薦頁面上更詳細地描述了它們。 基本上,別名服務允許您生成新的電子郵件位址,將所有電子郵件轉發到您的主位址。 這可以幫助防止跨服務跟蹤,並幫助您管理有時會隨註冊過程而來的營銷電子郵件。 這些可以根據它們被發送到的別名自動過濾。
+如果您不想將您的真實電子郵件地址提供給服務,您可以選擇使用別名。 我們在電子郵件服務推薦頁面上更詳細地描述了它們。 基本上,別名服務允許您生成新的電子郵件位址,將所有電子郵件轉發到您的主位址。 This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. 這些可以根據它們被發送到的別名自動過濾。
如果服務遭到駭客攻擊,您用於註冊的電子郵件可能會收到網路釣魚或垃圾郵件。 為每個服務使用獨特的別名可以幫助確定哪些服務被駭。
@@ -76,7 +76,7 @@ OAuth 在那些服務之間深度整合情況下,可以特別有用。 我們
我們建議您避免使用需要電話號碼才能註冊的服務。 A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-如果可以的話,你應該避免透露你的真實電話號碼。 某些服務將允許使用 VOIP 號碼,但這些通常會觸發欺詐偵測系統,導致帳戶被鎖定,因此我們不建議重要帳戶使用此系統。
+如果可以的話,你應該避免透露你的真實電話號碼。 Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
在許多情況下,您需要提供可以接收短信或電話的號碼,特別是在國際購物時,以防您在邊境審查時的訂單出現問題。 服務通常會使用您的號碼作為驗證方式;不要自作聰明使用假的電話號碼,最後讓自己重要的帳戶被鎖定!
diff --git a/i18n/zh-Hant/basics/account-deletion.md b/i18n/zh-Hant/basics/account-deletion.md
index 7702dcc9..2863901f 100644
--- a/i18n/zh-Hant/basics/account-deletion.md
+++ b/i18n/zh-Hant/basics/account-deletion.md
@@ -27,7 +27,7 @@ description: 一般人很容易累積大量的網路服務帳戶,這裏有一
### 電子郵件
-如果您過去沒有使用密碼管理員,或者您認為您的帳戶從未被添加到密碼管理員,另一個選項是搜索您認為已註冊的電子郵件帳戶。 在電子郵件用戶端上,搜尋「驗證」或「歡迎」等關鍵字。 幾乎每次你建立線上帳戶時,該服務都會向你的電子郵件發送驗證連結或介紹訊息。 這可能是找到舊的,被遺忘的帳戶的好方法。
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. 在電子郵件用戶端上,搜尋「驗證」或「歡迎」等關鍵字。 幾乎每次你建立線上帳戶時,該服務都會向你的電子郵件發送驗證連結或介紹訊息。 這可能是找到舊的,被遺忘的帳戶的好方法。
## 刪除舊帳戶
@@ -39,7 +39,7 @@ description: 一般人很容易累積大量的網路服務帳戶,這裏有一
### GDPR (僅限歐洲經濟區居民)
-歐洲經濟區的居民享有資料刪除的額外權利,其詳見於 GDPR [第 17 條](https://gdpr-info.eu/art-17-gdpr)規定。 如果適用於您,請閱讀任何特定服務的隱私權政策,以查找有關如何行使刪除權利的資訊。 閱讀隱私政策可能很重要,因為某些服務的「刪除帳戶」選項,實際上只是停用您的帳戶,若要真正刪除,您必須採取額外行動。 有時,刪除過程中可能需填寫調查、向服務商的資料保護人員發送電子郵件,甚至提出您為歐盟居民的證明。 如果您打算這樣做,請 **不要** 覆寫帳戶資訊-可能需要歐盟居民身份。 請注意,服務的位置並不重要; GDPR 適用於為歐盟用戶服務的任何人。 若服務商不願尊重您請求刪除的權利,可聯絡所在國的[官方資料保護機關](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en),您可能有權請求金錢賠償。
+歐洲經濟區的居民享有資料刪除的額外權利,其詳見於 GDPR [第 17 條](https://gdpr-info.eu/art-17-gdpr)規定。 如果適用於您,請閱讀任何特定服務的隱私權政策,以查找有關如何行使刪除權利的資訊。 閱讀隱私政策可能很重要,因為某些服務的「刪除帳戶」選項,實際上只是停用您的帳戶,若要真正刪除,您必須採取額外行動。 有時,刪除過程中可能需填寫調查、向服務商的資料保護人員發送電子郵件,甚至提出您為歐盟居民的證明。 如果您打算這樣做,請 **不要** 覆寫帳戶資訊-可能需要歐盟居民身份。 請注意,服務的位置並不重要; GDPR 適用於為歐盟用戶服務的任何人。 If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### 覆寫帳戶資訊
diff --git a/i18n/zh-Hant/basics/common-misconceptions.md b/i18n/zh-Hant/basics/common-misconceptions.md
index 2743acfe..62012a8c 100644
--- a/i18n/zh-Hant/basics/common-misconceptions.md
+++ b/i18n/zh-Hant/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## 「越複雜愈好」
-很多人把隱私威脅模型想得太複雜了。 通常,這類解決方案會涉及使用許多不同的電子郵件帳號,或是複雜的設定,其中包含許多變數和條件。 這些回覆通常是針對「做*某件事*的最佳方法是什麼?」這類問題所給出的答案。
+很多人把隱私威脅模型想得太複雜了。 Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. 這些回覆通常是針對「做*某件事*的最佳方法是什麼?」這類問題所給出的答案。
尋找適合自己的「最佳」解決方案,不一定要追求無懈可擊的方案,因為這樣的方案往往需要滿足數十個條件,實際操作起來非常困難。 正如先前所討論過的,安全性往往以便利性為代價。 以下是我們的一些建議:
1. ==行動應該要有特定的目的:== 思考如何用最少的行動達成您的目標。
2. ==消除人為失誤的風險:== 人總會失敗、感到疲倦,或者忘記事情。 為了維持安全性,請避免依賴大腦記憶的手動流程和條件。
-3. ==根據你的需求選擇合適的保護級別:== 我們經常看到針對執法或傳票的防範建議。 這些通常需要專業知識,並且不符合一般人的需求。 如果因為一個簡單的疏忽而輕易被去匿名化,那麼建立複雜的匿名威脅模型就毫無意義。
+3. ==根據你的需求選擇合適的保護級別:== 我們經常看到針對執法或傳票的防範建議。 這些通常需要專業知識,並且不符合一般人的需求。 There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
那麼,這會是什麼樣子呢?
@@ -94,4 +94,4 @@ schema:
使用 Tor 可以幫助解決這個問題。 值得注意的是,避免使用即時通訊可以實現更高的匿名性: 即時通訊很可能會暴露打字習慣 (例如,超過一段文字的內容,分散在論壇、電子郵件等平台上。)
-[^1]: 2024 年 3 月,發生了一起引人注目的供應鏈攻擊,一名惡意維護者在流行的壓縮庫 `xz` 中加入了一個經混淆處理的後門。 此後門 ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) 企圖讓未知方透過 SSH 遠端存取大多數 Linux 伺服器,但在廣泛部署之前就被發現了。
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. 此後門 ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) 企圖讓未知方透過 SSH 遠端存取大多數 Linux 伺服器,但在廣泛部署之前就被發現了。
diff --git a/i18n/zh-Hant/basics/common-threats.md b/i18n/zh-Hant/basics/common-threats.md
index 0827314b..561c3d7b 100644
--- a/i18n/zh-Hant/basics/common-threats.md
+++ b/i18n/zh-Hant/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: 'material/eye-outline'
description: 您的威脅模型雖說是個人的事,但它也是本站許多訪客關心的課題。
---
-廣義來講,我們將建議歸類為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 您可能會在意各種可能性的組合,而選用的工具和服務則取決於您的目標何在。 您也可能有超出這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。
+廣義來講,我們將建議歸類為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 您可能會在意各種可能性的組合,而選用的工具和服務則取決於您的目標何在。 You may have specific threats outside these categories as well, which is perfectly fine! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。
:material-incognito: **匿名**
:
@@ -19,7 +19,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
:material-package-variant-closed-remove: **供應鏈攻擊**
:
-通常是
:material-target-account: 針對性攻擊的 一種形式,其重點在於直接或透過第三方的依賴,在原本良好的軟體中導入弱點或漏洞。
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **被動攻擊**
:
@@ -44,7 +44,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
:material-account-search: **公開曝光**
:
-限制搜尋引擎或一般大眾在線上可取得的關於您的資訊。
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **審查**
:
@@ -76,7 +76,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
行動作業系統通常具有比桌面作業系統具備更好的應用程式沙盒:應用程式沒有根存取權限,且需要存取系統資源的權限。
-桌面操作系統通常在適當的沙盒化上落後。 ChromeOS 具備與 Android 相似的沙盒功能, macOS 具有完整的系統權限控制(開發人員可以選擇為應用程式加入沙盒)。 然而,這些作業系統確實會將識別資料傳回給各自的OEMs。 Linux 傾向於不對系統供應商提交資料,但它在漏洞和惡意應用程式的保護很差。 這可以通過專門的發行版來緩解,這些發行版大量使用虛擬器或容器,例如 [Qubes OS](../desktop.md#qubes-os)。
+桌面操作系統通常在適當的沙盒化上落後。 ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). 然而,這些作業系統確實會將識別資料傳回給各自的OEMs。 Linux 傾向於不對系統供應商提交資料,但它在漏洞和惡意應用程式的保護很差。 這可以通過專門的發行版來緩解,這些發行版大量使用虛擬器或容器,例如 [Qubes OS](../desktop.md#qubes-os)。
@@ -143,7 +143,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
-即便使用 E2EE ,服務商仍然可以對**元數據**進行分析,這通常不受保護。 雖然服務提供商無法讀取您的訊息,但他們仍然可以觀察重要的事情,例如您正在與誰交談、傳送訊息的頻率以及使用活躍時段。 元數據的保護不多,如果它在您的 [威脅模型](threat-modeling.md) 中,就應該密切注意使用軟體的技術說明,看看元數據是否最小化或任何保護。
+即便使用 E2EE ,服務商仍然可以對**元數據**進行分析,這通常不受保護。 While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. 元數據的保護不多,如果它在您的 [威脅模型](threat-modeling.md) 中,就應該密切注意使用軟體的技術說明,看看元數據是否最小化或任何保護。
## 大規模監控計劃
@@ -156,7 +156,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
如想進一步了解監控方法及其在您的城市的實施方式,也可以查看[電子前鋒基金會 EFF](https://eff.org/)的[監控地圖集](https://atlasofsurveillance.org/)。
-若在法國,可以看看非營利組織 La Quadrature du Net 維護的 [Technolopolice 網站](https://technopolice.fr/villes/)。
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
對於許多人來說,私人公司的追蹤和監視是一個越來越令人擔憂的問題。 無處不在的廣告網路,例如 Google 和 Facebook 營運的廣告網路,跨越網路遠超過他們直接控制的網站,沿途跟蹤您的行為。 使用內容攔截工具來限制對伺服器的請求、閱讀了解所用服務的隱私政策,都有助於避開許多基本對手 (雖然這不能完全防止跟蹤)。[^4]
-此外,即使是 *AdTech* 或追蹤產業以外的公司,也可以與 [資料掮客](https://en.wikipedia.org/wiki/Information_broker) (如劍橋分析 Cambridge Analytica、益博睿 Experian 或 Datalogix )或其他方共享您的資料。 您不能僅因為您使用的服務不屬於典型的 AdTech 或追蹤產業商業模式,而自行假設您的資料是安全的。 對抗企業資料收集最好的保護是盡可能加密或混淆您的數據,讓不同的供應商難以將資料相互關聯去建立您的個人檔案。
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. 您不能僅因為您使用的服務不屬於典型的 AdTech 或追蹤產業商業模式,而自行假設您的資料是安全的。 對抗企業資料收集最好的保護是盡可能加密或混淆您的數據,讓不同的供應商難以將資料相互關聯去建立您的個人檔案。
## 限制公共資訊
diff --git a/i18n/zh-Hant/basics/email-security.md b/i18n/zh-Hant/basics/email-security.md
index 5596cea4..3835572c 100644
--- a/i18n/zh-Hant/basics/email-security.md
+++ b/i18n/zh-Hant/basics/email-security.md
@@ -29,13 +29,13 @@ description: 從許多方面來看電子郵件本質上是不安全的,這也
### 哪些郵件客戶端支援 E2EE?
-電子郵件服務供應商讓您能使用標準訪問協議如 IMAP 與SMTP,以便應用[我們推薦的電子郵件客戶端軟體](../email-clients.md)。 根據驗證方法的不同,如果提供者或電子郵件用戶端不支援OAT或橋接應用程式,這可能會導致安全性降低,因為 [多因素驗證](multi-factor-authentication.md) 在純密碼驗證中是不可能的。
+電子郵件服務供應商讓您能使用標準訪問協議如 IMAP 與SMTP,以便應用[我們推薦的電子郵件客戶端軟體](../email-clients.md)。 Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### 我該如何保護自己的私鑰?
-智慧卡(例如 [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) 或 [Nitrokey](../security-keys.md#nitrokey) )的工作原理是透過執行 電子郵件/網頁郵件 客戶端的裝置(手機、平板電腦、電腦等)接收加密的電子郵件訊息。 智慧卡會解密該訊息再把解開的內容傳到設備。
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-在智慧卡上進行解密的優點是可避免將私鑰暴露在某個遭破壞的裝置。
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## 電子郵件元資料概覽
@@ -49,4 +49,4 @@ description: 從許多方面來看電子郵件本質上是不安全的,這也
### 爲什麼元數據不能是E2EE ?
-電子郵件元數據對於電子郵件最基本的功能(它來自何處,以及它必須去向何處)至關重要。 E2EE 最初並未內建於電子郵件協議中,而是需要像 OpenPGP 這樣的附加軟體。 由於 OpenPGP 訊息仍必須與傳統的電子郵件供應商合作,因此它無法加密電子郵件元數據,只能加密訊息正文本身。 這意味著即使在使用 OpenPGP 時,外部觀察者也可以看到關於您的消息的大量信息,例如您正在發送電子郵件的人,主題行,當您發送電子郵件時等。
+電子郵件元數據對於電子郵件最基本的功能(它來自何處,以及它必須去向何處)至關重要。 E2EE 最初並未內建於電子郵件協議中,而是需要像 OpenPGP 這樣的附加軟體。 由於 OpenPGP 訊息仍必須與傳統的電子郵件供應商合作,因此它無法加密電子郵件元數據,只能加密訊息正文本身。 That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/zh-Hant/basics/hardware.md b/i18n/zh-Hant/basics/hardware.md
index 42dddd13..e65074ea 100644
--- a/i18n/zh-Hant/basics/hardware.md
+++ b/i18n/zh-Hant/basics/hardware.md
@@ -55,7 +55,7 @@ description: 隱私保護不能僅聚焦於軟體方面;了解您每天使用
警告
-有些裝置沒有適當的硬體來進行安全的臉部驗證。 臉部辨識有兩種主要類型:2D 和 3D。 3D 類型的臉部辨識利用點陣投影器,讓裝置為您的臉部建立 3D 深度圖。 請確定您的裝置具有此功能。
+有些裝置沒有適當的硬體來進行安全的臉部驗證。 There are two main types of face authentication: 2D and 3D. 3D 類型的臉部辨識利用點陣投影器,讓裝置為您的臉部建立 3D 深度圖。 請確定您的裝置具有此功能。
@@ -102,7 +102,7 @@ Android 為生物辨識定義了三種 [安全等級](https://source.android.com
有些筆記型電腦能夠[偵測](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb)您是否在場,並在您沒有坐在螢幕前時自動鎖定。 您應該檢查作業系統的設定,看看您的電腦是否支援此功能。
-您也可以購買纜線,例如 [Buskill](https://buskill.in),當纜線中斷時,它會鎖定或抹除您的電腦。
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### 反阻絕/邪惡女傭攻擊
diff --git a/i18n/zh-Hant/basics/multi-factor-authentication.md b/i18n/zh-Hant/basics/multi-factor-authentication.md
index 8d1797bb..206ee1f3 100644
--- a/i18n/zh-Hant/basics/multi-factor-authentication.md
+++ b/i18n/zh-Hant/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "多因素驗證"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: 多因素驗證是保護您線上帳戶的關鍵安全機制,但有些方法比其他方法更強大。
---
-**多因素驗證**(**MFA**)是一種安全機制,除了輸入使用者名稱(或電子郵件)和密碼之外,還需要其他步驟。 最常見的方法是您會從簡訊或應用程式收到的有時間限制的代碼。
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. 最常見的方法是您會從簡訊或應用程式收到的有時間限制的代碼。
通常情況下,如果駭客(或任何想要盜取您帳號的人)能夠找出您的密碼,那麼他們將獲得密碼屬於的帳戶的存取權。 MFA 的帳戶迫使駭客同時擁有密碼(您 *知道*的東西)和您擁有的設備(您 *擁有*的東西),例如您的手機。
@@ -26,7 +26,7 @@ description: 多因素驗證是保護您線上帳戶的關鍵安全機制,但
### 暫時性的一次性密碼 (TOTP)
-TOTP 是最常見的 MFA 形式之一。 當您設定TOTP時,您通常需要掃描 [QR Code](https://en.wikipedia.org/wiki/QR_code) ,該掃描與您打算使用的服務建立“[共享祕密](https://en.wikipedia.org/wiki/Shared_secret)”。 共用祕密在驗證器應用程式的數據中受到保護,有時會受到密碼的保護。
+TOTP 是最常見的 MFA 形式之一。 當您設定TOTP時,您通常需要掃描 [QR Code](https://en.wikipedia.org/wiki/QR_code) ,該掃描與您打算使用的服務建立“[共享祕密](https://en.wikipedia.org/wiki/Shared_secret)”。 The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
然後,時間限制代碼從共享機密和當前時間衍生出來。 由於代碼僅在短時間內有效,無法訪問共享機密,因此對手無法生成新代碼。
@@ -82,7 +82,7 @@ WebAuthn是最安全、最私密的第二要素驗證形式。 雖然驗證體
與任何 MFA 方法相比,FIDO2 和 WebAuthn 具有更優異的安全性和隱私屬性。
-對於 Web 服務,它通常與 WebAuthn 一起使用,WebAuthn 是[W3C 建議](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))的一部分。 它使用公鑰驗證,並且比在 Yubico OTP 和 TOTP 使用的共享機密更安全,因為它在驗證期間包括原始名稱(通常是域名)。 提供證明以保護您免受網路釣魚攻擊,以幫助您確定使用真實服務而不是假網站服務。
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). 它使用公鑰驗證,並且比在 Yubico OTP 和 TOTP 使用的共享機密更安全,因為它在驗證期間包括原始名稱(通常是域名)。 提供證明以保護您免受網路釣魚攻擊,以幫助您確定使用真實服務而不是假網站服務。
與 Yubico OTP不同,WebAuthn不使用任何公共ID ,因此金鑰 **無法** 被不同網站識別。 它也不使用任何第三方雲端伺服器進行驗證。 所有通訊都已在金鑰和所登入的網站之間完成。 FIDO 還使用計數器,該計數器在使用時會增加,以防止期間重用和複製金鑰。
@@ -116,15 +116,15 @@ WebAuthn是最安全、最私密的第二要素驗證形式。 雖然驗證體
## 更多設定MFA的地方
-除了保護您的網站登錄外,多因素身份驗證還可用於保護您的本機裝置的登錄、 SSH 金鑰甚至密碼資料庫。
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### macOS
-macOS 具有 [原生支援](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 用於使用智慧卡(PIV)進行驗證。 如果您有支援 PIV 介面的智慧卡或實體安全金鑰(例如 YubiKey) ,建議您遵循智慧卡/實體安全供應商的文件,為您的macOS 電腦設定第二要素驗證。
+macOS 具有 [原生支援](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 用於使用智慧卡(PIV)進行驗證。 If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico 指南 [在macOS](https://support.yubico.com/hc/articles/360016649059) 中使用 YubiKey 作為智慧卡,可幫助您在 macOS 設定 YubiKey。
-設定智慧卡/安全金鑰後,我們建議您在終端機中執行此命令:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA 也可以使用 TOTP 設定。 DigitalOcean 提供了[如何在Ubuntu 20
### KeePass (和KeePassXC )
-KeePass 和 KeePassXC 資料庫可以使用 Challenge-Response 或 HOTP 作為第二要素驗證進行密碼保護。 Yubico 提供 [透過 KeePass 使用 YubiKey](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass)說明文件, 它和< a href="https://keepassxc.org/docs/#faq-yubikey-2fa">KeePassXC 網站的一樣。
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico 提供 [透過 KeePass 使用 YubiKey](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass)說明文件, 它和< a href="https://keepassxc.org/docs/#faq-yubikey-2fa">KeePassXC 網站的一樣。
diff --git a/i18n/zh-Hant/basics/passwords-overview.md b/i18n/zh-Hant/basics/passwords-overview.md
index 26bbed1d..bb36396c 100644
--- a/i18n/zh-Hant/basics/passwords-overview.md
+++ b/i18n/zh-Hant/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: 以下是關於如何建立最強密碼並確保帳戶安全的一
應避免經常更改必須記住的密碼(例如密碼管理器的主密碼) ,除非有理由相信它已被破壞,否則頻繁更改它往往會使您面臨忘記密碼的風險。
-對於無需記住的密碼(例如儲存在密碼管理器中的密碼)時,如果您的 [威脅模型](threat-modeling.md) 需要它,建議每隔幾個月查看一次重要帳戶(特別是沒使用多因素身份驗證的帳戶)並更改其密碼,以防它們在尚未公開的資料洩露中遭到破壞。 大多數密碼管理器可為密碼設定到期日期,以便更容易管理。
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. 大多數密碼管理器可為密碼設定到期日期,以便更容易管理。
檢查資料洩露
@@ -54,13 +54,13 @@ Diceware 是一種創建密碼短語的方法,這些密短口令易於記憶
Note "備註"
-這裏的說明假設您正使用 [EFF的大型單詞清單](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) 來生成密語,每個單詞需要骰子滾動五次。 其他單詞列表的單詞其骰子滾動次數不一,且可能需要不同單詞數量來達成相同的熵。
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. 將1~6 骰子滾動五次,記下每次出現的數字。
-2. 例如,假設您滾動了 `2-5-2-6-6`。 瀏覽 [EFF 大型單字清單](https://eff.org/files/2016/07/18/eff_large_wordlist.txt),找出與 `25266` 對應的單字。
+2. 例如,假設您滾動了 `2-5-2-6-6`。 Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. 你會得到單詞 `encrypt`。 把這個詞寫下來。
@@ -75,25 +75,25 @@ Diceware 是一種創建密碼短語的方法,這些密短口令易於記憶
如果您手邊沒有或不想使用真正的骰子,可利用密碼管理器內建密碼生成器,因為大多數密碼生成器除了普通密碼之外還可以選擇生成 diceware 口令密語。
-建議使用 [EFF 的大型單詞清單](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) 來生成 diceware 口令密語,因為它提供與原始列表完全相同的安全性,同時更容易記憶的單詞。 如果不想要使用英文密語,也有 [其他語言的單詞清單](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline)。
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
diceware 口令密語的熵和強度的說明
-為了證明 diceware 密語的強度,我們將使用前面提到的七個單詞密語(`viewable fastness reluctant squishy seventeen shown pencil`)和 [EFF 的大型單詞列表](https://eff.org/files/2016/07/18/eff_large_wordlist.txt)作例子。
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
判斷 diceware 口令密語強度的衡量標準是確定它有多少熵。 Diceware 密碼短語中每個單字的熵計算如下 密碼短語的整體熵計算如下:
因此,上述列表中的每個單字都會產生約 12.9 位元的熵(),從它衍生出的七字密碼有約 90.47 位元的熵().
-[EFF 的大型單字清單](https://eff.org/files/2016/07/18/eff_large_wordlist.txt)包含 7776 個獨特單字。 要計算可能的密碼短語的數量,要做的就是 ,或者在我們的例子中, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. 要計算可能的密碼短語的數量,要做的就是 ,或者在我們的例子中, .
-讓我們從這個角度來看:使用 \[EFF 的大型單詞列表\](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) 的七個單詞的口令密短大約有1,719,070,799,748,422,500,000,000 種組合。
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
平均而言,至少要嘗試所有可能組合的一半來猜測您的密語。 考慮到這一點,即使對手每秒能夠猜測~ 1,000,000,000,000 次,他們仍然需要~ 27,255,689 年來猜出您的密語。 即使以下情況屬實,也是如此:
- 對手知道您使用 diceware 方法。
-- 對手知道您所使用的具體單詞清單。
+- Your adversary knows the specific word list that you used.
- 對手知道您的密語包含多少個單詞。
@@ -113,7 +113,7 @@ Diceware 是一種創建密碼短語的方法,這些密短口令易於記憶
Warning "不要將密碼和 TOTP 令牌放在同一個密碼管理器中
-當使用 TOTP 代碼作為 [多因素驗證](multi-factor-authentication.md#time-based-one-time-password-totp) 時,最好的安全措施是將 TOTP 代碼保存在 [分開的應用程式](../multi-factor-authentication.md) 中。
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
將您的 TOTP 令牌儲存在與密碼相同的位置,雖然方便,但假若對手可以存取密碼管理器,則帳戶安全驗證則減少為單一因素。
diff --git a/i18n/zh-Hant/basics/threat-modeling.md b/i18n/zh-Hant/basics/threat-modeling.md
index 82b2f132..76a82d80 100644
--- a/i18n/zh-Hant/basics/threat-modeling.md
+++ b/i18n/zh-Hant/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: 安全性、隱私權和可用性之間取得平衡是隱私權之
要回答這個問題,重要的是要找出誰可能會針對您或您的資訊。 對您的資產構成威脅的個人或實體即是“敵人”。潛在對手可能為:您的老闆、前任情人、商業競爭對手、政府或公共網路上的駭客。
-*列出對手或那些可能想要獲取您的資產的敵人。 您的名單可能包括個人、政府機構或公司。*
+*Make a list of your adversaries or those who might want to get hold of your assets. 您的名單可能包括個人、政府機構或公司。*
視敵對方的情況,這份清單也許要在完成自身的威脅模型建構後予以銷毀。
diff --git a/i18n/zh-Hant/browser-extensions.md b/i18n/zh-Hant/browser-extensions.md
index a815dfe6..bb88bdd3 100644
--- a/i18n/zh-Hant/browser-extensions.md
+++ b/i18n/zh-Hant/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite 僅在擴充功能從瀏覽器的附加元件市場更新時
### AdGuard
-我們建議 iOS 使用者使用 [Safari](mobile-browsers.md#safari-ios) ,遺憾的是 uBlock Origin 並不支援它。 幸好還有 Adguard 作為足夠的替代:
+我們建議 iOS 使用者使用 [Safari](mobile-browsers.md#safari-ios) ,遺憾的是 uBlock Origin 並不支援它。 Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/zh-Hant/calendar.md b/i18n/zh-Hant/calendar.md
index ce892be5..eebb178b 100644
--- a/i18n/zh-Hant/calendar.md
+++ b/i18n/zh-Hant/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tutanota** 在其支援的平臺上提供免費和加密的日曆。 功能包括:所有資料自動 E2EE、共享、匯入/匯出、多因素驗證[等等](https://tuta.com/calendar-app-comparison/)。
+**Tutanota** 在其支援的平臺上提供免費和加密的日曆。 Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
多個行事曆和擴展共享功能僅限於付費訂閱者。
diff --git a/i18n/zh-Hant/cloud.md b/i18n/zh-Hant/cloud.md
index df8b7bc4..6d49140f 100644
--- a/i18n/zh-Hant/cloud.md
+++ b/i18n/zh-Hant/cloud.md
@@ -28,7 +28,7 @@ Nextcloud [仍是](document-collaboration.md#nextcloud) 自我託管檔案管理
{ align=right }
-**Proton Drive** 是一個加密雲端儲存提供商,由經營廣受歡迎的加密電子郵件 [Proton Mail](email.md#proton-mail) 的提供商推出。 The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** 是一個加密雲端儲存提供商,由經營廣受歡迎的加密電子郵件 [Proton Mail](email.md#proton-mail) 的提供商推出。 The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: 首頁](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="隱私權政策" }
@@ -119,7 +119,7 @@ Peergos 主要是網頁應用程式,但您可以自行託管伺服器,將其
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-Android 應用程式尚未推出,但已在 [開發中](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25) 。 目前的解決方法是改用移動平台 [PWA](https://peergos.net)。
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). 目前的解決方法是改用移動平台 [PWA](https://peergos.net)。
## 標準
@@ -129,7 +129,7 @@ Android 應用程式尚未推出,但已在 [開發中](https://discuss.privacy
- 必須執行端對端加密。
- 必須提供免費計劃或試用期以進行測試。
-- 必須支援 TOTP 或 FIDO2 多因素驗證,或 Passkey 登入。
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 必須提供支援基本檔案管理功能的網頁介面。
- 允許輕鬆匯出所有檔案/文件。
diff --git a/i18n/zh-Hant/cryptocurrency.md b/i18n/zh-Hant/cryptocurrency.md
index ee851b71..2be571cf 100644
--- a/i18n/zh-Hant/cryptocurrency.md
+++ b/i18n/zh-Hant/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## 標準
diff --git a/i18n/zh-Hant/data-broker-removals.md b/i18n/zh-Hant/data-broker-removals.md
index af106ffb..5598131e 100644
--- a/i18n/zh-Hant/data-broker-removals.md
+++ b/i18n/zh-Hant/data-broker-removals.md
@@ -56,11 +56,11 @@ cover: data-broker-removals.webp
在您第一次向所有資料仲介商送出退出請求後,最好等待一到兩個星期,讓他們下轄的所有網站都收到您的請求。 然後,您就可以開始搜尋並退出您找到的任何剩餘網站。 使用像 [Google 的 _與你相關的結果_](#google-results-about-you-free) 這樣的網路爬蟲工具來協助尋找網際網路上殘留的任何資料,可能是個好主意。
-除此之外,隱私權記者 Yael Grauer 編製了一個極佳的資料仲介網站清單,並附有直接連結至其搜尋工具和拒絕服務網頁的連結。 您可以花一些時間瀏覽每個網站,確定它們是否有您的資訊,然後將其移除:
+除此之外,隱私權記者 Yael Grauer 編製了一個極佳的資料仲介網站清單,並附有直接連結至其搜尋工具和拒絕服務網頁的連結。 You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-如果您沒有使用自動掃描器來尋找關於您的結果,請考慮設定提醒,每 3、6 或 12 個月重新執行此程序,視您的風險等級和您在外的個人資料數量而定。 不幸的是,即使您選擇退出,您的資料仍會隨著時間重新出現,或顯示在全新的人肉搜尋網站上。
+如果您沒有使用自動掃描器來尋找關於您的結果,請考慮設定提醒,每 3、6 或 12 個月重新執行此程序,視您的風險等級和您在外的個人資料數量而定。 Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts 需付費
@@ -125,7 +125,7 @@ EasyOptOuts 並不涵蓋下列我們認為「高度優先」的網站,因此
我們對移除服務的挑選主要是基於第三方的獨立專業測試(如上文所述)、我們自己的內部測試,以及我們社群的彙總評論。
-- 不得是其他供應商的白標服務或經銷商。
+- Must not be a white labeled service or reseller of another provider.
- 不得隸屬於資料仲介商或在人員搜尋網站上投放廣告。
- 必須僅將您的個人資料用於使您退出您選擇的資料仲介商資料庫和人員搜尋網站。
diff --git a/i18n/zh-Hant/desktop-browsers.md b/i18n/zh-Hant/desktop-browsers.md
index 87f5cb3a..f74ce0f8 100644
--- a/i18n/zh-Hant/desktop-browsers.md
+++ b/i18n/zh-Hant/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad 瀏覽器預設總是使用隱私瀏覽模式運行,這意味著您的
### Mullvad Leta
-Mullvad 瀏覽器將 DuckDuckGo 設為預設的[搜尋引擎](search-engines.md),但它也預裝了 **Mullvad Leta**,一個需要訂閱 Mullvad VPN 才能使用的搜尋引擎。 Mullvad Leta 直接查詢 Google 的付費搜索 API,這也是為什麼它僅限付費訂閱者使用。 然而,由於這個限制,Mullvad 有可能將搜尋字串和 Mullvad VPN 帳戶進行關聯。 因此,我們不建議使用 Mullvad Leta,即使 Mullvad 僅收集極少量的 VPN 訂閱者資訊。
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta 直接查詢 Google 的付費搜索 API,這也是為什麼它僅限付費訂閱者使用。 然而,由於這個限制,Mullvad 有可能將搜尋字串和 Mullvad VPN 帳戶進行關聯。 因此,我們不建議使用 Mullvad Leta,即使 Mullvad 僅收集極少量的 VPN 訂閱者資訊。
## Firefox
@@ -189,7 +189,7 @@ Firefox 在 Mozilla 網站的下載中包含一個獨特的 [下載令牌](https
> Firefox 會向 Mozilla 發送以下數據:您的 Firefox 版本和語言;操作系統和硬體配置;記憶體、關於崩潰和錯誤的基本訊息;更新、安全瀏覽和啟動等自動化流程系統的結果。 當 Firefox 向 Mozilla 發送數據時,會將您的 IP 位址作為伺服器日誌的一部份暫時收集。
-此外,Mozilla 帳戶服務也收集[一些技術資料](https://mozilla.org/privacy/mozilla-accounts)。 如果有使用 Mozilla 帳戶,您可以選擇退出。
+此外,Mozilla 帳戶服務也收集[一些技術資料](https://mozilla.org/privacy/mozilla-accounts)。 If you use a Mozilla Account you can opt out:
1. 在 [accounts.firefox.com 開啟您的個人資料設定](https://accounts.firefox.com/settings#data-collection)
2. 取消勾選 **資料收集與使用** > **幫助我們改善 Mozilla 帳號**
@@ -204,7 +204,7 @@ Firefox 128 發佈時,新增了一個[尊重隱私的成效測量](https://sup
- [x] 勾選 **在所有視窗都只使用 HTTPS 連線**
-這可以防止您無意間以明文 HTTP 連線到網站。 如今,不支援 HTTPS 的網站已不多見,因此這對您日常瀏覽的影響幾乎沒有影響。
+這可以防止您無意間以明文 HTTP 連線到網站。 Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
##### 基於 HTTPS 的 DNS 服務 (DNS over HTTPS)
@@ -297,7 +297,7 @@ Brave 允許您在內部網頁 brave://settings/shields/filters 內選擇額外
-1. 此選項會停用 JavaScript,這會破壞許多網站。 若您想要避免破壞它們,可以針對個別需要的網站設定例外。只需點一下網址列上的 Shield 圖示,然後在 *進階控制* 下取消勾選此設定即可。
+1. 此選項會停用 JavaScript,這會破壞許多網站。 To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. 如果您希望在經常造訪的特定網站保持登入狀態,可以針對個別需要的網站設定例外。只需點一下網址列上的 Shield 圖示,然後在 *進階控制* 下取消勾選此設定即可。
#### 隱私權和安全性
diff --git a/i18n/zh-Hant/desktop.md b/i18n/zh-Hant/desktop.md
index d6d4a201..deebb814 100644
--- a/i18n/zh-Hant/desktop.md
+++ b/i18n/zh-Hant/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
更新完成後,您將重新啟動系統進入新的布署。 `rpm-ostree` 會保留系統的兩個布署,以便在新布署出現問題時,可以輕鬆地回退。 此外,還可根據需要釘選更多布署。
-[Flatpak](https://flatpak.org) 是這些發行版本的主要套件安裝方式,而 `rpm-ostree` 只用在基礎映像上疊加那些無法留在容器的套件。
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
作為 Flatpaks 的替代方案,您可以選擇 [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) 來建立 [Podman](https://podman.io) 容器,模仿傳統的 Fedora 環境,對於眼光獨到的開發人員而言,這是 [非常有用的功能](https://containertoolbx.org) 。 這些容器與主機作業系統共用一個主目錄。
@@ -123,7 +123,7 @@ NixOS 是基於 Nix套件管理器的獨立發行版,專注於可重複性和
NixOS’ 套件管理器 將各個套件版本儲存在 **Nix store** 底下不同的資料夾。 因此,您可以在系統上安裝相同套件的不同版本。 套件內容寫入資料夾後,該資料夾會變成唯讀。
-NixOS 也提供原子化更新。 它會先下載(或建立)新世代系統的套件和檔案,然後再切換到新系統。 切換到新世代有不同的方式:您可以告訴 NixOS 在重新開機後啟動新世代,或是在運行時就切換到新世代。 也可以在運行時就切換到新世代系統來 *測試* ,但不將它設成當前系統。 如果更新過程中遭到打斷,可以重新啟動並自動返回到系統的工作版本。
+NixOS 也提供原子化更新。 它會先下載(或建立)新世代系統的套件和檔案,然後再切換到新系統。 There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. 也可以在運行時就切換到新世代系統來 *測試* ,但不將它設成當前系統。 如果更新過程中遭到打斷,可以重新啟動並自動返回到系統的工作版本。
Nix 套件管理員使用純函數式程式設計語言(稱為 Nix )來定義套件。
diff --git a/i18n/zh-Hant/device-integrity.md b/i18n/zh-Hant/device-integrity.md
index 9620c4c2..931fafaa 100644
--- a/i18n/zh-Hant/device-integrity.md
+++ b/i18n/zh-Hant/device-integrity.md
@@ -28,7 +28,7 @@ robots: nofollow, max-snippet:-1, max-image-preview:large
如果以下任何工具表明可能有 Pegasus、Predator 或 KingsPawn 等間諜軟體危害,建議聯絡:
- 人權捍衛者、記者或來自民間團體:[國際特赦組織安全實驗室](https://securitylab.amnesty.org/contact-us)
-- 企業或政府裝置:您所屬企業、部門或機構的相關資安人員
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- 本地執法單位
**除此之外,我們無法直接為您提供幫助。** 我們很樂意在我們的[社區](https://discuss.privacyguides.net)空間中討論您的具體情況或情況並檢查結果,但不太可能提供本頁所述之外的協助。
@@ -130,7 +130,7 @@ MVT 對掃描 iOS 裝置「最」有用。 Android 儲存的診斷資訊非常
-iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification-toolkit) 掃描裝置,尋找由各種威脅研究人員發布的可公開存取的入侵指標。 適用於 MVT 的所有資訊和警告也適用於此工具,因此建議熟悉上述部分中有關 MVT 的說明。
+iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification-toolkit) 掃描裝置,尋找由各種威脅研究人員發布的可公開存取的入侵指標。 All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## 裝置驗證
diff --git a/i18n/zh-Hant/dns.md b/i18n/zh-Hant/dns.md
index 24df86ab..b1fbc25a 100644
--- a/i18n/zh-Hant/dns.md
+++ b/i18n/zh-Hant/dns.md
@@ -75,7 +75,7 @@ AdGuard Home 提供精美的網頁介面,可查看有用資訊並管理被封
## 雲端 DNS 過濾器
-這些 DNS 過濾解決方案提供 網頁儀表板,可以在其中根據特定需求自訂封鎖列表,類似於 Pi-hole。 這些服務通常比上述自託管服務更容易設定和配置,並且可以更輕鬆地跨多個網路使用(自託管解決方案通常僅限於家用/區域網路,除非您進行更進階的設定)。
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. 這些服務通常比上述自託管服務更容易設定和配置,並且可以更輕鬆地跨多個網路使用(自託管解決方案通常僅限於家用/區域網路,除非您進行更進階的設定)。
### Control D
@@ -164,7 +164,7 @@ NextDNS 也在 `https://dns.nextdns.io` 提供公共DNS-over-HTTPS 服務,並
-雖然 RethinkDNS 會佔用 Android 的 VPN 插槽,但您仍可在應用程式中使用 VPN 或 Orbot,方法是 [自行新增 Wireguard 設定](https://docs.rethinkdns.com/proxy/wireguard) 或 [手動將 Orbot 設定為 Proxy 伺服器](https://docs.rethinkdns.com/firewall/orbot)。
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/zh-Hant/document-collaboration.md b/i18n/zh-Hant/document-collaboration.md
index 4fa859dd..b8dc96b0 100644
--- a/i18n/zh-Hant/document-collaboration.md
+++ b/i18n/zh-Hant/document-collaboration.md
@@ -86,4 +86,4 @@ cover: document-collaboration.webp
最佳情況標準代表我們希望在這個類別的完美項目的應具備的特性。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應將檔案儲存在傳統檔案系統中。
-- 應支援 TOTP 或 FIDO2 多因素驗證支援,或是能使用 通行金鑰 登入。
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/zh-Hant/email-aliasing.md b/i18n/zh-Hant/email-aliasing.md
index 9d102a6b..f8fba106 100644
--- a/i18n/zh-Hant/email-aliasing.md
+++ b/i18n/zh-Hant/email-aliasing.md
@@ -80,7 +80,7 @@ cover: email-aliasing.webp
-{ align=right }
+{ align=right }
**SimpleLogin** 是免費服務,可在各種共享域名上提供電子郵件別名,並可選擇提供無限別名和自訂域名等付費功能。
diff --git a/i18n/zh-Hant/email.md b/i18n/zh-Hant/email.md
index f6c2f038..f34b8262 100644
--- a/i18n/zh-Hant/email.md
+++ b/i18n/zh-Hant/email.md
@@ -58,7 +58,7 @@ OpenPGP 也不支持前向保密,這意味著如果你或收件人的私鑰被
{ align=right }
-**Proton Mail** 是一個專注於隱私、加密、安全性和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG 總部位於瑞士日內瓦。 Proton Mail Free 方案隨附 500MB 的郵件儲存空間,可以免費增加至 1GB。
+**Proton Mail** 是一個專注於隱私、加密、安全性和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: 首頁](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="洋蔥服務" }
@@ -97,7 +97,7 @@ Proton Mail 除了[支援](https://proton.me/support/payment-options)郵寄現
#### :material-check:{ .pg-green } 帳號安全
-Proton Mail 支援使用 TOTP [兩步驟驗證](https://proton.me/support/two-factor-authentication-2fa) 和採用 FIDO2 或 U2F 標準的 [硬體安全金鑰](https://proton.me/support/2fa-security-key)。 使用實體安全金鑰需要先設定 TOTP 兩步驟驗證。
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } 資料安全
@@ -117,7 +117,7 @@ Proton Mail 也透過 HTTP 從其 WKD 發布 Proton 帳戶的公鑰。 這可讓
#### :material-information-outline:{ .pg-blue } 額外功能
-Proton Mail [無限制](https://proton.me/support/proton-plans#proton-unlimited) 方案除了提供多個自定網域、無限制隱藏之外,還允許訪問其他 Proton 服務。
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail 不提供數字遺產功能。
@@ -127,7 +127,7 @@ Proton Mail 不提供數字遺產功能。
{ align=right }
-**Mailbox.org** 電子郵件服務,專注於安全、無廣告和使用 100% 民間環保發電能源。 自 **2014 年** 開始運營。 Mailbox.org 總部位於德國柏林。 初級帳戶有 2GB 儲存空間,可以根據需要升級。
+**Mailbox.org** 電子郵件服務,專注於安全、無廣告和使用 100% 民間環保發電能源。 自 **2014 年** 開始運營。 Mailbox.org 總部位於德國柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: 首頁](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="隱私權政策" }
@@ -148,11 +148,11 @@ Mailbox.org 可使用自定域名,且支援 [catch-all](https://kb.mailbox.org
#### :material-check:{ .pg-green } 私人付款方式
-Mailbox.org 不接受任何加密貨幣,因為他們的支付處理商 BitPay 暫停了德國業務。 不過他們可以收郵寄現金、銀行帳戶現金支付、銀行轉帳、信用卡、 PayPal以及幾個德國特定處理商: paydirekt 和 Sofortüberweisung。
+Mailbox.org 不接受任何加密貨幣,因為他們的支付處理商 BitPay 暫停了德國業務。 However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } 帳號安全
-Mailbox.org [雙重認證](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa)功能僅限網頁郵件。 您可以使用 TOTP 或通過 [YubiKey](https://en.wikipedia.org/wiki/YubiKey) 來使用 [YubiCloud](https://yubico.com/products/services-software/yubicloud) 進行雙重認證. Web 標準如 [WebAuthn ](https://en.wikipedia.org/wiki/WebAuthn) 尚不支援。
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. 您可以使用 TOTP 或通過 [YubiKey](https://en.wikipedia.org/wiki/YubiKey) 來使用 [YubiCloud](https://yubico.com/products/services-software/yubicloud) 進行雙重認證. Web 標準如 [WebAuthn ](https://en.wikipedia.org/wiki/WebAuthn) 尚不支援。
#### :material-information-outline:{ .pg-blue } 資料安全
@@ -172,7 +172,7 @@ Mailbox.org 還支援通過 HTTP 的 [Web金鑰目錄( WKD )](https://wiki.g
#### :material-information-outline:{ .pg-blue } 額外功能
-可利用他們的[洋蔥服務](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org)與 IMAP/SMTP 協議來訪問 Mailbox.org 帳戶。 然而,他們的網頁郵件介面無法訪問其 .onion 服務,可能會遇到 TLS 憑證錯誤。
+可利用他們的[洋蔥服務](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org)與 IMAP/SMTP 協議來訪問 Mailbox.org 帳戶。 However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
所有帳號都附帶有限的[可以加密](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive)雲端儲存空間 。 Mailbox.org 還提供別名 [@ secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely),它對郵件伺服器之間的連線強制進行TLS加密,否則根本不會發送訊息。 Mailbox.org 除了支援 IMAP 和 POP3 等標準存取通訊協議外,還支援 [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) 。
@@ -195,7 +195,7 @@ Mailbox.org 所有方案都提供了數位遺產功能。 你可以選擇是否
{ align=right }
{ align=right }
-**Tuta** (前身為 *Tutanota*) 是一項透過使用加密技術,著重於安全性與隱私權的電子郵件服務。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 免費帳戶提供 10GB 容量。
+**Tuta** (前身為 *Tutanota*) 是一項透過使用加密技術,著重於安全性與隱私權的電子郵件服務。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 Free accounts start with 1 GB of storage.
[:octicons-home-16: 首頁](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="隱私權政策" }
@@ -226,11 +226,11 @@ Tuta 不支援 [ IMAP 協議](https://tuta.com/support#imap) 或使用第三方
#### :material-information-outline:{ .pg-blue } 私密付款方式
-Tuta 僅接受信用卡和 PayPal ,但 [加密貨幣](cryptocurrency.md) 可用於通過其[ 合作伙伴 Proxystore ](https://tuta.com/support/#cryptocurrency) 購買禮品卡。
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } 帳號安全
-Tuta 支援 TOTP 或 U2F 的 [雙因素驗證](https://tuta.com/support#2fa) 。
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } 資料安全
@@ -297,7 +297,7 @@ Tuta 不提供數位遺產功能。
**最低合格要求:**
- 使用零存取加密技術全程加密電子郵件帳戶資料。
-- 以 [Mbox](https://en.wikipedia.org/wiki/Mbox) 或符合 [RFC5322](https://datatracker.ietf.org/doc/rfc5322) 標準的個別 .eml 匯出功能。
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- 允許使用者使用自己的[網域名稱](https://en.wikipedia.org/wiki/Domain_name)。 自定網域名稱對用戶來說很重要,因為它允許用戶在使用服務時仍維持持自我代理,以防服務變差或被另一家不優先考慮隱私的公司收購。
- 在自有基礎設施上運作,即不建立在第三方電子郵件服務提供商之上。
diff --git a/i18n/zh-Hant/encryption.md b/i18n/zh-Hant/encryption.md
index 8b54b86a..7a807fbd 100644
--- a/i18n/zh-Hant/encryption.md
+++ b/i18n/zh-Hant/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt是已停產的 TrueCrypt 項目的分支。 根據其開發人員的
使用 VeraCrypt 加密時,您可以選擇不同的 [雜湊函式](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme)。 我們建議您**只**選擇 [SHA-512](https://en.wikipedia.org/wiki/SHA-512),並堅持使用 [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) 區塊加密法。
-Truecrypt 已完成[多次審計](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits),而 VeraCrypt 也曾接受 [獨立審計](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit)。
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## 作業系統加密
@@ -189,7 +189,7 @@ Windows 的專業版、企業版和教育版均[正式支援](https://support.mi
{ align=right }
-**FileVault** 是 macOS 內建的即時磁區加密方案。 FileVault 能利用 Apple 晶片 SoC 或 T2 安全晶片上的 [硬體安全功能](os/macos-overview.md#hardware-security)。
+**FileVault** 是 macOS 內建的即時磁區加密方案。 FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="說明文件" }
diff --git a/i18n/zh-Hant/file-sharing.md b/i18n/zh-Hant/file-sharing.md
index c11d5bf6..b5979584 100644
--- a/i18n/zh-Hant/file-sharing.md
+++ b/i18n/zh-Hant/file-sharing.md
@@ -13,7 +13,7 @@ cover: file-sharing.webp
## 檔案分享
-如果您已經使用 [Proton Drive](cloud.md#proton-drive)[^1] 或已訂閱 [Bitwarden](passwords.md#bitwarden) Premium[^2] ,請考慮使用它們各自提供的檔案分享功能,這兩種功能都使用端對端加密。 如果沒有,則這裡列出的獨立選項可確保您打算共享的檔案不會被遠端伺服器讀取。
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. 如果沒有,則這裡列出的獨立選項可確保您打算共享的檔案不會被遠端伺服器讀取。
### Send
diff --git a/i18n/zh-Hant/frontends.md b/i18n/zh-Hant/frontends.md
index 3c677f65..cca719db 100644
--- a/i18n/zh-Hant/frontends.md
+++ b/i18n/zh-Hant/frontends.md
@@ -251,9 +251,9 @@ Piped 需要 JavaScript 才能運行,它有許多公共伺服器。
-{ align=right }
+{ align=right }
-**NewPipe** 是自由及開放原始碼的 Android 應用程式,可用於觀看 [YouTube](https://youtube.com)、 [SoundCloud](https://soundcloud.com)、 [media.ccc.de](https://media.ccc.de)、 [Bandcamp](https://bandcamp.com)和 [PeerTube](https://joinpeertube.org) (1)。
+**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
訂閱清單和播放列表會儲存在本地的 Android 裝置上。
diff --git a/i18n/zh-Hant/index.md b/i18n/zh-Hant/index.md
index 77bfcb93..b26fd6dd 100644
--- a/i18n/zh-Hant/index.md
+++ b/i18n/zh-Hant/index.md
@@ -91,7 +91,7 @@ schema:
---
- Proton Mail 是一個注重隱私、加密、安全和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG 總部位於瑞士日內瓦。 Proton Mail 免費方案提供 500MB 的郵件儲存空間,您可以免費增加至 1GB。
+ Proton Mail 是一個注重隱私、加密、安全和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: 閱讀完整評論](email.md#proton-mail)
@@ -99,7 +99,7 @@ schema:
---
- Mailbox.org 是一個專注於安全、無廣告的電子郵件服務,並使用 100% 民間供電的環保能源。 他們自 2014 年起開始營運。 Mailbox.org 總部位於德國柏林。 帳戶一開始最多只有 2GB 儲存空間,並可視需要升級。
+ Mailbox.org 是一個專注於安全、無廣告的電子郵件服務,並使用 100% 民間供電的環保能源。 他們自 2014 年起開始營運。 Mailbox.org 總部位於德國柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: 閱讀完整評論](email.md#mailboxorg)
@@ -107,7 +107,7 @@ schema:
---
- Tuta(之前稱為 *Tutanota*) 是一項電子郵件服務,透過使用加密技術,著重於安全與隱私。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 免費帳戶的起始儲存容量為 1GB。
+ Tuta(之前稱為 *Tutanota*) 是一項電子郵件服務,透過使用加密技術,著重於安全與隱私。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: 閱讀完整評論](email.md#tuta)
@@ -172,7 +172,7 @@ schema:
## 什麼是隱私工具?
-我們建議您使用多種**隱私工具**(又稱爲 *隱私應用程式*、*隱私工具*、*隱私軟體*)橫跨軟體與硬體,您可以採用這些軟體與硬體來改善您的隱私。 我們推薦的許多工具都是完全免費使用的開放原始碼軟體,而有些則是可供購買的商業服務。 從 Google Chrome 和 Windows 等渴求資料的主流軟體,轉換為 [Brave](desktop-browsers.md#brave) 和 [Linux](desktop.md) 等注重隱私權的工具,對於控制您與公司和其他人分享的資訊有很大幫助。
+我們建議您使用多種**隱私工具**(又稱爲 *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. 我們推薦的許多工具都是完全免費使用的開放原始碼軟體,而有些則是可供購買的商業服務。 從 Google Chrome 和 Windows 等渴求資料的主流軟體,轉換為 [Brave](desktop-browsers.md#brave) 和 [Linux](desktop.md) 等注重隱私權的工具,對於控制您與公司和其他人分享的資訊有很大幫助。
[:material-check-all: 我們的通用準則](about/criteria.md){ class="md-button" }
diff --git a/i18n/zh-Hant/meta/brand.md b/i18n/zh-Hant/meta/brand.md
index da14f1ba..612dbb57 100644
--- a/i18n/zh-Hant/meta/brand.md
+++ b/i18n/zh-Hant/meta/brand.md
@@ -12,7 +12,7 @@ description: 為記者和網站供稿者提供有關正確使用 Privacy Guides
- PG.org
-Subreddit 的名字是 **r/PrivacyGuides** 或 **Privacy Guides Subreddit**。
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
其他品牌指南可在 [github.com/privacyguides/brand](https://github.com/privacyguides/brand)找到
diff --git a/i18n/zh-Hant/meta/translations.md b/i18n/zh-Hant/meta/translations.md
index 37f37808..fe683a7c 100644
--- a/i18n/zh-Hant/meta/translations.md
+++ b/i18n/zh-Hant/meta/translations.md
@@ -27,8 +27,8 @@ Crowdin 有很好的文件,我們建議您查看他們的 [入門指南](https
## 全形標點符號和 Markdown 語法
-在中日韓書寫系統中的常見標點符號,往往使用"全形"。 這些是不一樣的字符,不能用於 markdown 語法。
+在中日韓書寫系統中的常見標點符號,往往使用"全形"。 These are different characters and cannot be used for Markdown syntax.
-- 連結必須使用普通括號,即 `(` (左括號 U+0028) 和 `)` (右括號 U+0029),而不是`(` (全形左括號 U+FF08) 或 `)` (全形右括號 U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- 內縮的引用文字必須使用 `:` (冒號 U+003A),而不是 `:` (全形冒號 U+FF1A)
- 圖片必須使用 `!` (驚嘆號 U+0021),而不是 `!` (全形驚嘆號 U+FF01)
diff --git a/i18n/zh-Hant/meta/uploading-images.md b/i18n/zh-Hant/meta/uploading-images.md
index 584c6927..7498560e 100644
--- a/i18n/zh-Hant/meta/uploading-images.md
+++ b/i18n/zh-Hant/meta/uploading-images.md
@@ -48,7 +48,7 @@ optipng -o7 file.png
- [ ] 關閉 **移除 XML 宣告**
- [x] 打開 **移除元數據**
- [x] 開啟 **刪除評論**
-- [x] 打開 **嵌入式光柵映像**
+- [x] Turn on **Embedded raster images**
- [x] 打開 **啓用 viewboxing **
在 **Pretty-printing**下的 **SVG 輸出** 標籤:
diff --git a/i18n/zh-Hant/meta/writing-style.md b/i18n/zh-Hant/meta/writing-style.md
index e57c10f8..05cf86c4 100644
--- a/i18n/zh-Hant/meta/writing-style.md
+++ b/i18n/zh-Hant/meta/writing-style.md
@@ -64,7 +64,7 @@ Privacy Guides 的目標[受眾](https://plainlanguage.gov/guidelines/audience)
## 簡明扼要
-> 沒必要的文字將會浪費大家的時間。 好的寫作就像生活對話。 省略讀者不需要知道的資訊。 身為主題專家,這可能很困難,因此找人從讀者的角度來檢視資訊是很重要的。
+> 沒必要的文字將會浪費大家的時間。 好的寫作就像生活對話。 省略讀者不需要知道的資訊。 This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
來源: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/zh-Hant/mobile-browsers.md b/i18n/zh-Hant/mobile-browsers.md
index 1386780d..2fb593a9 100644
--- a/i18n/zh-Hant/mobile-browsers.md
+++ b/i18n/zh-Hant/mobile-browsers.md
@@ -247,7 +247,7 @@ Brave 的[防護 (Shields)](https://support.brave.com/hc/articles/360022973471-W
這些選項可以在 :material-menu: → :gear: **設定** → **Adblock Plus settings** 中找到。
-Cromite 包含 Adblock Plus 的自訂版本,預設啟用 EasyList,也可以在 **Filter lists** 選單中套用更多過濾列表。
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
使用額外的清單將使您從其他 Cromite 使用者中脫穎而出,並且如果瀏覽器存在漏洞,而您使用的清單之一被加入了惡意規則,也可能會增加攻擊面。
@@ -271,7 +271,7 @@ Cromite 包含 Adblock Plus 的自訂版本,預設啟用 EasyList,也可以
{ align=right }
-**Safari** 是 iOS 的預設瀏覽器。 它包括多種[隱私功能](https://support.apple.com/zh-tw/guide/iphone/iphb01fc3c85/ios),例如[智慧追蹤預防](https://webkit.org/blog/7675/intelligent-tracking-prevention)、隱私報告、受隔離且短暫的私密瀏覽標籤、指紋保護 (透過向網站呈現簡化版的系統組態,讓更多裝置看起來完全相同),以及指紋隨機化,並針對已付費訂閱 iCloud+ 的使用者提供私密轉送功能。
+**Safari** 是 iOS 的預設瀏覽器。 It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: 首頁](https://www.apple.com/tw/safari/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/tw/legal/privacy/data/zh-tw/safari/){ .card-link title="隱私權政策" }
@@ -372,7 +372,7 @@ Apple 的 Safari 隱私權政策規定:
- [x] 選擇 **私密瀏覽**
-Safari 的私密瀏覽模式提供額外的隱私保護。 私密瀏覽為每個分頁使用新的[短暫](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral)工作階段,這意味著各個分頁之間是隔離的。 隱私瀏覽還有其他較小的隱私優勢,例如在使用 Safari 的翻譯功能時,不會將網頁位址傳送給 Apple。
+Safari 的私密瀏覽模式提供額外的隱私保護。 私密瀏覽為每個分頁使用新的[短暫](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral)工作階段,這意味著各個分頁之間是隔離的。 There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
要注意的是,私密瀏覽不會保存 Cookies 和網站資料,因此無法保持登入狀態。 這可能會帶來不便。
diff --git a/i18n/zh-Hant/multi-factor-authentication.md b/i18n/zh-Hant/multi-factor-authentication.md
index fe7ee42b..3c00f5dd 100644
--- a/i18n/zh-Hant/multi-factor-authentication.md
+++ b/i18n/zh-Hant/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "多重要素驗證"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: 這些工具可協助透過多重身份驗證保護網路帳戶,而無需將您的祕密傳送給第三方。
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example "例子"
-`[SUBREDDIT]` 替換成所欲訂閱的 subreddit.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/zh-Hant/notebooks.md b/i18n/zh-Hant/notebooks.md
index 4b2b2462..e129458c 100644
--- a/i18n/zh-Hant/notebooks.md
+++ b/i18n/zh-Hant/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: 服務提供商](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-保存記錄您的筆記和日誌,不要將它們提供給第三方。
+Keep track of your notes and journals without giving them to a third party.
如果您目前使用的是 Evernote、Google Keep 或 Microsoft OneNote 等應用程式,我們建議您在這裡選擇一個支援 E2EE 的替代方案。
@@ -84,7 +84,7 @@ Standard Notes 已於 2024 年 4 月 10 日 [加入 Proton AG](https://standardn
{ align=right }
-**Joplin** 是一個自由、開放原始碼且功能齊全的筆記和待辦事項記錄應用程式,可以處理大量 Markdown 文件並組織成筆記本和標籤功能。 它提供E2EE ,可以通過Nextcloud , Dropbox等同步。 它也可以輕鬆的從 Evernote 和純文本筆記導入。
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. 它提供E2EE ,可以通過Nextcloud , Dropbox等同步。 它也可以輕鬆的從 Evernote 和純文本筆記導入。
[:octicons-home-16: 首頁](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="隱私權政策" }
@@ -133,7 +133,7 @@ Joplin 不 [支援](https://github.com/laurent22/joplin/issues/289) 應用程式
-Cryptee 免費提供100MB 的儲存空間,如果需要更多容量,則另有付費選項。 註冊不需要電子郵件或其他個人身份資訊。
+Cryptee offers 100 MB of storage for free, with paid options if you need more. 註冊不需要電子郵件或其他個人身份資訊。
## 本地端的記事簿
diff --git a/i18n/zh-Hant/os/android-overview.md b/i18n/zh-Hant/os/android-overview.md
index af35b35b..9e730e86 100644
--- a/i18n/zh-Hant/os/android-overview.md
+++ b/i18n/zh-Hant/os/android-overview.md
@@ -84,7 +84,7 @@ Android 13:
備註
-[Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/)等隱私友好型應用程式可能會顯示 [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/)等追蹤程式。 此程式庫包括 [Firebase Cloud Messaging](https://zh.wikipedia.org/wiki/Firebase_Cloud_Messaging) ,可以在應用程式中提供 [推送通知](https://zh.wikipedia.org/wiki/Push_technology)。 這是Bitwarden的 [情況](https://fosstodon.org/ @ bitwarden/109636825700482007)。 這並不意味 Bitwarden 使用 Google Firebase Analytics 提供的所有分析功能。
+[Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/)等隱私友好型應用程式可能會顯示 [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/)等追蹤程式。 此程式庫包括 [Firebase Cloud Messaging](https://zh.wikipedia.org/wiki/Firebase_Cloud_Messaging) ,可以在應用程式中提供 [推送通知](https://zh.wikipedia.org/wiki/Push_technology)。 這是Bitwarden的 [情況](https://fosstodon.org/ @ bitwarden/109636825700482007)。 That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Android 13:
與工作設定檔不同,私人空間是 Android 原生的功能,不需要第三方應用程式來管理。 因此,我們一般建議您使用私人空間而非工作設定檔,不過您也可以同時使用工作設定檔和私人空間。
-### VPN Killswitch
+### VPN kill switch
Android 7 及以上版本支援 VPN kill switch,無需安裝第三方應用程式即可使用。 此功能可以防止VPN中斷連線時的洩漏。 它可以在 :gear: **設定** → **網路 &網際網路** → **VPN** → :gear: → **區塊連接沒有 VPN**中找到。
@@ -124,7 +124,7 @@ Android 7 及以上版本支援 VPN kill switch,無需安裝第三方應用程
## Google 服務
-如果您使用的是有 Google 服務的裝置,無論是使用原生作業系統('stock' 版本)或像 GrapheneOS 這樣透過沙盒化使您能安全使用 Google Play 服務 的作業系統,您都可以做一些額外的變更來改善您的隱私。 我們仍建議完全避免 Google 服務,或結合 *Shelter* 等裝置控制器與 GrapheneOS 的 Sandboxed Google Play,將 Google Play 服務限制於特定使用者/工作設定檔。
+如果您使用的是有 Google 服務的裝置,無論是使用原生作業系統('stock' 版本)或像 GrapheneOS 這樣透過沙盒化使您能安全使用 Google Play 服務 的作業系統,您都可以做一些額外的變更來改善您的隱私。 We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### 進階保護計劃
diff --git a/i18n/zh-Hant/os/ios-overview.md b/i18n/zh-Hant/os/ios-overview.md
index 7f5ef633..c88f7713 100644
--- a/i18n/zh-Hant/os/ios-overview.md
+++ b/i18n/zh-Hant/os/ios-overview.md
@@ -125,7 +125,7 @@ Note that Bluetooth is automatically turned on after every system update.
#### Face ID/Touch ID & 密碼
-在手機上設定強密碼是確保設備物理安全的最重要步驟。 您必須權衡安全性與便利性:每次輸入較長的密碼很麻煩,但較短的密碼或 PIN 碼很容易被猜到。 設定 Face ID 或 Touch ID 以及強密碼可以在可用性和安全性之間實現良好折衷。
+在手機上設定強密碼是確保設備物理安全的最重要步驟。 You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. 設定 Face ID 或 Touch ID 以及強密碼可以在可用性和安全性之間實現良好折衷。
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. 確認建立[安全密碼](../basics/passwords-overview.md)。
@@ -133,7 +133,7 @@ Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** →
如果使用生物識別技術,應該知道如何在緊急情況下快速關閉它們。 按住側面按鈕或電源按鈕以及*任一*音量按鈕,直到看到滑動關閉滑塊為止,這將禁用生物識別功能,需要密碼才能解鎖。 設備重新啟動後還需要您的密碼。
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. 請事先嘗試此操作,以便知道哪種方法適用您的設備。
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/zh-Hant/os/linux-overview.md b/i18n/zh-Hant/os/linux-overview.md
index 3d509ec9..c27326c8 100644
--- a/i18n/zh-Hant/os/linux-overview.md
+++ b/i18n/zh-Hant/os/linux-overview.md
@@ -10,9 +10,9 @@ description: Linux 是一種開放原始碼、注重隱私的桌面作業系統
[建議的 Linux 發行版 :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## 隱私筆記
+## Security Notes
-用戶應考量 一些使用 Linux 須關注的隱私問題。 儘管有這些缺點,對於大多數用戶,桌面 Linux 發行版還是很棒:
+There are some notable security concerns with Linux which you should be aware of. 儘管有這些缺點,對於大多數用戶,桌面 Linux 發行版還是很棒:
- 避免商業作業系統經常出現的遙測現象
- 維護 [軟體自由](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ description: Linux 是一種開放原始碼、注重隱私的桌面作業系統
傳統上 Linux 發行版的更新模式是依次更新所需的軟體套件。 Fedora、Arch Linux 和其他基於 Debian 的發行版皆採納此種模式—而這種模式如果在更新時發生錯誤,其系統可靠性可能會因此降低。
-而原子更新模式則是完全套用更新或完全不套用更新。 在採納原子更新模式的發行版上,如果在更新時發生錯誤(也許是由於停電),系統上就不會有任何改變。
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. 在採納原子更新模式的發行版上,如果在更新時發生錯誤(也許是由於停電),系統上就不會有任何改變。
因此 Silverblue 和 NixOS 等 [發行版](../desktop.md#atomic-distributions) 在這種情況下便可以依靠原子更新模式維持系統穩定性。 [Adam Šamalík](https://twitter.com/adsamalik) 介紹 `rpm-ostree` 如何與 Silverblue 搭配使用:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### 「注重安全」的發行版
@@ -85,7 +85,7 @@ description: Linux 是一種開放原始碼、注重隱私的桌面作業系統
### 強制訪問控制
-強制訪問控制是一套額外的安全控制,有助於限制應用程式和系統服務等部分。 Linux 發行版本中常見的兩種強制訪問控制實作是 [SELinux](https://github.com/SELinuxProject) 和 [AppArmor](https://apparmor.net) 。 Fedora 預設使用 SELinux,而 Tumbleweed 則在安裝程式中[預設](https://en.opensuse.org/Portal:SELinux)使用 AppArmor,並允許您[選擇](https://en.opensuse.org/Portal:SELinux/Setup)改用 SELinux 。
+強制訪問控制是一套額外的安全控制,有助於限制應用程式和系統服務等部分。 Linux 發行版本中常見的兩種強制訪問控制實作是 [SELinux](https://github.com/SELinuxProject) 和 [AppArmor](https://apparmor.net) 。 Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
[Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) 上的 SELinux 預設會限制 Linux軟體容器、虛擬機器和守護進程。 AppArmor 由 Snap 守護進程 用於 [沙盒化](https://snapcraft.io/docs/security-sandboxing) Snap,這些由 Snap 提供的軟體有 [嚴格](https://snapcraft.io/docs/snap-confinement) 限制,例如 [Firefox](https://snapcraft.io/firefox) 。 在 Fedora 的 [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) 特別興趣小組中,有社群致力於限制系統的更多部分。
@@ -93,7 +93,7 @@ description: Linux 是一種開放原始碼、注重隱私的桌面作業系統
### 磁碟加密
-大多數Linux 發行版安裝程式中都有啟用 [LUKS](../encryption.md#linux-unified-key-setup) FDE之選項。 如果在安裝時沒有設定這個選項,就只能重新安裝,因為在 [系統系統](https://en.wikipedia.org/wiki/File_system) 被格式化 [磁碟分區](https://en.wikipedia.org/wiki/Disk_partitioning)後進行加密。 我們還建議安全地刪除儲存設備。
+大多數Linux 發行版安裝程式中都有啟用 [LUKS](../encryption.md#linux-unified-key-setup) FDE之選項。 If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. 我們還建議安全地刪除儲存設備。
- [安全資料清除 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ MAC 位址隨機化主要有利於 Wi-Fi 連接。 對於乙太網路連接,
Fedora 專案使用 [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) 變數而非獨特 ID 來 [計算](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) 多少系統訪問它的鏡像。 Fedora 這樣做是為了確定負載並在必要時提供更好的更新伺服器。
-這個 [選項](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前預設為關閉。 我們建議將 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以防止將來此選項被改為預設啟用。 使用 `rpm-ostree` 的系統,如 Silverblue,通過遮蔽 [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) 計時器來禁用 countme 選項。
+這個 [選項](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前預設為關閉。 我們建議將 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以防止將來此選項被改為預設啟用。 On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE 則是使用[唯一的 ID](https://en.opensuse.org/openSUSE:Statistics) 來計算系統,可以通過清空`/var/lib/zypp/AnonymousUniqueId` 此檔案來禁用。
diff --git a/i18n/zh-Hant/os/macos-overview.md b/i18n/zh-Hant/os/macos-overview.md
index 3a144f3f..6c5c3246 100644
--- a/i18n/zh-Hant/os/macos-overview.md
+++ b/i18n/zh-Hant/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS 是蘋果電腦的桌面作業系統,搭配其自家硬體
蘋果公司使用 Unix 作業系統來開發**macOS** 支援自家的 Mac 電腦。 為提高 macOS 隱私,用戶可關閉遙測功能以強化現有的隱私與安全設定。
-舊款的 Intel-based Macs 與 Hackintoshe 則無法完全支援 macOS 所提供的安全功能。 為提昇資料安全,建議使用帶[Apple silicon](https://support.apple.com/HT211814)晶片的新款 Mac 。
+舊款的 Intel-based Macs 與 Hackintoshe 則無法完全支援 macOS 所提供的安全功能。 To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## 隱私筆記
@@ -14,7 +14,7 @@ description: macOS 是蘋果電腦的桌面作業系統,搭配其自家硬體
### 激活鎖
-新款 Apple silicon 裝置無需網際網路連接即可設定。 但是,恢復或重置 Mac 將**需要**連接到 Apple 伺服器,以檢查丟失或被盜設備資料庫的激活鎖。
+Brand-new Apple Silicon devices can be set up without an internet connection. 但是,恢復或重置 Mac 將**需要**連接到 Apple 伺服器,以檢查丟失或被盜設備資料庫的激活鎖。
### 應用程式撤銷檢查
@@ -122,7 +122,7 @@ Apple 的 OCSP 服務使用 HTTPS 加密,因此只有他們能夠看到您開
##### FileVault
-在具有安全隔離區(Apple T2 安全晶片、Apple 晶片)的現代裝置上,您的數據會保持加密。如果裝置未偵測到數據遭篡改,則會通過硬體金鑰自動解密。 Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
在較舊的 Intel 的 Mac 電腦,FileVault 是預設唯一可用的磁盤加密形式,應始終啟用。
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS 提供兩種惡意軟體防禦形式:
1. 首先,防止啟動惡意軟體是由 App Store 對 App Store 應用程式的審核流程或*公證*(*Gatekeeper* 的一部份),這是 Apple 允許運行之前掃描第三方應用程式是否存在已知惡意軟體的程式。 Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. *XProtect* 提供針對其他惡意軟體的防護以及修復系統上現有惡意軟體,XProtect 是 macOS 內建較傳統的防病毒軟體。
-建議不要安裝第三方防毒軟體,它們通常不具備正常運行所需的系統取用權限,因為Apple 對第三方應用程式的限制,授予它們要求的高級別取用權限常會帶來麻煩。對電腦造成更大的安全和隱私風險。
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### 備份
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### 硬體安全
-macOS 中的許多現代安全功能(例如現代安全啟動、硬體級漏洞利用緩解、作業系統完整性檢查和檔案加密)都依賴於Apple 晶片,Apple 較新硬體一直具有[最佳安全性](https:// support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1)。 我們只鼓勵使用 Apple 晶片,而不推薦較舊的 Intel Mac 電腦或 Hackintoshes。
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
其中一些現代安全功能可在配備Apple T2 安全晶片的 Intel 老式Mac 電腦上使用,但該晶片容易受到*checkm8* 漏洞的攻擊,這可能會損害其安全性。
@@ -256,7 +256,7 @@ Mac 電腦有三種安全模式啟動:*完全安全*、*降低安全性*和*
#### 安全隔離區
-安全隔離區是內建於 Apple silicon 裝置的安全晶片,負責儲存和生成靜態資料以及 Face ID 和 Touch ID 資料的加密金鑰。 它包含自己獨立的開機 ROM。
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. 它包含自己獨立的開機 ROM。
您可以將安全隔離區想成裝置的安全中心:它具有 AES 加密引擎和安全儲存加密金鑰機制,它與系統的其餘部分分開,因此即使主處理器受到損害,也仍然保持安全。
@@ -268,7 +268,7 @@ Apple Touch ID 功能可使用生物識別技術安全地解鎖設備。
#### 硬體麥克風斷線
-所有配備 Apple silicon 或 T2 晶片的筆記型電腦都具備在閉合時內建麥克風硬體即斷線的功能。 這意味著即使作業系統受到破壞,攻擊者無法監聽 Mac 的麥克風。
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. 這意味著即使作業系統受到破壞,攻擊者無法監聽 Mac 的麥克風。
請注意,攝影機沒有硬體斷接,因為只要上蓋關閉時,其視線即會被遮擋。
@@ -287,7 +287,7 @@ Apple Touch ID 功能可使用生物識別技術安全地解鎖設備。
#### 直接記憶體存取保護
-Apple silicon 將需要直接訪問記憶體的各組件分開。 例如,Thunderbolt 端口無法訪問為內核指定的記憶體。
+Apple Silicon separates each component that requires direct memory access. 例如,Thunderbolt 端口無法訪問為內核指定的記憶體。
## 來源
diff --git a/i18n/zh-Hant/os/windows/group-policies.md b/i18n/zh-Hant/os/windows/group-policies.md
index a198cbd6..9d3df852 100644
--- a/i18n/zh-Hant/os/windows/group-policies.md
+++ b/i18n/zh-Hant/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: 群組原則設定
description: 設定群組政策使 Windows 更尊重隱私的快速指南。
---
-除了修改登錄機碼本身之外,**本機群組原則編輯器**是無需安裝第三方工具即可更改系統許多方面的最強大方法。 更改這些設定需要 [專業版](index.md#windows-editions) 或更高版本。
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. 更改這些設定需要 [專業版](index.md#windows-editions) 或更高版本。
-這些設定應在全新安裝的 Windows 進行。 在現有安裝上設定它們應該可行,但還是有可能會引發不可預測的行為,須自行承擔風險。
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
所有設定在群組原則編輯器中都附有說明,非常詳細地準確說明了它們的作用。 更改時請注意這些描述,準確了解我們在此建議的內容。 當 Windows 附帶的解釋不充分時,我們在下面解釋了我們的一些選擇。
@@ -68,7 +68,7 @@ description: 設定群組政策使 Windows 更尊重隱私的快速指南。
- 啟動時需要其它驗證:**已啟用**
- 允許用於啟動的 PIN 增強:**己啟用**
-儘管這些政策的名稱是這樣,但預設情況下並不會**強制**您執行任何動作。不過,這將在 BitLocker 設定引導中解鎖更複雜的設定**選項** (例如,除了 TPM 之外,啟動時還需要 PIN 碼)。
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### 雲端內容
diff --git a/i18n/zh-Hant/os/windows/index.md b/i18n/zh-Hant/os/windows/index.md
index caf01837..a7042955 100644
--- a/i18n/zh-Hant/os/windows/index.md
+++ b/i18n/zh-Hant/os/windows/index.md
@@ -21,13 +21,13 @@ description: Microsoft Windows 是一種常見的作業系統,開箱即用;
本節為新增內容
-本節仍在施工中,與其他作業系統相比,Windows 安裝需要花費更多的時間和精力才能使用。
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## 隱私筆記
-Microsoft Windows,尤其是那些針對消費者的版本,如 **家用版**,在 [預設](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings) 下通常不會優先使用對隱私友善的功能。 因此,我們經常看到比必要更多的 [資料收集](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection),卻沒有任何真正的警告說明這是預設行為。 為了在廣告領域與 Google 競爭,[Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) 加入了獨特的識別碼,例如「廣告 ID」,以便關聯使用情況,協助廣告商針對性地投放廣告。 在 Windows 10 推出時,非企業版無法停用遙測功能。 現在仍然無法停用,但微軟新增了 [減少](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) 傳送資料的功能。
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). 因此,我們經常看到比必要更多的 [資料收集](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection),卻沒有任何真正的警告說明這是預設行為。 為了在廣告領域與 Google 競爭,[Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) 加入了獨特的識別碼,例如「廣告 ID」,以便關聯使用情況,協助廣告商針對性地投放廣告。 在 Windows 10 推出時,非企業版無法停用遙測功能。 現在仍然無法停用,但微軟新增了 [減少](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) 傳送資料的功能。
Windows 11 有許多限制或預設值,例如:
@@ -43,11 +43,11 @@ Windows 11 有許多限制或預設值,例如:
## Windows 版本
-遺憾的是,許多重要的隱私與安全功能都被鎖定在成本較高的 Windows 版本,而非 Windows **家用版**。 **家用版** 缺少的一些功能包括 Bitlocker 磁碟機加密、Hyper-V 和 Windows 沙箱。 在 Windows 指南中,我們將介紹如何適當地使用所有這些功能,因此擁有高級版本的 Windows 將是必要的。
+遺憾的是,許多重要的隱私與安全功能都被鎖定在成本較高的 Windows 版本,而非 Windows **家用版**。 Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. 在 Windows 指南中,我們將介紹如何適當地使用所有這些功能,因此擁有高級版本的 Windows 將是必要的。
Windows **企業版** 在設定 Windows 內建的隱私與安全設定時,提供最大的彈性。 例如,它們是唯一能限制啟用遙測工具,阻止將資料傳回微軟的版本。 遺憾的是,Enterprise 無法零售購買,因此可能無法使用。
-可供_零售_購買的最佳版本是 Windows **專業版**,因為它幾乎擁有您想要用來保護裝置的所有功能,包括 Bitlocker、Hyper-V 等。 唯一遺憾的是,微軟的遙測缺少了一些最嚴格的限制。
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
學生和教師可以從教育機構免費取得 Windows **教育版**(相當於企業版)或 **專業教育版**(相當於專業版)授權,包括在個人裝置上。 許多學校透過 OnTheHub 或 Microsoft Azure for Education 與微軟合作,因此您可以檢查這些網站或學校的福利頁面,看看是否符合資格。 能否獲得這些許可完全取決於機構。 對許多人來說,這可能是取得 Windows 企業版供個人使用的最佳方式。 與零售版本相比,使用教育授權不會帶來額外的隱私或安全風險。
@@ -59,6 +59,6 @@ Windows **企業版** 在設定 Windows 內建的隱私與安全設定時,提
官方的 [媒體建立工具](https://microsoft.com/software-download/windows11) 是將 Windows 安裝程式放入 USB 隨身碟的最佳方法。 Rufus 或 Etcher 等第三方工具可能會意外修改檔案,這可能會導致開機問題或安裝時出現其他麻煩。
-此工具只能讓您安裝**家用版**或**專業版**,因為沒有 Windows **企業版**的公開下載。 如果您有**企業版**授權金鑰,您可以輕鬆從**專業版**升級。 若要執行此動作,請安裝 Windows **專業版**,但在安裝過程中無須輸入授權金鑰,然後在完成安裝後,在「設定」應用程式中輸入您的 **企業版** 金鑰。 輸入有效的授權金鑰後,您的**專業版**安裝將會自動升級為**企業版**。
+此工具只能讓您安裝**家用版**或**專業版**,因為沒有 Windows **企業版**的公開下載。 如果您有**企業版**授權金鑰,您可以輕鬆從**專業版**升級。 To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. 輸入有效的授權金鑰後,您的**專業版**安裝將會自動升級為**企業版**。
如果您安裝的是**教育版**授權,通常會有一個私人下載連結,當您從機構的福利入口網站取得授權金鑰時,該連結會與授權金鑰一同提供。
diff --git a/i18n/zh-Hant/passwords.md b/i18n/zh-Hant/passwords.md
index 82496246..95ddbe4d 100644
--- a/i18n/zh-Hant/passwords.md
+++ b/i18n/zh-Hant/passwords.md
@@ -228,7 +228,7 @@ Bitwarden 伺服器端代碼是 [開源的](https://github.com/bitwarden/server)
隨著 2022 年 4 月收購 SimpleLogin,Proton 提供了「隱藏我的電子郵件」功能,可建立 10 個別名(免費方案)或無限個別名(付費方案)。
-Proton Pass 行動應用程式和瀏覽器擴充功能於 2023 年 5 月和 6 月接受了 Cure53 的審核。 安全分析公司的結論為:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. 安全分析公司的結論為:
> Proton Pass 應用程式和元件在安全性方面給人留下相當正面的印象。
@@ -325,9 +325,9 @@ Psono 為其產品提供廣泛的說明文件。 Psono 的網路用戶端可以
-{ align=right }
+{ align=right }
-**KeePassXC** 是 KeePassX 的社群分支,是 KeePass Password Safe 的原生跨平台移植,目標是以新功能和錯誤修正來擴充和改進它,以提供一個功能豐富、跨平台和現代化的開源密碼管理器。
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: 首頁](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="隱私權政策" }
@@ -355,9 +355,9 @@ KeePassXC 將其匯出資料儲存為 [CSV](https://en.wikipedia.org/wiki/Comma-
-{ align=right }
+{ align=right }
-**KeePassDX** 是適用於 Android 的輕量級密碼管理器;可在單一檔案中以 KeePass 格式編輯加密資料,並能以安全的方式填寫表格。 應用程式的 [專業版](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) 可讓您解鎖外觀和非標準協定功能,但更重要的是,它有助於並鼓勵開發。
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. 應用程式的 [專業版](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) 可讓您解鎖外觀和非標準協定功能,但更重要的是,它有助於並鼓勵開發。
[:octicons-home-16: 首頁](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="說明文件" }
diff --git a/i18n/zh-Hant/photo-management.md b/i18n/zh-Hant/photo-management.md
index 540a7a34..c3f5f102 100644
--- a/i18n/zh-Hant/photo-management.md
+++ b/i18n/zh-Hant/photo-management.md
@@ -19,7 +19,7 @@ cover: photo-management.webp
{ align=right }
{ align=right }
-**Ente Photos**提供端對端加密照片備份服務,支援 iOS 和 Android 的自動備份。 其客戶端和伺服器端的程式碼都完全開源。 它也可 [自行託管](https://github.com/ente-io/ente/tree/main/server#self-hosting)。 免費方案要求您每年至少要使用該服務一次,該方案提供 5GB 儲存空間。
+**Ente Photos**提供端對端加密照片備份服務,支援 iOS 和 Android 的自動備份。 其客戶端和伺服器端的程式碼都完全開源。 它也可 [自行託管](https://github.com/ente-io/ente/tree/main/server#self-hosting)。 The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: 首頁](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="隱私權政策" }
@@ -51,7 +51,7 @@ Ente Photos 於 2023 年 3 月接受 [Cure53 稽核](https://ente.io/blog/crypto
{ align=right }
{ align=right }
-**Stingle** 是一款照片庫與相機應用程式,內建端對端加密備份與同步功能,可儲存您的相片與影片。 如果您使用他們的雲端,免費帳戶的儲存空間為 1GB ,您也可以託管自己的 Stingle API 伺服器,以獲取完全的獨立性。
+**Stingle** 是一款照片庫與相機應用程式,內建端對端加密備份與同步功能,可儲存您的相片與影片。 Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: 首頁](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="隱私權政策" }
@@ -100,7 +100,7 @@ Ente Photos 於 2023 年 3 月接受 [Cure53 稽核](https://ente.io/blog/crypto
- 雲端託管提供商必須強制執行端對端加密。
- 必須提供免費方案或試用期以進行測試。
-- 必須支援 TOTP 或 FIDO2 此等強度的多重要素驗證,或允許使用 passkey 登入。
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 必須提供支援基本檔案管理功能的網頁介面。
- 允許輕鬆匯出所有檔案/文件。
- 它必須是開源的。
diff --git a/i18n/zh-Hant/real-time-communication.md b/i18n/zh-Hant/real-time-communication.md
index d41347b1..e11bd69f 100644
--- a/i18n/zh-Hant/real-time-communication.md
+++ b/i18n/zh-Hant/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> 此應用程式的整體安全層級良好,讓注重隱私的人也能使用。
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## 標準
diff --git a/i18n/zh-Hant/router.md b/i18n/zh-Hant/router.md
index ca6ac6a0..35985d1e 100644
--- a/i18n/zh-Hant/router.md
+++ b/i18n/zh-Hant/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** 是一個基於 Linux 的操作系統;它主要用於嵌入式設備以路由網路流量。 它包括util-linux , uClibc和BusyBox。 所有組件都已為家庭路由器進行了優化。
+**OpenWrt** 是一個基於 Linux 的操作系統;它主要用於嵌入式設備以路由網路流量。 它包括util-linux , uClibc和BusyBox。 All the components have been optimized for home routers.
[:octicons-home-16: 首頁](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=說明文件}
diff --git a/i18n/zh-Hant/security-keys.md b/i18n/zh-Hant/security-keys.md
index 4f9f3806..2829fbee 100644
--- a/i18n/zh-Hant/security-keys.md
+++ b/i18n/zh-Hant/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: 針對性攻擊](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: 被動攻擊](basics/common-threats.md#security-and-privacy){ .pg-orange }
-實體**安全金鑰**可為線上帳戶添加強大的保護層。 與[驗證器應用程式](multi-factor-authentication.md) 相比,FIDO2 安全金鑰協定不受網路釣魚的影響,在沒持有金鑰的情況下不會受到侵害。 許多服務支援 FIDO2/WebAuthn 作為保護帳戶安全的多因素驗證選項,且某些服務可用安全金鑰作為無密碼身份驗證的強大單因素驗證器。
+實體**安全金鑰**可為線上帳戶添加強大的保護層。 與[驗證器應用程式](multi-factor-authentication.md) 相比,FIDO2 安全金鑰協定不受網路釣魚的影響,在沒持有金鑰的情況下不會受到侵害。 Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## YubiKey 安全金鑰
@@ -67,7 +67,7 @@ Yubico 的 **YubiKey** 系列是最受歡迎的安全金鑰之一。 YubiKey 5
[比較表](https://yubico.com/store/compare) 顯示 YubiKey 的功能以及與 Yubico [安全金鑰](#yubico-security-key) 系列之間相互比較。 YubiKey 好處之一是,一支可以滿足對安全金鑰硬體的全部期待。 建議購買前先 [作個小測驗](https://yubico.com/quiz/) ,確保做出正確的選擇。
-Yubikey 5系列具有FIDO 1級認證,這是最常見的。 不過,有些政府或其他組織可能需要具備第二級認證的金鑰,在這種情況下,您就必須購買 [Yubikey 5 **FIPS** 系列](https://yubico.com/products/yubikey-fips) ,或 [Yubico Security Key 系列](#yubico-security-key) 金鑰。 大多數人不必擔心這種差異。
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). 大多數人不必擔心這種差異。
YubiKey 可以使用 [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) 或 [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools) 來設定它。 若要管理 TOTP 程式碼,可用 [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)。 Yubico 所有客戶端軟體都是開源的。
diff --git a/i18n/zh-Hant/tools.md b/i18n/zh-Hant/tools.md
index 0a6b8e3e..c953b269 100644
--- a/i18n/zh-Hant/tools.md
+++ b/i18n/zh-Hant/tools.md
@@ -180,7 +180,7 @@ description: Privacy Guides 社群所推薦的隱私工具、服務、軟體及
---
- Proton Mail 是一個注重隱私、加密、安全和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG 總部位於瑞士日內瓦。 Proton Mail Free 方案隨附 500MB 的郵件儲存空間,可以免費增加至 1GB。
+ Proton Mail 是一個注重隱私、加密、安全和易用性的電子郵件服務。 他們自 2013 年起開始營運。 Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[閱讀我們的完整評論 :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ description: Privacy Guides 社群所推薦的隱私工具、服務、軟體及
---
- Mailbox.org 是一個專注於安全、無廣告的電子郵件服務,其使用來自民營企業的 100% 環保能源。 自 **2014 年** 開始運營。 Mailbox.org 總部位於德國柏林。 初級帳戶有 2GB 儲存空間,可以根據需要升級。
+ Mailbox.org 是一個專注於安全、無廣告的電子郵件服務,其使用來自民營企業的 100% 環保能源。 自 **2014 年** 開始運營。 Mailbox.org 總部位於德國柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[閱讀完整評論 :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ description: Privacy Guides 社群所推薦的隱私工具、服務、軟體及
---
- Tuta(以前稱為 *Tutanota*)是一個透過使用加密技術來專注於安全與隱私的電子郵件服務。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 免費帳戶提供 10GB 容量。
+ Tuta(以前稱為 *Tutanota*)是一個透過使用加密技術來專注於安全與隱私的電子郵件服務。 Tuta 自 2011 年開始營運,總部位於德國漢諾威。 Free accounts start with 1 GB of storage.
[閱讀完整評論 :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ description: Privacy Guides 社群所推薦的隱私工具、服務、軟體及
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,12 +646,12 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
-- { .twemoji loading=lazy } [Whonix(Tor)](desktop.md#whonix)
-- { .twemoji loading=lazy } [Tails(自生系統)](desktop.md#tails)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
+- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/zh-Hant/tor.md b/i18n/zh-Hant/tor.md
index f8782866..de09df21 100644
--- a/i18n/zh-Hant/tor.md
+++ b/i18n/zh-Hant/tor.md
@@ -44,7 +44,7 @@ schema:
其些應用程式比其他應用程式更好,但再次提醒其選用決定取決於您的威脅模型。 如果是Tor 的一般使用者,不擔心 ISP 收集針對您的證據,那麼使用[Orbot](#orbot) 等應用程式或行動瀏覽器應用程式訪用 Tor 網路可能沒問題。 越多人使用 Tor 有助於減少 Tor 的不良印記,降低 ISP 和政府可能編制的「Tor 用戶清單」內容。
-如果更完全的匿名至關重要,則應 **僅使用** 桌面版的 Tor 客戶端應用,最好再加上[Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) 一起搭配使用。 行動瀏覽器在 Tor 上較不常見 (因此也更容易被識別指紋),而且其所採用的其他配置也沒有經過嚴格的去匿名化測試。
+如果更完全的匿名至關重要,則應 **僅使用** 桌面版的 Tor 客戶端應用,最好再加上[Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) 一起搭配使用。 Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor 瀏覽器
@@ -114,11 +114,11 @@ Tor 瀏覽器旨在防止指紋識別----根據您的瀏覽器配置識別您。
Android 提示
-Orbot 可以代理個別應用程式,如果它們有支援 SOCKS 或 HTTP 代理。 它也能使用 [VpnService](https://developer.android.com/reference/android/net/VpnService) 代理您的所有網路連接,其 VPN killswitch 設定在 :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.。
+Orbot 可以代理個別應用程式,如果它們有支援 SOCKS 或 HTTP 代理。 It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Guardian Project 的[F-Droid repository](https://guardianproject.info/fdroid)和 [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) 上Orbot 往往不是最新版,因此請考慮直接從 [GitHub repository](https://github.com/guardianproject/orbot/releases) 下載。
-所有版本都使用同一個簽名,因此它們應該相互兼容。
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/zh-Hant/vpn.md b/i18n/zh-Hant/vpn.md
index e743b189..27620552 100644
--- a/i18n/zh-Hant/vpn.md
+++ b/i18n/zh-Hant/vpn.md
@@ -2,7 +2,7 @@
meta_title: "隱私 VPN 服務建議和比較,無任何贊助商或廣告 - Privacy Guides"
title: "VPN 服務"
icon: material/vpn
-description: 保護您線上隱私與安全的最佳 VPN 服務。 在這裡尋找一個不會監視您的供應商。
+description: 保護您線上隱私與安全的最佳 VPN 服務。 Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton 現在在其瀏覽器擴充套件中 [支援 IPv6](https://protonvpn.com/
#### :material-information-outline:{ .pg-info } 遠端端口轉發
-Proton VPN 目前僅支援通過 NAT-PMP 進行短暫的[遠端端口轉發](https://protonvpn.com/support/port-forwarding),租用時間為 60 秒。 Windows 應用程式提供簡易使用選項,而其它作業系統則需運行 [NAT-PMP 客戶端](https://protonvpn.com/support/port-forwarding-manual-setup)。 BT 客戶端通常原生支援 NAT-PMP。
+Proton VPN 目前僅支援通過 NAT-PMP 進行短暫的[遠端端口轉發](https://protonvpn.com/support/port-forwarding),租用時間為 60 秒。 The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). BT 客戶端通常原生支援 NAT-PMP。
#### :material-information-outline:{ .pg-blue } 突破網路審查
-Proton VPN 有自己的 [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) 協定,在其它 VPN 協定如 OpenVPN、WireGuard 遭封鎖時*可能*有所幫助。 Stealth 將 VPN 隧道封裝在 TLS 會話中,使其看起來像是一般的網路流量。
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth 將 VPN 隧道封裝在 TLS 會話中,使其看起來像是一般的網路流量。
不幸的是,在部署了精密過濾器分析所有傳出流量以試圖發現加密隧道的國家,此方法的效果並不理想。 Stealth 可在 Android、iOS、Windows 和 macOS 上使用,但尚未在 Linux 上可用。
@@ -113,11 +113,11 @@ Proton VPN 有自己的 [Stealth](https://protonvpn.com/blog/stealth-vpn-protoco
#### :material-information-outline:{ .pg-blue } 補充說明
-Proton VPN 客戶端目前支援所有平臺上的雙因素身份驗證。 Proton VPN 在瑞士、冰島和瑞典擁有自己的伺服器和資料中心。 他們透過自己的 DNS 服務,提供內容封鎖和已知的惡意軟體網域。 此外,Proton VPN 還提供 "Tor" 伺服器,可輕鬆連接到洋蔥網站,但我們仍然強烈建議您使用 [官方 Tor 瀏覽器](tor.md#tor-browser) 來完成此類目的。
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN 在瑞士、冰島和瑞典擁有自己的伺服器和資料中心。 他們透過自己的 DNS 服務,提供內容封鎖和已知的惡意軟體網域。 此外,Proton VPN 還提供 "Tor" 伺服器,可輕鬆連接到洋蔥網站,但我們仍然強烈建議您使用 [官方 Tor 瀏覽器](tor.md#tor-browser) 來完成此類目的。
-##### :material-alert-outline:{ .pg-orange } Killswitch 無法在基於 Intel 處理器的 Mac 電腦上使用
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-基於 Intel 處理器的 Mac 電腦 若使用 VPN killswitch 可能會導致[系統崩潰](https://protonvpn.com/support/macos-t2-chip-kill-switch) 。 如果您需要此功能,但使用的是搭載 Intel 處理器的 Mac 電腦 ,則應考慮使用其他 VPN 服務。
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. 如果您需要此功能,但使用的是搭載 Intel 處理器的 Mac 電腦 ,則應考慮使用其他 VPN 服務。
### IVPN
@@ -183,7 +183,7 @@ IVPN 曾支援遠端端口轉發,但在 [2023 年 6 月](https://ivpn.net/blog
#### :material-check:{ .pg-green } 突破網路審查
-IVPN 具有使用 [v2ray](https://v2ray.com/en/index.html) 的混淆模式,這有助於在 OpenVPN 或 WireGuard 等 VPN 協定遭到封鎖時繞過審查。 此功能目前僅支援 電腦版 與 [iOS](https://ivpn.net/knowledgebase/ios/v2ray) 版。 可透過 QUIC 或 TCP 兩種模式連接 [VMess](https://guide.v2fly.org/en_US/basics/vmess.html)。 QUIC 是一個新的傳輸協議,具有更好的擁塞控制,因此可能速度更快,且延遲更低。 TCP 模式的數據呈現為一般的 HTTP 流量。
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). 可透過 QUIC 或 TCP 兩種模式連接 [VMess](https://guide.v2fly.org/en_US/basics/vmess.html)。 QUIC 是一個新的傳輸協議,具有更好的擁塞控制,因此可能速度更快,且延遲更低。 TCP 模式的數據呈現為一般的 HTTP 流量。
#### :material-check:{ .pg-green } 行動裝置客戶端
@@ -191,7 +191,7 @@ IVPN 具有使用 [v2ray](https://v2ray.com/en/index.html) 的混淆模式,這
#### :material-information-outline:{ .pg-blue } 補充說明
-IVPN 用戶端支援雙因子身份驗證。 IVPN 有「[反追蹤](https://ivpn.net/antitracker)」功能,以阻絕來自網路層的廣告與追蹤。
+IVPN clients support two-factor authentication. IVPN 有「[反追蹤](https://ivpn.net/antitracker)」功能,以阻絕來自網路層的廣告與追蹤。
### Mullvad
@@ -199,7 +199,7 @@ IVPN 用戶端支援雙因子身份驗證。 IVPN 有「[反追蹤](https://ivpn
{ align=right }
-**Mullvad** 是一個快速且便宜的 VPN,非常注重透明和安全性。 他們自 2009 年起開始營運。 Mullvad 位於瑞典,提供 30 天退款保證(前提是您的付款方式允許)。
+**Mullvad** 是一個快速且便宜的 VPN,非常注重透明和安全性。 他們自 2009 年起開始營運。 Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: 首頁](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="洋蔥服務" }
@@ -260,7 +260,7 @@ Mullvad 曾支援遠端端口轉發,但在 [2023 年 5 月](https://mullvad.ne
Mullvad 提供多種功能,協助繞過審查制度,自由存取網際網路:
-- **混淆模式**:Mullvad 有兩種內建混淆模式 —「UDP-over-TCP」 和 [「Wireguard over Shadowsocks」](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard)。 這些模式會將您的 VPN 流量偽裝成一般的網路流量,使審查員更難偵測和封鎖。 據說,中國會利用[新的方法來擾亂 Shadowsocks 路由的流量](https://gfw.report/publications/usenixsecurity23/en)。
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). 這些模式會將您的 VPN 流量偽裝成一般的網路流量,使審查員更難偵測和封鎖。 據說,中國會利用[新的方法來擾亂 Shadowsocks 路由的流量](https://gfw.report/publications/usenixsecurity23/en)。
- **使用 Shadowsocks 和 v2ray 進階混淆**:對於更進階的使用者,Mullvad 提供了如何在 Mullvad 用戶端同時使用 [Shadowsocks 以及 v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) 外掛程式的指南。 此設定提供了額外的混淆和加密層。
- **自訂伺服器 IP**:要對抗 IP 封鎖,您可以向 Mullvad 的支援團隊申請自訂伺服器 IP。 收到自訂 IP 後,您可以在「Server IP override」設定中輸入文字檔,這樣就可以用審查員不知道的 IP 位址覆寫所選的伺服器 IP 位址。
- **橋接和代理**:Mullvad 也允許您使用橋接器或代理伺服器來存取他們的 API (驗證時需要),這有助於繞過存取 API 的審查封鎖。
@@ -286,19 +286,19 @@ Mullvad 對於他們[自有或租用](https://mullvad.net/en/servers)的節點
### 技術
-我們要求所有推薦的 VPN 服務商有提供 OpenVPN 配置檔案,以便在任何用戶端中使用。 **如果** VPN 提供自己的客戶端,則要求有 killswitch 來阻止未連接 VPN 時網路資料遭洩漏。
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**最低合格要求:**
-- 支援強固的協議,如 WireGuard & OpenVPN。
-- 用戶端內建 Killswitch。
-- 支援多跳連接 (Multihop)。 萬一單個節點受損,多跳方式就非常重要,才能保持數據的私密性。
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- 如有提供 VPN 用戶端,則應為 [開源](https://en.wikipedia.org/wiki/Open_source),一如所內建的 VPN 軟體。 我們相信,提供[原始碼](https://en.wikipedia.org/wiki/Source_code)可顯著提高透明度,讓我們知道程式實際在做什麼。
- 抗審查功能可在沒有 DPI 的情況下繞過防火牆。
**最佳情況:**
-- Killswitch 具高度可配置選項(啟用/禁用某些網路、開機時等等)
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- 易於使用的 VPN 客戶端
- 支援 [IPv6](https://en.wikipedia.org/wiki/IPv6)。 我們希望伺服器能允許透過 IPv6 傳入連線,並允許您存取託管在 IPv6 位址上的服務。
- [遠端端口轉發](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) 的功能可協助在使用 P2P ([對等](https://en.wikipedia.org/wiki/Peer-to-peer)) 檔案共享軟體或自建伺服器 (例如 Mumble) 時建立連接。
@@ -316,11 +316,11 @@ Mullvad 對於他們[自有或租用](https://mullvad.net/en/servers)的節點
**最佳情況:**
- 接受多種 [匿名付款方式](advanced/payments.md)。
-- 無需任何個人資訊(自動生成的用戶名稱、不要求電子郵件等)。
+- No personal information accepted (auto-generated username, no email required, etc.).
### 安全
-若 VPN 不能提供足夠安全性,它就毫無意義。 我們要求所有推薦的供應商遵守其 OpenVPN 連接的現行安全標準。 理想中,預設他們會使用更多面向未來的加密方案。 我們要求有獨立的第三方來審核供應商的安全性,理想情況下是每年都能進行全方方面審計。
+若 VPN 不能提供足夠安全性,它就毫無意義。 We require all our recommended providers to abide by current security standards. 理想中,預設他們會使用更多面向未來的加密方案。 我們要求有獨立的第三方來審核供應商的安全性,理想情況下是每年都能進行全方方面審計。
**最低合格要求:**
@@ -358,7 +358,7 @@ Mullvad 對於他們[自有或租用](https://mullvad.net/en/servers)的節點
**最低合格要求:**
-- 必須自行託管分析工具 (例如不使用 Google Analytics)。 供應商的網站還必須遵守 [DNT (Do Not Track, 請勿追蹤) ](https://en.wikipedia.org/wiki/Do_Not_Track) 的要求,以供選擇退出的人使用。
+- 必須自行託管分析工具 (例如不使用 Google Analytics)。 The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
不得有任何不負責任的行銷:
diff --git a/i18n/zh/about.md b/i18n/zh/about.md
index b75a91fd..9bbf28cf 100644
--- a/i18n/zh/about.md
+++ b/i18n/zh/about.md
@@ -24,7 +24,7 @@ schema:
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
-Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever changing cybersecurity threat landscape.
+Privacy Guides is built by volunteers and staff members around the world. All changes to our recommendations and resources are reviewed by at least two [trusted](https://discuss.privacyguides.net/u?group=team\&order=solutions\&period=all) individuals, and we work diligently to ensure our content is updated as quickly as possible to adapt to the ever-changing cybersecurity threat landscape.
In addition to our core team, [many other people](about/contributors.md) have made contributions to the project. You can too! We're open source on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
diff --git a/i18n/zh/about/contributors.md b/i18n/zh/about/contributors.md
index ad6a576b..8170d38a 100644
--- a/i18n/zh/about/contributors.md
+++ b/i18n/zh/about/contributors.md
@@ -7,7 +7,7 @@ description: A complete list of contributors who have collectively made an enorm
-This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
+This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind are welcome to be added to [this list](https://github.com/privacyguides/privacyguides.org/blob/main/.all-contributorsrc), including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
| Emoji | Type | Description |
| ----- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
diff --git a/i18n/zh/about/criteria.md b/i18n/zh/about/criteria.md
index 3be8f5c2..04a54cc0 100644
--- a/i18n/zh/about/criteria.md
+++ b/i18n/zh/about/criteria.md
@@ -24,7 +24,7 @@ Below are some general priorities we consider for all submissions to Privacy Gui
- 必须披露隶属关系,即您在提交的项目中的职位。
-- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
+- Must have a security white paper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
- Regarding third party audit status, we want to know if you have undergone one, or have requested one. 如果可能,请说明谁将进行审计。
- 必须解释该项目在隐私方面带来了什么。
diff --git a/i18n/zh/about/executive-policy.md b/i18n/zh/about/executive-policy.md
index a8a54476..e7b93a36 100644
--- a/i18n/zh/about/executive-policy.md
+++ b/i18n/zh/about/executive-policy.md
@@ -5,7 +5,7 @@ description: These are policies formally adopted by our executive committee, and
These are policies formally adopted by Privacy Guides' executive committee, and take precedence over all other statements expressed on this website.
-The key words **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
+The keywords **must**, **must not**, **required**, **shall**, **shall not**, **should**, **should not**, **recommended**, **may**, and **optional** are to be interpreted as described in [RFC 2119](https://datatracker.ietf.org/doc/html/rfc2119).
## EP1: Freely-Provided Product Samples
diff --git a/i18n/zh/about/notices.md b/i18n/zh/about/notices.md
index b0978f6a..6e3c3c78 100644
--- a/i18n/zh/about/notices.md
+++ b/i18n/zh/about/notices.md
@@ -31,7 +31,7 @@ This does not include third-party code embedded in the Privacy Guides code repos
* The [Public Sans](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/Public%20Sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/67166ed8b641d8ac1837d0b75329e02ed4056704/fonts/DM%20Mono/LICENSE.txt).
-我们认为从第三方提供商获得的 `资产` 中的标志和其他图像属于公共领域或 **合理使用**。 In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. 然而,在一个或多个司法管辖区,这些徽标和其他图像仍可能受商标法的约束。 在使用此内容之前,请确保其用于识别拥有商标的实体或组织,并且根据适用于您预期使用情况的法律,您有权使用商标。 *从本网站复制内容时,您应自行负责确保您不侵犯他人的商标或版权。*
+我们认为从第三方提供商获得的 `资产` 中的标志和其他图像属于公共领域或 **合理使用**。 In a nutshell, legal [fair use doctrine](https://copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject for purposes of public comment. 然而,在一个或多个司法管辖区,这些徽标和其他图像仍可能受商标法的约束。 在使用此内容之前,请确保其用于识别拥有商标的实体或组织,并且根据适用于您预期使用情况的法律,您有权使用商标。 *从本网站复制内容时,您应自行负责确保您不侵犯他人的商标或版权。*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
diff --git a/i18n/zh/about/privacytools.md b/i18n/zh/about/privacytools.md
index 6a58550f..6b236c23 100644
--- a/i18n/zh/about/privacytools.md
+++ b/i18n/zh/about/privacytools.md
@@ -37,9 +37,9 @@ At the end of July 2021, we [informed](https://web.archive.org/web/2021072918442
## 控制r/privacytoolsIO
-在privacytools.io网站出现问题的同时,r/privacytoolsIO的管理团队也面临着管理该子版块的挑战。 该子版块一直以来都是基本独立于网站发展的,但BurungHantu也是该子版块的主要版主,而且他是唯一被授予 "完全控制 "特权的版主。 u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
+Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the Subreddit. The Subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the Subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://reddit.com/comments/o9tllh) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
-Reddit要求子版块有活跃的版主。 如果主版主长时间不活动(如一年),主版主的位置可以重新任命给下一个版主。 为了使这一请求得到批准,BurungHantu必须在很长一段时间内完全不参与所有Reddit活动,这与他在其他平台上的行为是一致的。
+Reddit requires that Subreddits have active moderators. 如果主版主长时间不活动(如一年),主版主的位置可以重新任命给下一个版主。 为了使这一请求得到批准,BurungHantu必须在很长一段时间内完全不参与所有Reddit活动,这与他在其他平台上的行为是一致的。
> 如果你通过Reddit请求被撤掉了子版块的版主,那是因为你缺乏回应和缺乏活动,使该子版块有资格进行r/redditrequest转移。
>
@@ -55,7 +55,7 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
- Redirecting `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org).
- 在GitHub上存档源代码,以保存我们过去的工作和问题跟踪器,我们继续使用该网站未来几个月的开发。
-- 在我们的subreddit和其他各种社区发布公告,告知人们官方的变化。
+- Posting announcements to our Subreddit and various other communities informing people of the official change.
- 正式关闭privacytools.io服务,如Matrix和Mastodon,并鼓励现有用户尽快迁移。
事情似乎进行得很顺利,我们活跃的社区中的大多数人都完全按照我们的希望转换到我们的新项目。
@@ -66,11 +66,11 @@ This change [entailed:](https://reddit.com/comments/pnhn4a)
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from `www.privacytools.io` to [www.privacyguides.org](https://www.privacyguides.org). 我们答应了他的请求,并要求他保持Matrix、Mastodon和PeerTube的子域名的活跃性,以便我们作为一项公共服务在社区内运行至少几个月,以便让这些平台上的用户能够轻松地迁移到其他账户。 由于我们所提供的服务的联合性质,它们与特定的域名联系在一起,使得迁移非常困难(在某些情况下不可能迁移)。
-Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
+Unfortunately, because control of the r/privacytoolsIO Subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://reddit.com/comments/pymthv/comment/hexwrps) at the beginning of October, ending any migration possibilities to any users still using those services.
在这之后,BurungHantu对Jonah从项目中窃取捐款提出了不实指控。 BurungHantu在所谓的事件发生后有一年多的时间,但他从未让任何人知道,直到隐私指南迁移之后。 BurungHantu多次被要求提供证据,并要求团队 [和社区](https://twitter.com/TommyTran732/status/1526153536962281474),对其沉默的原因进行评论,但他没有这样做。
-BurungHantu还在Twitter上发了一篇 [的帖子](https://twitter.com/privacytoolsIO/status/1510560676967710728) ,声称一名“律师”在Twitter上与他联系并提供建议,再次试图欺负我们让他控制我们的subreddit ,并作为他的诽谤运动的一部分,在假装成为受害者的同时,搅乱了隐私指南发布周围的水域。
+BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our Subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io的现状
@@ -80,7 +80,7 @@ BurungHantu还在Twitter上发了一篇 [的帖子](https://twitter.com/privacyt
## r/privacytoolsIO 的现状
-After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
+After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both Subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://reddit.com/comments/qk7qrj) a restricted sub in a post on November 1st, 2021:
> [...] 该小组的成长是PrivacyGuides.org团队数年来努力的结果。 还有你们每一个人。
>
@@ -88,11 +88,11 @@ After the launch of [r/PrivacyGuides](https://reddit.com/r/privacyguides), it wa
子版块不属于任何人,尤其不属于品牌持有人。 他们属于自己的社区,而社区及其版主做出了支持移至r/PrivacyGuides的决定。
-In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
+In the months since, BurungHantu has threatened and begged for returning Subreddit control to his account in [violation](https://reddit.com/r/redditrequest/wiki/top_mod_removal) of Reddit rules:
> 不允许任何版主对删除请求进行报复。
-对于一个拥有数千名剩余用户的社区来说,我们觉得把这个庞大的平台的控制权还给那个抛弃了它一年多的人,而且他现在经营着一个我们认为提供非常低质量信息的网站,这将是非常不尊重的。 对我们来说,保留该社区过去多年的讨论更为重要,因此u/trai_dep和其他子版块的管理团队做出决定,保持r/privacytoolsIO的现状。
+对于一个拥有数千名剩余用户的社区来说,我们觉得把这个庞大的平台的控制权还给那个抛弃了它一年多的人,而且他现在经营着一个我们认为提供非常低质量信息的网站,这将是非常不尊重的。 Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the Subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
diff --git a/i18n/zh/about/statistics.md b/i18n/zh/about/statistics.md
index 2ddcdd70..bda81093 100644
--- a/i18n/zh/about/statistics.md
+++ b/i18n/zh/about/statistics.md
@@ -11,7 +11,7 @@ We self-host [Umami](https://umami.is) to create a nice visualization of our tra
With this process:
-- Your information is never shared with a third-party, it stays on servers we control
+- Your information is never shared with a third party, it stays on servers we control
- Your personal data is never saved, we only collect data in aggregate
- No client-side JavaScript is used
diff --git a/i18n/zh/advanced/communication-network-types.md b/i18n/zh/advanced/communication-network-types.md
index 7a9e5c3d..a28a8157 100644
--- a/i18n/zh/advanced/communication-network-types.md
+++ b/i18n/zh/advanced/communication-network-types.md
@@ -44,7 +44,7 @@ description: 即时信息应用程序常用的几种网络架构的概述。
- 允许在运行自己的服务器时更好地控制自己的数据。
- 允许您通过在多个“公共”服务器之间选择信任谁。
- 通常允许第三方客户端提供更原生、定制或可访问的体验。
-- 可以验证服务器与公共源代码匹配,假设您有权访问服务器或您信任这样做的人(例如,家庭成员)。
+- Server software can be verified that it matches public source code, assuming you have access to the server, or you trust the person who does (e.g., a family member).
**缺点**
@@ -60,7 +60,7 @@ description: 即时信息应用程序常用的几种网络架构的概述。
点对点聊天软件连接到一个由节点组成的 [分布式网络](https://en.wikipedia.org/wiki/Distributed_networking) ,在没有第三方服务器的情况下将信息转发给收件人。
-客户端(对等节点)通常通过使用 [分布式网络](https://en.wikipedia.org/wiki/Distributed_computing) 找到对方。 这方面的例子包括 [分布式哈希表](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT),由 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 等使用。 另一种方法是基于近距离的网络,通过WiFi或蓝牙建立连接(例如,Briar或 [Scuttlebutt](https://scuttlebutt.nz) 社交网络协议)。
+客户端(对等节点)通常通过使用 [分布式网络](https://en.wikipedia.org/wiki/Distributed_computing) 找到对方。 这方面的例子包括 [分布式哈希表](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT),由 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 等使用。 Another approach is proximity based networks, where a connection is established over Wi-Fi or Bluetooth (for example, Briar or the [Scuttlebutt](https://scuttlebutt.nz) social network protocol).
一旦一个节点通过这些方法中的任何一种找到了通往其联系人的路线,它们之间就会建立直接连接。 虽然信息通常是加密的,但观察者仍然可以推断出发件人和收件人的位置和身份。
@@ -85,10 +85,10 @@ P2P网络不使用服务器,因为节点之间直接通信,因此不存在
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的Messenger隐藏发送方、接收方的身份或他们一直在通信的证据。 理想情况下,Messenger应该将这三者都隐藏起来。
-有 [许多](https://doi.org/10.1145/3182658) 不同的方法来实现匿名网络。 其中最著名的是
+There are [many](https://doi.org/10.1145/3182658) ways to implement anonymous routing. 其中最著名的是
洋葱路由 (即 [Tor](tor-overview.md)),它通过一个强加密的 [覆盖网络](https://en.wikipedia.org/wiki/Overlay_network) ,隐藏每个节点的位置以及每个信息的接收者和发送者来通信。 发件人和收件人从不直接交互,只通过一个秘密的会合节点会面,这样就不会泄露IP地址或物理位置。 节点不能解密信息,也不能解密最终目的地;只有收件人可以。 每个中间节点只能解密一部分,表明下一步将把仍然加密的信息发送到哪里,直到它到达可以完全解密的收件人那里,因此命名为 "洋葱路由"。
-在匿名网络中自托管一个节点并不为托管者提供额外的隐私,而是有助于整个网络对识别攻击的抗性,对每个人都有好处。
+Self-hosting a node in an anonymous routing network does not provide the host with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
**优点:**
diff --git a/i18n/zh/advanced/dns-overview.md b/i18n/zh/advanced/dns-overview.md
index c610efd5..a81111f3 100644
--- a/i18n/zh/advanced/dns-overview.md
+++ b/i18n/zh/advanced/dns-overview.md
@@ -4,7 +4,7 @@ icon: material/dns
description: 域名系统是 “互联网的电话簿”,帮助浏览器找到网站。
---
-[域名系统](https://en.wikipedia.org/wiki/Domain_Name_System) 是“互联网电话簿”。 DNS将域名转换为IP地址,以便浏览器和其他服务可以通过分散的服务器网络加载互联网资源。
+The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phone book of the Internet'. DNS将域名转换为IP地址,以便浏览器和其他服务可以通过分散的服务器网络加载互联网资源。
## 什么是DNS?
@@ -24,7 +24,7 @@ DNS自互联网的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System#His
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
-2. 然后我们可以使用 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux,macOS等)或 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows)将DNS查询发送到两个服务器。 Web浏览器等软件会自动执行这些查找,除非它们被配置为使用加密的DNS。
+2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, macOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Web浏览器等软件会自动执行这些查找,除非它们被配置为使用加密的DNS。
=== "Linux, macOS"
@@ -39,7 +39,7 @@ DNS自互联网的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System#His
nslookup privacyguides.org 8.8.8.8
```
-3. Next, we want to [analyse](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
+3. Next, we want to [analyze](https://wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
=== "Wireshark"
@@ -70,7 +70,7 @@ Encrypted DNS can refer to one of a number of protocols, the most common ones be
### DNSCrypt
-[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是首批加密DNS查询的方法之一。 DNSCrypt在端口443上运行,并可以使用TCP或UDP传输协议。 DNSCrypt从未提交给 [互联网工程任务组(IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) 也没有经过 [征求意见(RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) 过程,因此除了少数 [实现](https://dnscrypt.info/implementations)之外没有被广泛使用。 因此,它在很大程度上被更流行的 [DNS over HTTPS](#dns-over-https-doh)取代了。
+[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是首批加密DNS查询的方法之一。 DNSCrypt在端口443上运行,并可以使用TCP或UDP传输协议。 DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside a few [implementations](https://dnscrypt.info/implementations). 因此,它在很大程度上被更流行的 [DNS over HTTPS](#dns-over-https-doh)取代了。
### DNS over TLS (DoT)
@@ -118,7 +118,7 @@ DoH的原生实现出现在iOS 14、macOS 11、微软Windows和Android 13中(
3. 在提出请求后,我们可以用
CTRL +
C停止抓包。
-4. 在Wireshark中分析结果:
+4. Analyze the results in Wireshark:
```bash
wireshark -r /tmp/dns_doh.pcap
@@ -136,13 +136,13 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
确定浏览活动的最简单方法可能是查看你的设备所访问的IP地址。 例如,如果观察者知道 `privacyguides.org` 在 `198.98.54.105`,而你的设备正在从 `198.98.54.105`请求数据,你很有可能正在访问隐私指南。
-这种方法只有在IP地址属于一个只承载少数网站的服务器时才有用。 如果网站托管在一个共享平台上(如Github Pages、Cloudflare Pages、Netlify、WordPress、Blogger等),这也不是很有用。 如果服务器托管在一个 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy),它也不是很有用,这在现代互联网上非常普遍。
+这种方法只有在IP地址属于一个只承载少数网站的服务器时才有用。 It's also not very useful if the site is hosted on a shared platform (e.g. GitHub Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). 如果服务器托管在一个 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy),它也不是很有用,这在现代互联网上非常普遍。
### 服务器名称指示(SNI)
-服务器名称指示通常在一个IP地址承载许多网站时使用。 这可能是一个像Cloudflare这样的服务,或其他一些 [拒绝服务攻击](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保护。
+Server Name Indication is typically used when an IP address hosts many websites. 这可能是一个像Cloudflare这样的服务,或其他一些 [拒绝服务攻击](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保护。
-1. 再次开始捕获 `tshark`。 我们用我们的IP地址添加了一个过滤器,所以你不会捕获很多数据包。
+1. 再次开始捕获 `tshark`。 We've added a filter with our IP address, so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
@@ -293,7 +293,7 @@ Governments, in particular [China](https://zdnet.com/article/china-is-now-blocki
ispDNS --> | 否 | nothing(什么都不做)
```
-第三方的加密DNS应该只用于绕过重定向和基本的 [DNS拦截](https://en.wikipedia.org/wiki/DNS_blocking) ,当你能确定不会有任何后果,或者你对一个能做一些基本过滤的供应商感兴趣时。
+Encrypted DNS with a third party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences, or you're interested in a provider that does some rudimentary filtering.
[推荐的DNS服务器列表](../dns.md ""){.md-button}
diff --git a/i18n/zh/advanced/tor-overview.md b/i18n/zh/advanced/tor-overview.md
index 08598cca..d1072949 100644
--- a/i18n/zh/advanced/tor-overview.md
+++ b/i18n/zh/advanced/tor-overview.md
@@ -20,7 +20,7 @@ Tor works by routing your internet traffic through volunteer-operated servers, i
Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
-If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
+If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [destigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
If you have the ability to access a trusted VPN provider and **any** of the following are true, you almost certainly should connect to Tor through a VPN:
diff --git a/i18n/zh/ai-chat.md b/i18n/zh/ai-chat.md
index 34c65595..2ce08176 100644
--- a/i18n/zh/ai-chat.md
+++ b/i18n/zh/ai-chat.md
@@ -26,7 +26,7 @@ Alternatively, you can run AI models locally so that your data never leaves your
### Hardware for Local AI Models
-Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
+Local models are also fairly accessible. It's possible to run smaller models at lower speeds on as little as 8 GB of RAM. Using more powerful hardware such as a dedicated GPU with sufficient VRAM or a modern system with fast LPDDR5X memory offers the best experience.
LLMs can usually be differentiated by the number of parameters, which can vary between 1.3B to 405B for open-source models available for end users. For example, models below 6.7B parameters are only good for basic tasks like text summaries, while models between 7B and 13B are a great compromise between quality and speed. Models with advanced reasoning capabilities are generally around 70B.
@@ -34,9 +34,9 @@ For consumer-grade hardware, it is generally recommended to use [quantized model
| Model Size (in Parameters) | Minimum RAM | Minimum Processor |
| --------------------------------------------- | ----------- | -------------------------------------------- |
-| 7B | 8GB | Modern CPU (AVX2 support) |
-| 13B | 16GB | Modern CPU (AVX2 support) |
-| 70B | 72GB | GPU with VRAM |
+| 7B | 8 GB | Modern CPU (AVX2 support) |
+| 13B | 16 GB | Modern CPU (AVX2 support) |
+| 70B | 72 GB | GPU with VRAM |
To run AI locally, you need both an AI model and an AI client.
@@ -144,7 +144,7 @@ Llamafile also supports LLaVA. However, it doesn't support speech recognition or
Note
-Metadata is not currently deleted from video files but that is planned.
+Metadata is not currently deleted from video files, but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](../data-redaction.md#exiferaser-android).
diff --git a/i18n/zh/basics/account-creation.md b/i18n/zh/basics/account-creation.md
index ae395bc2..9b75b732 100644
--- a/i18n/zh/basics/account-creation.md
+++ b/i18n/zh/basics/account-creation.md
@@ -5,7 +5,7 @@ icon: 'material/account-plus'
description: 在网上创建账户几乎是网络生活的必需品,采取这些步骤来保障您的隐私安全。
---
-人们经常不假思索地注册服务。 也许它是一个流媒体服务,这样你就可以看到每个人都在谈论的新节目,或者一个为你最喜欢的快餐店提供折扣的账户。 无论情况如何,你应该考虑现在和以后对你的数据的影响。
+人们经常不假思索地注册服务。 Maybe it's a streaming service to watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. 无论情况如何,你应该考虑现在和以后对你的数据的影响。
你所使用的每一项新服务都有风险。 数据泄露;向第三方披露客户信息;流氓雇员访问数据;所有这些都是在提供你的信息时必须考虑的可能性。 你需要确信你可以信任该服务,这就是为什么我们不建议将有价值的数据存储在任何东西上,除了最成熟和经过战斗考验的产品。 这通常意味着提供E2EE并经过加密审计的服务。 审计增加了对产品的保证,即产品的设计没有由缺乏经验的开发者造成的明显的安全问题。
@@ -13,11 +13,11 @@ description: 在网上创建账户几乎是网络生活的必需品,采取这
## 用户协议和隐私政策
-服务条款是你在使用服务时同意遵守的规则。 对于较大的服务,这些规则通常由自动系统执行。 有时这些自动系统会犯错误。 例如,你可能因为使用VPN或VOIP号码而被禁止或被锁定在某些服务的账户中。 对这种禁令提出上诉往往很困难,而且也涉及到一个自动程序,并不总是成功。 这将是我们不建议使用Gmail的电子邮件作为例子的原因之一。 电子邮件对于访问你可能已经注册的其他服务至关重要。
+服务条款是你在使用服务时同意遵守的规则。 对于较大的服务,这些规则通常由自动系统执行。 有时这些自动系统会犯错误。 For example, you may be banned or locked out of your account on some services for using a VPN or VoIP number. 对这种禁令提出上诉往往很困难,而且也涉及到一个自动程序,并不总是成功。 这将是我们不建议使用Gmail的电子邮件作为例子的原因之一。 电子邮件对于访问你可能已经注册的其他服务至关重要。
-隐私政策是该服务说他们将如何使用你的数据,它值得阅读,以便你了解你的数据将如何被使用。 一个公司或组织可能在法律上没有义务遵守政策中的所有内容(这取决于司法管辖区)。 我们建议对你当地的法律有一些了解,以及他们允许供应商收集什么。
+The Privacy Policy is how the service says they will use your data, and it is worth reading so that you understand how your data will be used. 一个公司或组织可能在法律上没有义务遵守政策中的所有内容(这取决于司法管辖区)。 我们建议对你当地的法律有一些了解,以及他们允许供应商收集什么。
-我们建议寻找特定的术语,如 "数据收集"、"数据分析"、"cookies"、"广告 "或 "第三方 "服务。 有时你可以选择不收集数据或不分享你的数据,但最好是选择一个从一开始就尊重你的隐私的服务。
+我们建议寻找特定的术语,如 "数据收集"、"数据分析"、"cookies"、"广告 "或 "第三方 "服务。 Sometimes you will be able to opt out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start.
请记住,你也将你的信任寄托在该公司或组织身上,他们会遵守自己的隐私政策。
@@ -42,7 +42,7 @@ description: 在网上创建账户几乎是网络生活的必需品,采取这
#### 邮箱别名
-如果你不想把你的真实电子邮件地址提供给一个服务,你可以选择使用一个别名。 我们在我们的电子邮件服务推荐页面上对它们进行了更详细的描述。 本质上,别名服务允许你生成新的电子邮件地址,将所有电子邮件转发到你的主地址。 这可以帮助防止跨服务的追踪,并帮助你管理有时伴随着注册过程的营销电子邮件。 这些可以根据它们被发送到的别名自动过滤。
+如果你不想把你的真实电子邮件地址提供给一个服务,你可以选择使用一个别名。 我们在我们的电子邮件服务推荐页面上对它们进行了更详细的描述。 本质上,别名服务允许你生成新的电子邮件地址,将所有电子邮件转发到你的主地址。 This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign-up process. 这些可以根据它们被发送到的别名自动过滤。
如果一项服务被黑客攻击,你可能会开始收到钓鱼或垃圾邮件到你用来注册的地址。 为每项服务使用独特的别名,可以帮助准确识别什么服务被黑。
@@ -76,7 +76,7 @@ OAuth在需要服务之间更深入整合的情况下特别有用。 我们的
我们建议避免使用那些需要电话号码才能注册的服务。 A phone number can identify you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted.
-如果可以的话,你应该避免提供你的真实电话号码。 有些服务会允许使用VOIP号码,但是这些号码往往会触发欺诈检测系统,导致账户被锁定,所以我们不建议重要账户使用这种号码。
+如果可以的话,你应该避免提供你的真实电话号码。 Some services will allow the use of VoIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts.
在许多情况下,你将需要提供一个可以接收短信或电话的号码,特别是在国际购物时,以防你的订单在边境检查时出现问题。 服务机构使用你的号码作为验证方法是很常见的;不要因为你想耍小聪明,给了一个假的号码,而让自己被锁定在一个重要的账户之外。
diff --git a/i18n/zh/basics/account-deletion.md b/i18n/zh/basics/account-deletion.md
index 54043066..8bfe2c1c 100644
--- a/i18n/zh/basics/account-deletion.md
+++ b/i18n/zh/basics/account-deletion.md
@@ -27,7 +27,7 @@ description: 积累大量互联网账户很容易,这里有一些关于如何
### 电子邮箱
-如果你过去没有使用密码管理器,或者你认为你有从未被添加到密码管理器的账户,另一个选择是搜索印象里当时注册用的电子邮箱。 在你的电子邮件客户端,搜索关键词,如 "验证 "或 "欢迎"。 几乎每次您创建在线帐户时,注册的服务都会向您的电子邮箱发送验证链接或介绍性消息。 这可能是找到被遗忘的旧账户的一个好方法。
+If you didn't use a password manager in the past, or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. 在你的电子邮件客户端,搜索关键词,如 "验证 "或 "欢迎"。 几乎每次您创建在线帐户时,注册的服务都会向您的电子邮箱发送验证链接或介绍性消息。 这可能是找到被遗忘的旧账户的一个好方法。
## 删除旧账户
@@ -39,7 +39,7 @@ description: 积累大量互联网账户很容易,这里有一些关于如何
### GDPR(仅限欧洲经济区居民)
-Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. 如果适用于你,请阅读任何特定服务的隐私政策,以找到关于如何行使你的删除权的信息。 阅读隐私政策可能被证明是重要的,因为一些服务有一个 "删除账户 "的选项,它只是禁用你的账户,而要真正删除,你必须采取额外行动。 有时,实际删除可能涉及填写调查表、向服务的数据保护人员发送电子邮件,甚至证明你在欧洲经济区拥有住所。 如果你打算这么做, **不要** 覆盖账户信息--你作为欧洲经济区居民的身份可能被要求。 请注意,服务的地点并不重要;GDPR适用于任何为欧洲用户服务的人。 如果服务不尊重你的删除权,你可以联系你的国家的 [数据保护局](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) ,你可能有权获得金钱赔偿。
+Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://gdpr-info.eu/art-17-gdpr) of the GDPR. 如果适用于你,请阅读任何特定服务的隐私政策,以找到关于如何行使你的删除权的信息。 阅读隐私政策可能被证明是重要的,因为一些服务有一个 "删除账户 "的选项,它只是禁用你的账户,而要真正删除,你必须采取额外行动。 有时,实际删除可能涉及填写调查表、向服务的数据保护人员发送电子邮件,甚至证明你在欧洲经济区拥有住所。 如果你打算这么做, **不要** 覆盖账户信息--你作为欧洲经济区居民的身份可能被要求。 请注意,服务的地点并不重要;GDPR适用于任何为欧洲用户服务的人。 If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and may be entitled to monetary compensation.
### 覆盖账户信息
diff --git a/i18n/zh/basics/common-misconceptions.md b/i18n/zh/basics/common-misconceptions.md
index 9aa5d781..1b9c4736 100644
--- a/i18n/zh/basics/common-misconceptions.md
+++ b/i18n/zh/basics/common-misconceptions.md
@@ -63,13 +63,13 @@ schema:
## "复杂的是更好的"
-我们经常看到人们描述的隐私威胁模型过于复杂。 通常情况下,这些解决方案包括许多不同的电子邮件账户或有许多移动部件和条件的复杂设置等问题。 答案通常是“做 *×*的最佳方式是什么?”。
+我们经常看到人们描述的隐私威胁模型过于复杂。 Often, these solutions include problems like multiple email accounts or complicated setups with lots of moving parts and conditions. 答案通常是“做 *×*的最佳方式是什么?”。
为自己寻找 "最佳 "解决方案并不一定意味着你要追求一个有几十种条件的无懈可击的解决方案——这些解决方案往往难以现实地发挥作用。 正如我们之前所讨论的,安全往往是以便利为代价的。 下面,我们提供一些提示。
1. ==行动需要服务于一个特定的目的:==思考如何用最少的行动完成你想要的东西。
2. ==消除人类的失败点:==我们会失败,会累,会忘记事情。 为了维护安全,避免依赖你必须记住的手动条件和流程。
-3. ==为你的意图使用正确的保护水平。==我们经常看到所谓的执法或防传唤解决方案的建议。 这些往往需要专业知识,通常不是人们想要的。 如果你可以通过一个简单的疏忽轻易地去掉匿名,那么为匿名建立一个复杂的威胁模型就没有意义。
+3. ==为你的意图使用正确的保护水平。==我们经常看到所谓的执法或防传唤解决方案的建议。 这些往往需要专业知识,通常不是人们想要的。 There's no point in building an intricate threat model for anonymity if you can be easily deanonymized by a simple oversight.
那么,如何看待这个问题?
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added an obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/zh/basics/common-threats.md b/i18n/zh/basics/common-threats.md
index a0a8885d..29d3694d 100644
--- a/i18n/zh/basics/common-threats.md
+++ b/i18n/zh/basics/common-threats.md
@@ -4,7 +4,7 @@ icon: '资料/视野'
description: 您的威胁模式是您自己量身定制的,但这些是本网站许多访客都关心的一些问题。
---
-广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性==, 你应该使用的工具和服务取决于你的目标。 你可能也有这些类别之外的特定威胁,这完全可以! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。
+广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性==, 你应该使用的工具和服务取决于你的目标。 You may have specific threats outside these categories as well, which is perfectly fine! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。
:material-incognito: **Anonymity**
:
@@ -19,7 +19,7 @@ Being protected from hackers or other malicious actors who are trying to gain ac
:material-package-variant-closed-remove: **Supply Chain Attacks**
:
-Typically a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
+Typically, a form of
:material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
:material-bug-outline: **Passive Attacks**
:
@@ -44,7 +44,7 @@ Protecting yourself from big advertising networks, like Google and Facebook, as
:material-account-search: **Public Exposure**
:
-Limiting the information about you that is accessible online—to search engines or the general public.
+Limiting the information about you that is accessible online—to search engines or the public.
:material-close-outline: **Censorship**
:
@@ -76,7 +76,7 @@ Avoiding censored access to information or being censored yourself when speaking
在应用程序沙盒方面,移动操作系统通常比桌面操作系统更安全。
-应用程序无法获得根访问权限,只能访问您授予它们访问权限的系统资源。 桌面操作系统在成熟的沙箱方面通常比较落后。 ChromeOS具有与安卓类似的沙盒属性,而macOS具有完整的系统权限控制和(针对开发者)可选的应用程序沙盒,然而这些操作系统的确会将识别信息传输给各自的OEM。 Linux倾向于不向系统供应商提交信息,但它对漏洞和恶意应用程序的保护很差。 This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
+应用程序无法获得根访问权限,只能访问您授予它们访问权限的系统资源。 ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt in to sandboxing for applications). ChromeOS具有与安卓类似的沙盒属性,而macOS具有完整的系统权限控制和(针对开发者)可选的应用程序沙盒,然而这些操作系统的确会将识别信息传输给各自的OEM。 Linux倾向于不向系统供应商提交信息,但它对漏洞和恶意应用程序的保护很差。 This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
@@ -143,7 +143,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
-即使有端对端加密,服务提供商仍然可以根据 **元数据**,对你进行剖析,而这些元数据通常不受保护。 虽然服务提供商无法阅读您的消息以查看您所说的内容,但他们仍然可以观察到您正在与谁通话、您给他们发送消息的频率以及您通常活跃的时间等情况。 对元数据的保护是相当不常见的,如果你关心这一点,应该密切关注你所使用的软件的技术文档,看看是否有任何元数据最小化或保护。
+即使有端对端加密,服务提供商仍然可以根据 **元数据**,对你进行剖析,而这些元数据通常不受保护。 While the service provider can't read your messages, they can still observe important things, such as whom you're talking to, how often you message them, and when you're typically active. 对元数据的保护是相当不常见的,如果你关心这一点,应该密切关注你所使用的软件的技术文档,看看是否有任何元数据最小化或保护。
## 大规模监控计划
@@ -156,7 +156,7 @@ On the other hand, web-based E2EE implementations, such as Proton Mail's web app
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org) by the [Electronic Frontier Foundation](https://eff.org).
-In France you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
+In France, you can take a look at the [Technopolice website](https://technopolice.fr/villes) maintained by the non-profit association La Quadrature du Net.
@@ -189,7 +189,7 @@ If you're concerned about mass surveillance programs, you can use strategies lik
确保您的数据私密性的最佳方法是首先不要将其放在外面。 删除你在网上发现的关于自己的信息是你为了恢复隐私可以采取的最佳初步措施之一。 使用内容拦截器等工具来限制对其服务器的网络请求,并阅读你使用的服务的隐私政策,可以帮助你避免许多基本的对手(尽管它不能完全防止跟踪)。[^4]
-在你分享信息的网站上,检查你账户的隐私设置以限制该数据的传播范围是非常重要的。 例如,如果您的帐户具有“隐私模式” ,请启用此功能以确保您的帐户不会被搜索引擎索引,并且不会被未经您事先审核的人查看。 对企业数据收集最有力的保护是尽可能地加密或混淆你的数据,使不同的供应商难以将数据相互关联并建立你的档案。
+Additionally, even companies outside the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. 例如,如果您的帐户具有“隐私模式” ,请启用此功能以确保您的帐户不会被搜索引擎索引,并且不会被未经您事先审核的人查看。 对企业数据收集最有力的保护是尽可能地加密或混淆你的数据,使不同的供应商难以将数据相互关联并建立你的档案。
## 限制公共信息
diff --git a/i18n/zh/basics/email-security.md b/i18n/zh/basics/email-security.md
index cccfb269..35c36345 100644
--- a/i18n/zh/basics/email-security.md
+++ b/i18n/zh/basics/email-security.md
@@ -29,13 +29,13 @@ description: 电子邮件在许多方面本身就不安全,以下是它不是
### 哪些电子邮件客户端支持端到端加密?
-允许你使用IMAP和SMTP等标准访问协议的电子邮件提供商可以与我们推荐的任何 [电子邮件客户端一起使用](../email-clients.md)。 根据认证方法,如果供应商或电子邮件客户端不支持OATH或桥接应用,这可能会导致安全性下降,因为 [多因素认证](/basics/multi-factor-authentication/) ,不可能使用普通密码认证。
+允许你使用IMAP和SMTP等标准访问协议的电子邮件提供商可以与我们推荐的任何 [电子邮件客户端一起使用](../email-clients.md)。 Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multifactor authentication](multi-factor-authentication.md) is not possible with plain password authentication.
### 我如何保护我的私钥?
-A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. 然后,该信息被智能卡解密,解密后的内容被送回设备。
+A smart card (such as a [YubiKey](https://support.yubico.com/hc/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](../security-keys.md#nitrokey)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc.) running an email/webmail client. The message is then decrypted by the smart card and the decrypted content is sent back to the device.
-在智能卡上进行解密是很有利的,这样可以避免将你的私钥暴露给某个被攻破的设备。
+It is advantageous for the decryption to occur on the smart card to avoid possibly exposing your private key to a compromised device.
## 电子邮件元数据概述
@@ -49,4 +49,4 @@ A smartcard (such as a [YubiKey](https://support.yubico.com/hc/articles/36001379
### 为什么元数据不能被端到端加密?
-电子邮件元数据对于电子邮件最基本的功能(它从哪里来,又要到哪里去)至关重要。 E2EE最初没有内置于电子邮件协议中,而是需要像OpenPGP这样的附加软件。 因为OpenPGP信息仍然要与传统的电子邮件供应商合作,它不能对电子邮件元数据进行加密,只能对信息主体本身进行加密。 这意味着,即使使用OpenPGP,外部观察者也可以看到你的信息的很多信息,如你给谁发电子邮件,主题行,你什么时候发电子邮件,等等。
+电子邮件元数据对于电子邮件最基本的功能(它从哪里来,又要到哪里去)至关重要。 E2EE最初没有内置于电子邮件协议中,而是需要像OpenPGP这样的附加软件。 因为OpenPGP信息仍然要与传统的电子邮件供应商合作,它不能对电子邮件元数据进行加密,只能对信息主体本身进行加密。 That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as whom you're emailing, the subject lines, when you're emailing, etc.
diff --git a/i18n/zh/basics/hardware.md b/i18n/zh/basics/hardware.md
index 9ef5f632..ee98de98 100644
--- a/i18n/zh/basics/hardware.md
+++ b/i18n/zh/basics/hardware.md
@@ -55,7 +55,7 @@ Most implementations of face authentication require you to be looking at your ph
警告
-Some devices do not have the proper hardware for secure face authentication. There's two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
+Some devices do not have the proper hardware for secure face authentication. There are two main types of face authentication: 2D and 3D. 3D face authentication makes use of a dot projector that lets the device create a 3D depth map of your face. Make sure that your device has this capability.
@@ -102,7 +102,7 @@ A dead man's switch stops a piece of machinery from operating without the presen
Some laptops are able to [detect](https://support.microsoft.com/en-us/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb) when you're present and can lock automatically when you aren't sitting in front of the screen. You should check the settings in your OS to see if your computer supports this feature.
-You can also get cables, like [Buskill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
+You can also get cables, like [BusKill](https://buskill.in), that will lock or wipe your computer when the cable is disconnected.
### Anti-Interdiction/Evil Maid Attack
diff --git a/i18n/zh/basics/multi-factor-authentication.md b/i18n/zh/basics/multi-factor-authentication.md
index c8ee6bb5..98bfc8d1 100644
--- a/i18n/zh/basics/multi-factor-authentication.md
+++ b/i18n/zh/basics/multi-factor-authentication.md
@@ -1,10 +1,10 @@
---
-title: "多因素认证"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
-**多因素认证** 是一种安全机制,除了输入用户名(或电子邮件)和密码外,还需要其他步骤。 最常见的方法可能是你需要从短信或应用程序中收到限时代码。
+**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. 最常见的方法可能是你需要从短信或应用程序中收到限时代码。
通常,如果黑客(或对手)能够找出您的密码,那么他们就能够访问密码所属的帐户。 有MFA的账户迫使黑客同时拥有密码(你 *知道*的东西)和你的设备(你 *拥有*的东西),比如你的手机。
@@ -26,7 +26,7 @@ MFA方法的安全性各不相同,但都是基于同样的前提:攻击者
### 基于时间的一次性密码(TOTP)。
-TOTP是目前最常见的MFA形式之一。 当你设置TOTP时,一般要求你扫描一个 [二维码](https://en.wikipedia.org/wiki/QR_code) ,与你打算使用的服务建立一个"[共享密钥](https://en.wikipedia.org/wiki/Shared_secret)" 。 共享密钥在身份验证器应用程序的数据中得到保护,有时还会受到密码保护。
+TOTP是目前最常见的MFA形式之一。 当你设置TOTP时,一般要求你扫描一个 [二维码](https://en.wikipedia.org/wiki/QR_code) ,与你打算使用的服务建立一个"[共享密钥](https://en.wikipedia.org/wiki/Shared_secret)" 。 The shared secret is secured inside the authenticator app's data, and is sometimes protected by a password.
然后,时限代码可以由共享密钥和当前时间派生。 由于代码只在很短的时间内有效,在无法获得共享密钥的情况下,对手无法生成新的代码。
@@ -82,7 +82,7 @@ This presentation discusses the history of password authentication, the pitfalls
与任何MFA方法相比, FIDO2和WebAuthn都具有更加卓越的安全性和隐私性。
-通常对于web服务,使用的WebAuthn是 [W3C建议](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))的一部分。 它使用公钥身份验证,比Yubico OTP和TOTP方法中使用的共享密文更安全,因为它包括身份验证期间的来源名称(通常是域名)。 提供认证是为了保护您免受网络钓鱼攻击,因为它可以帮助您确定您使用的是真实的服务,而不是伪造的副本。
+Typically, for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). 它使用公钥身份验证,比Yubico OTP和TOTP方法中使用的共享密文更安全,因为它包括身份验证期间的来源名称(通常是域名)。 提供认证是为了保护您免受网络钓鱼攻击,因为它可以帮助您确定您使用的是真实的服务,而不是伪造的副本。
与Yubico OTP不同, WebAuthn不使用任何公共ID ,因此密钥 **不能** 在不同的网站之间被识别。 它也不使用任何第三方云服务器进行认证。 所有的通信都是在钥匙和你正在登录的网站之间完成的。 FIDO还有会在使用时递增的计数器,以防止会话复用和密钥克隆。
@@ -116,15 +116,15 @@ When using TOTP with an authenticator app, be sure to back up your recovery keys
## MFA适用的更多场合
-除了保护你的网站登录之外,多因素认证还可以用来保护你的本地登录、SSH密钥甚至是密码数据库。
+Beyond just securing your website logins, multifactor authentication can be used to secure your local logins, SSH keys or even password databases as well.
### mac系统
-macOS [原生支持](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 使用智能卡(PIV)进行认证。 如果你有一张支持PIV接口的智能卡或硬件安全钥匙,如YubiKey,我们建议你按照你的智能卡/硬件安全供应商的文档,为你的macOS电脑设置第二要素认证。
+macOS [原生支持](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 使用智能卡(PIV)进行认证。 If you have a smart card or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smart card or hardware security vendor's documentation and set up second factor authentication for your macOS computer.
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/articles/360016649059) which can help you set up your YubiKey on macOS.
-设置智能卡/安全密钥后,我们建议在终端中运行此命令:
+After your smart card/security key is set up, we recommend running this command in the Terminal:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
@@ -159,4 +159,4 @@ SSH MFA也可以使用TOTP进行设置。 DigitalOcean has provided a tutorial [
### KeePass (和KeePassXC)
-KeePass和KeePassXC数据库可以使用质询响应或HOTP作为第二因素身份验证进行保护。 Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
+KeePass and KeePassXC databases can be secured using HOTP or Challenge-Response as a second-factor of authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
diff --git a/i18n/zh/basics/passwords-overview.md b/i18n/zh/basics/passwords-overview.md
index 6f1ce748..54e4ea16 100644
--- a/i18n/zh/basics/passwords-overview.md
+++ b/i18n/zh/basics/passwords-overview.md
@@ -24,7 +24,7 @@ description: These are some tips and tricks on how to create the strongest passw
除非你有理由相信它已被泄露,否则应避免过于频繁地更改你必须记住的密码(比如密码管理器的主密码),因为过于频繁地更改密码提高了你忘记密码的风险。
-而那些你不需要记住的密码(如存储在密码管理器内的密码),如果你的 [威胁模型](threat-modeling.md) 有需求,我们建议每隔几个月对重要账户(尤其是不使用多因认证的账户)进行检查并更改其密码,以防它们在尚未公开的数据泄露事件中被泄露。 大多数密码管理器允许你为你的密码设置一个到期日,使之更容易管理。
+When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. 大多数密码管理器允许你为你的密码设置一个到期日,使之更容易管理。
Checking for data breaches
@@ -54,13 +54,13 @@ Diceware是一种创建密码的方法,这种密码容易记忆,但很难猜
Note
-These instructions assume that you are using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. 其他词表可能需要更多或更少的回合,也可能需要不同数量的词来实现相同的熵值。
+These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
1. 掷一个六面体的骰子五次,每次掷完都记下数字。
-2. 举个例子,假设你掷出 `2-5-2-6-6`。 Look through the [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
+2. 举个例子,假设你掷出 `2-5-2-6-6`。 Look through the [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
3. 你可以得到这个词 `encrypt` 把这个词写下来。
@@ -75,25 +75,25 @@ These instructions assume that you are using [EFF's large wordlist](https://eff.
如果你没有或者不愿意使用真正的骰子,你可以使用你的密码管理器的内置密码生成器,因为除了常规密码之外,大多数密码管理器都有生成骰子密码的选项。
-We recommend using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
+We recommend using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [word lists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
Explanation of entropy and strength of diceware passphrases
-To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
+To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as and the overall entropy of the passphrase is calculated as:
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy (), and a seven word passphrase derived from it has ~90.47 bits of entropy ().
-The [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
+The [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is , or in our case, .
-Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
+Let's put all of this in perspective: A seven word passphrase using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
平均而言,需要尝试所有可能的组合中的50%来猜测你的短语。 考虑到这一点,即使你的对手每秒能够猜出1,000,000,000,000次,他们仍然需要27,255,689年才能猜出你的口令。 即使以下情况属实,情况也是如此:
- 你的对手知道你使用了diceware方法。
-- 你的对手知道你使用的具体词表。
+- Your adversary knows the specific word list that you used.
- 你的对手知道你的口令包含多少个字。
@@ -113,7 +113,7 @@ Let's put all of this in perspective: A seven word passphrase using [EFF's large
Don't place your passwords and TOTP tokens inside the same password manager
-When using [TOTP codes as multi-factor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
+When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
你应该使用专门的[TOTP应用程序](.../multi-factor-authentication.md/#authenticator-apps)来代替。
diff --git a/i18n/zh/basics/threat-modeling.md b/i18n/zh/basics/threat-modeling.md
index a65bc200..832e95a6 100644
--- a/i18n/zh/basics/threat-modeling.md
+++ b/i18n/zh/basics/threat-modeling.md
@@ -35,7 +35,7 @@ description: 在安全、隐私和可用性之间取得平衡是你在隐私之
要回答这个问题,重要的是要确定你或你的信息可能是谁的目标。 ==对您的资产构成威胁的个人或实体就是"对手"。==举例来说对手可能有你的老板,你的前合伙人,你的商业竞争对手,你的政府或公共网络上的黑客。
-*列出一份名单,包含你的对手或那些可能想要掌握你的资产的人。 你的名单可能包括个人、政府机构或公司。*
+*Make a list of your adversaries or those who might want to get hold of your assets. 你的名单可能包括个人、政府机构或公司。*
取决于你的对手是谁,这个列表可能是你在完成威胁模型后想要销毁的东西。
diff --git a/i18n/zh/browser-extensions.md b/i18n/zh/browser-extensions.md
index 47d31ef6..b2e7731a 100644
--- a/i18n/zh/browser-extensions.md
+++ b/i18n/zh/browser-extensions.md
@@ -86,7 +86,7 @@ uBlock Origin Lite only receives block list updates whenever the extension is up
### AdGuard
-We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, Adguard provides an adequate alternative:
+We recommend [Safari](mobile-browsers.md#safari-ios) for iOS users, which unfortunately is not supported by uBlock Origin. Luckily, AdGuard provides an adequate alternative:
diff --git a/i18n/zh/calendar.md b/i18n/zh/calendar.md
index 79038ab2..6b374b94 100644
--- a/i18n/zh/calendar.md
+++ b/i18n/zh/calendar.md
@@ -19,7 +19,7 @@ cover: calendar.webp
{ align=right }
{ align=right }
-**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tuta.com/calendar-app-comparison).
+**Tuta** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multifactor authentication, and [more](https://tuta.com/calendar-app-comparison).
多个日历和扩展的共享功能仅限于付费用户。
diff --git a/i18n/zh/cloud.md b/i18n/zh/cloud.md
index 253bb372..732d31fc 100644
--- a/i18n/zh/cloud.md
+++ b/i18n/zh/cloud.md
@@ -28,7 +28,7 @@ Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for
{ align=right }
-**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5GB.
+**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@@ -119,7 +119,7 @@ Running a local version of Peergos alongside a registered account on their paid,
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
-An Android app is not available but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
+An Android app is not available, but it is [in the works](https://discuss.privacyguides.net/t/peergos-private-storage-sharing-social-media-and-application-platform/11825/25). The current workaround is to use the mobile [PWA](https://peergos.net) instead.
## Criteria
@@ -129,7 +129,7 @@ An Android app is not available but it is [in the works](https://discuss.privacy
- 使用端到端加密
- 必须提供免费计划或试用期进行测试。
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 必须提供一个支持基本文件管理功能的网络界面。
- 必须允许所有文件/文档的轻松导出。
diff --git a/i18n/zh/cryptocurrency.md b/i18n/zh/cryptocurrency.md
index cb04e154..a66a1849 100644
--- a/i18n/zh/cryptocurrency.md
+++ b/i18n/zh/cryptocurrency.md
@@ -75,7 +75,7 @@ There are numerous centralized exchanges (CEX) as well as P2P marketplaces where
- [Kraken](https://kraken.com): A well-known CEX. Registration and KYC are mandatory. Card payments and bank transfers accepted. Make sure not to leave your newly purchased Monero on Kraken's platform after the purchase; withdraw them to a self-custody wallet. Monero is not available in all jurisdictions that Kraken operates in.[^1]
- [Cake Wallet](https://cakewallet.com): A self-custody cross-platform wallet for Monero and other cryptocurrencies. You can buy Monero directly in the app using card payments or bank transfers (through third-party providers such as [Guardarian](https://guardarian.com) or [DFX](https://dfx.swiss)).[^2] KYC is usually not required, but it depends on your country and the amount you are purchasing. In countries where directly purchasing Monero is not possible, you can also use a provider within Cake Wallet to first buy another cryptocurrency such as Bitcoin, Bitcoin Cash, or Litecoin and then exchange it to Monero in-app.
- [Monero.com](https://monero.com) is an associated website where you can buy Monero and other cryptocurrencies without having to download an app. The funds will simply be sent to the wallet address of your choice.
-- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, Paypal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
+- [RetoSwap](https://retoswap.com) (formerly known as Haveno-Reto) is a self-custody, decentralized P2P exchange platform based on the [Haveno](https://haveno.exchange) project which is available for Linux, Windows, and macOS. Monero can be bought and sold with maximum privacy, since most trading counterparties do not require KYC, trades are made directly between users (P2P), and all connections run through the Tor network. It is possible to buy Monero via bank transfer, PayPal, or even by paying in cash (meeting in person or sending by mail). Arbitrators can step in to resolve disputes between buyer and seller, but be careful when sharing your bank account or other sensitive information with your trading counterparty. Trading with some accounts may be against those accounts' terms of service.
## Criteria
diff --git a/i18n/zh/data-broker-removals.md b/i18n/zh/data-broker-removals.md
index 24c607c3..ab08fd1c 100644
--- a/i18n/zh/data-broker-removals.md
+++ b/i18n/zh/data-broker-removals.md
@@ -56,11 +56,11 @@ This sets you up on a nice schedule to re-review each website approximately ever
Once you have opted-out of all of these sites for the first time, it's best to wait a week or two for the requests to propagate to all their sites. Then, you can start to search and opt-out of any remaining sites you find. It can be a good idea to use a web crawler like [Google's _Results about you_](#google-results-about-you-free) tool to help find any data that remains on the internet.
-Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go though each site to determine whether they have your information, and remove it:
+Otherwise, privacy journalist Yael Grauer has compiled an excellent list of data broker sites with direct links to their search tools and opt-out pages. You can take some time to go through each site to determine whether they have your information, and remove it:
[:simple-github: Big Ass Data Broker Opt-Out List](https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List){ .md-button }
-If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand new people search sites even after you opt-out.
+If you don't use an automatic scanner to find results about you, consider setting a reminder to re-do this process every 3, 6, or 12 months depending on your risk level and the amount of personal data you have out there. Unfortunately, it is common for your data to re-appear over time or show up on brand-new people search sites even after you opt out.
## EasyOptOuts Paid
@@ -125,7 +125,7 @@ In our testing, this tool worked to reliably remove people search sites from Goo
Our picks for removal services are primarily based on independent professional testing from third-parties as noted in the sections above, our own internal testing, and aggregated reviews from our community.
-- Must not be a whitelabeled service or reseller of another provider.
+- Must not be a white labeled service or reseller of another provider.
- Must not be affiliated with the data broker industry or purchase advertising on people search sites.
- Must only use your personal data for the purposes of opting you out of data broker databases and people search sites.
diff --git a/i18n/zh/desktop-browsers.md b/i18n/zh/desktop-browsers.md
index 3a8c8940..367b1a47 100644
--- a/i18n/zh/desktop-browsers.md
+++ b/i18n/zh/desktop-browsers.md
@@ -109,7 +109,7 @@ Mullvad 浏览器一直在无痕浏览模式下运行,这意味着每次关闭
### Mullvad Leta
-Mullvad 浏览器将 DuckDuckGo 设置为默认的 [搜索引擎](search-engines.md),但它也预装了 **Mullvad Leta**,这是一个需要订阅 Mullvad VPN 才能访问的搜索引擎。 Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. 因此,我们不建议使用 Mullvad Leta,虽然 Mullvad 对 VPN 用户信息收集得很少。
+Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes pre-installed with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly, which is why it is limited to paying subscribers. However, it is possible for Mullvad to correlate search queries and Mullvad VPN accounts because of this limitation. 因此,我们不建议使用 Mullvad Leta,虽然 Mullvad 对 VPN 用户信息收集得很少。
## Firefox(火狐浏览器)
@@ -189,7 +189,7 @@ According to Mozilla's privacy policy for Firefox,
> 火狐浏览器会向我们发送有关您的火狐浏览器版本和语言、设备操作系统和硬件配置、内存、有关崩溃和错误的基本信息以及更新、安全浏览和激活等自动处理结果的数据。 当火狐浏览器向我们发送数据时,您的IP地址会被暂时收集,作为我们服务器日志的一部分。
-Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt-out:
+Additionally, the Mozilla Accounts service collects [some technical data](https://mozilla.org/privacy/mozilla-accounts). If you use a Mozilla Account you can opt out:
1. 在 accounts.firefox.com上打开你的
@@ -211,7 +211,7 @@ With the release of Firefox 128, a new setting for [privacy-preserving attributi
- [x] 选择 **启用所有窗口的纯HTTPS-Only模式**
-这可以防止你无意中以纯文本的HTTP方式连接到一个网站。 现在没有HTTPS的网站已经不多见了,所以这对你的日常浏览应该没有什么影响。
+这可以防止你无意中以纯文本的HTTP方式连接到一个网站。 Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day-to-day browsing.
@@ -314,7 +314,7 @@ Brave allows you to select additional content filters within the internal `brave
-1. This option disables JavaScript, which will break a lot of sites. To unbreak them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
+1. This option disables JavaScript, which will break a lot of sites. To fix them, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
2. If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis by clicking on the Shield icon in the address bar and unchecking this setting under *Advanced controls*.
diff --git a/i18n/zh/desktop.md b/i18n/zh/desktop.md
index df06f504..5a2196a6 100644
--- a/i18n/zh/desktop.md
+++ b/i18n/zh/desktop.md
@@ -101,7 +101,7 @@ These operating systems differ from Fedora Workstation as they replace the [DNF]
After the update is complete, you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily roll back if something breaks in the new deployment. There is also the option to pin more deployments as needed.
-[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
+[Flatpak](https://flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbx](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox) to create [Podman](https://podman.io) containers which mimic a traditional Fedora environment, a [useful feature](https://containertoolbx.org) for the discerning developer. These containers share a home directory with the host operating system.
@@ -123,7 +123,7 @@ NixOS是一个基于Nix软件包管理器的独立发行版,注重可重复性
NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
-NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
+NixOS also provides atomic updates. It first downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation: you can tell NixOS to activate it after reboot, or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
The Nix package manager uses a purely functional language—which is also called Nix—to define packages.
diff --git a/i18n/zh/device-integrity.md b/i18n/zh/device-integrity.md
index 24448eb4..6122b37f 100644
--- a/i18n/zh/device-integrity.md
+++ b/i18n/zh/device-integrity.md
@@ -28,7 +28,7 @@ This means an attacker would have to regularly re-infect your device to retain a
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us)
-- If a business or government device is compromised: the appropriate security liason at your enterprise, department, or agency
+- If a business or government device is compromised: the appropriate security liaison at your enterprise, department, or agency
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@@ -129,7 +129,7 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
-iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
+iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
## On-Device Verification
diff --git a/i18n/zh/dns.md b/i18n/zh/dns.md
index a03daa45..6296a714 100644
--- a/i18n/zh/dns.md
+++ b/i18n/zh/dns.md
@@ -75,7 +75,7 @@ AdGuard Home有一个精致的网络界面,可以查看洞察力和管理被
## Cloud-Based DNS Filtering
-These DNS filtering solutions offer a web dashboard where you can customize the blocklists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
+These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
### Control D
@@ -164,7 +164,7 @@ NextDNS also offers public DNS-over-HTTPS service at `https://dns.nextdns.io` an
-While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a Wireguard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
+While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot with the app by [adding a WireGuard configuration](https://docs.rethinkdns.com/proxy/wireguard) or [manually configuring Orbot as a Proxy server](https://docs.rethinkdns.com/firewall/orbot), respectively.
### dnscrypt-proxy
diff --git a/i18n/zh/document-collaboration.md b/i18n/zh/document-collaboration.md
index 9bf30ec2..dde20069 100644
--- a/i18n/zh/document-collaboration.md
+++ b/i18n/zh/document-collaboration.md
@@ -86,4 +86,4 @@ In general, we define collaboration platforms as full-fledged suites which could
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
-- Should support TOTP or FIDO2 multi-factor authentication support, or passkey logins.
+- Should support TOTP or FIDO2 multifactor authentication support, or passkey logins.
diff --git a/i18n/zh/email-aliasing.md b/i18n/zh/email-aliasing.md
index c33f2bff..29f37d77 100644
--- a/i18n/zh/email-aliasing.md
+++ b/i18n/zh/email-aliasing.md
@@ -80,7 +80,7 @@ If you cancel your subscription, you will still enjoy the features of your paid
-{ align=right }
+{ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
diff --git a/i18n/zh/email.md b/i18n/zh/email.md
index c9317646..a82bfcc3 100644
--- a/i18n/zh/email.md
+++ b/i18n/zh/email.md
@@ -58,7 +58,7 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key
! [Proton Mail徽标] (assets/img/email/protonmail.svg) {align = right}
-* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 They have been in operation since 2013. Proton公司总部位于瑞士日内瓦。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -97,7 +97,7 @@ Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in
#### :material-check:{ .pg-green } Account Security
-Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
+Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.
#### :material-check:{ .pg-green } Data Security
@@ -117,7 +117,7 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
#### :material-information-outline:{ .pg-blue } Additional Functionality
-Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500GB of storage.
+Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
Proton Mail不提供数字遗留功能。
@@ -127,7 +127,7 @@ Proton Mail不提供数字遗留功能。
{ align=right }
-**Mailbox.org**是一个专注于安全、无广告、并由100%环保能源私人提供的电子邮件服务。 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+**Mailbox.org**是一个专注于安全、无广告、并由100%环保能源私人提供的电子邮件服务。 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -148,11 +148,11 @@ Mailbox.org lets you use your own domain, and they support [catch-all](https://k
#### :material-check:{ .pg-green } Private Payment Methods
-Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
+Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and a couple of German-specific processors: paydirekt and Sofortüberweisung.
#### :material-check:{ .pg-green } Account Security
-Mailbox.org supports [two factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
+Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
@@ -172,7 +172,7 @@ Your account will be set to a restricted user account when your contract ends. I
#### :material-information-outline:{ .pg-blue } Additional Functionality
-You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
+You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
@@ -195,7 +195,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
{ align=right }
{ align=right }
-**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+**Tuta** (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-home-16: Homepage](https://tuta.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tuta.com/privacy){ .card-link title="Privacy Policy" }
@@ -226,11 +226,11 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
-Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with Proxystore.
+Tuta only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
-Tuta supports [two factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
+Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
@@ -297,7 +297,7 @@ We regard these features as important in order to provide a safe and optimal ser
**符合条件的最低要求。**
- Encrypts email account data at rest with zero-access encryption.
-- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
+- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
diff --git a/i18n/zh/encryption.md b/i18n/zh/encryption.md
index 03aa21a8..5f79d0c4 100644
--- a/i18n/zh/encryption.md
+++ b/i18n/zh/encryption.md
@@ -115,7 +115,7 @@ VeraCrypt is a fork of the discontinued TrueCrypt project. According to its deve
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
-Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
+TrueCrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## Operating System Encryption
@@ -189,7 +189,7 @@ Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device
{ align=right }
-**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple silicon SoC or T2 Security Chip.
+**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault takes advantage of the [hardware security capabilities](os/macos-overview.md#hardware-security) present on an Apple Silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title="Documentation" }
diff --git a/i18n/zh/file-sharing.md b/i18n/zh/file-sharing.md
index 128dce8a..4fcb77ca 100644
--- a/i18n/zh/file-sharing.md
+++ b/i18n/zh/file-sharing.md
@@ -13,7 +13,7 @@ Discover how to privately share your files between your devices, with your frien
## 文件共享
-If you have already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
+If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarden](passwords.md#bitwarden) Premium[^2] subscription, consider using the file sharing capabilities that they each offer, both of which use end-to-end encryption. Otherwise, the standalone options listed here ensure that the files you share are not read by a remote server.
### Send
diff --git a/i18n/zh/frontends.md b/i18n/zh/frontends.md
index 9e423d05..8748b2c9 100644
--- a/i18n/zh/frontends.md
+++ b/i18n/zh/frontends.md
@@ -251,7 +251,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, LibreTube
-{ align=right }
+{ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org) (1).
diff --git a/i18n/zh/index.md b/i18n/zh/index.md
index f8df4f70..80ed8e62 100644
--- a/i18n/zh/index.md
+++ b/i18n/zh/index.md
@@ -91,7 +91,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton公司总部位于瑞士日内瓦。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[:octicons-arrow-right-24: Read Full Review](email.md#proton-mail)
@@ -99,7 +99,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[:octicons-arrow-right-24: Read Full Review](email.md#mailboxorg)
@@ -107,7 +107,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[:octicons-arrow-right-24: Read Full Review](email.md#tuta)
@@ -172,7 +172,7 @@ As seen in **WIRED**, **Tweakers.net**, **The New York Times**, and many other p
## What are privacy tools?
-We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can adopt to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
+We recommend a wide variety of **privacy tools** (a.k.a. *privacy apps*, *privacy utilities*, *privacy software*) spanning software and hardware that you can use to improve your privacy. Many of the tools we recommend are completely free to use and open-source software, while some are commercial services available for purchase. Switching from mainstream data-hungry software like Google Chrome and Windows to privacy-focused tools like [Brave](desktop-browsers.md#brave) and [Linux](desktop.md) can go a long way towards controlling the information you share with companies and others.
[:material-check-all: Our General Criteria](about/criteria.md){ class="md-button" }
diff --git a/i18n/zh/meta/brand.md b/i18n/zh/meta/brand.md
index 8e3d9954..3afe36ff 100644
--- a/i18n/zh/meta/brand.md
+++ b/i18n/zh/meta/brand.md
@@ -12,7 +12,7 @@ The name of the website is **Privacy Guides** and should **not** be changed to:
- PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
+The name of the Subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
diff --git a/i18n/zh/meta/translations.md b/i18n/zh/meta/translations.md
index ff5406c7..1f67cd98 100644
--- a/i18n/zh/meta/translations.md
+++ b/i18n/zh/meta/translations.md
@@ -27,8 +27,8 @@ For examples like the above admonitions, quotation marks, e.g.: `" "` must be us
## Fullwidth alternatives and Markdown syntax
-CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for markdown syntax.
+CJK writing systems tend to use alternative "fullwidth" variants of common symbols. These are different characters and cannot be used for Markdown syntax.
-- Links must use regular parenthesis ie `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
+- Links must use regular parenthesis i.e. `(` (Left Parenthesis U+0028) and `)` (Right Parenthesis U+0029) and not `(` (Fullwidth Left Parenthesis U+FF08) or `)` (Fullwidth Right Parenthesis U+FF09)
- Indented quoted text must use `:` (Colon U+003A) and not `:` (Fullwidth Colon U+FF1A)
- Pictures must use `!` (Exclamation Mark U+0021) and not `!` (Fullwidth Exclamation Mark U+FF01)
diff --git a/i18n/zh/meta/uploading-images.md b/i18n/zh/meta/uploading-images.md
index 6455beb0..5ea9570f 100644
--- a/i18n/zh/meta/uploading-images.md
+++ b/i18n/zh/meta/uploading-images.md
@@ -48,7 +48,7 @@ In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
-- [x] Turn on **Embeded raster images**
+- [x] Turn on **Embedded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
diff --git a/i18n/zh/meta/writing-style.md b/i18n/zh/meta/writing-style.md
index 49e877b1..fdf7bb1d 100644
--- a/i18n/zh/meta/writing-style.md
+++ b/i18n/zh/meta/writing-style.md
@@ -64,7 +64,7 @@ We should try to avoid abbreviations where possible, but technology is full of a
## Be concise
-> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective.
+> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject-matter expert, so it’s important to have someone look at the information from the audience’s perspective.
Source: [plainlanguage.gov](https://plainlanguage.gov/guidelines/concise)
diff --git a/i18n/zh/mobile-browsers.md b/i18n/zh/mobile-browsers.md
index 737487a0..028aac60 100644
--- a/i18n/zh/mobile-browsers.md
+++ b/i18n/zh/mobile-browsers.md
@@ -247,7 +247,7 @@ These options can be found in :material-menu: → :gear: **Settings** → **Priv
These options can be found in :material-menu: → :gear: **Settings** → **Adblock Plus settings**.
-Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **FIlter lists** menu.
+Cromite contains a customized version of Adblock Plus with EasyList enabled by default, as well as options to select more filter lists within the **Filter lists** menu.
Using extra lists will make you stand out from other Cromite users and may also increase attack surface if a malicious rule is added to one of the lists you use.
@@ -271,7 +271,7 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
{ align=right }
-**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
+**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/ios) such as [Intelligent Tracking Prevention](https://webkit.org/blog/7675/intelligent-tracking-prevention), isolated and ephemeral Private Browsing tabs, fingerprinting protection (by presenting a simplified version of the system configuration to websites, so more devices look identical), and fingerprint randomization, as well as Private Relay for those with a paid iCloud+ subscription.
[:octicons-home-16: Homepage](https://apple.com/safari){ .md-button .md-button--primary }
[:octicons-eye-16:](https://apple.com/legal/privacy/data/en/safari){ .card-link title="Privacy Policy" }
@@ -372,7 +372,7 @@ Open Safari and tap the Tabs button, located in the bottom right. Then, expand t
- [x] Select **Private**
-Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature.
+Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are other smaller privacy benefits with Private Browsing too, such as not sending a webpage’s address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed in to sites. This may be an inconvenience.
diff --git a/i18n/zh/multi-factor-authentication.md b/i18n/zh/multi-factor-authentication.md
index 37c27507..b5a08028 100644
--- a/i18n/zh/multi-factor-authentication.md
+++ b/i18n/zh/multi-factor-authentication.md
@@ -1,7 +1,7 @@
---
-title: "多因素认证"
+title: "Multifactor Authentication"
icon: 'material/two-factor-authentication'
-description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
+description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
cover: multi-factor-authentication.webp
---
@@ -16,7 +16,7 @@ cover: multi-factor-authentication.webp
Example
-Replace `[SUBREDDIT]` with the subreddit you wish to subscribe to.
+Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
```text
https://reddit.com/r/[SUBREDDIT]/new/.rss
diff --git a/i18n/zh/notebooks.md b/i18n/zh/notebooks.md
index 699e8b48..844ebbfc 100644
--- a/i18n/zh/notebooks.md
+++ b/i18n/zh/notebooks.md
@@ -9,7 +9,7 @@ cover: notebooks.webp
- [:material-server-network: 服务提供商](basics/common-threats.md#privacy-from-service-providers ""){.pg-teal}
-Keep track of your notes and journalings without giving them to a third-party.
+Keep track of your notes and journals without giving them to a third party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
@@ -84,7 +84,7 @@ Standard Notes has [joined Proton AG](https://standardnotes.com/blog/joining-for
{ align=right }
-**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
+**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle numerous markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy){ .card-link title="Privacy Policy" }
@@ -133,7 +133,7 @@ Joplin does not [support](https://github.com/laurent22/joplin/issues/289) passwo
-Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
+Cryptee offers 100 MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
diff --git a/i18n/zh/os/android-overview.md b/i18n/zh/os/android-overview.md
index 9b5b6e7b..64d429f5 100644
--- a/i18n/zh/os/android-overview.md
+++ b/i18n/zh/os/android-overview.md
@@ -84,7 +84,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
Note
-Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
+Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -114,7 +114,7 @@ Like user profiles, a private space is encrypted using its own encryption key, a
Unlike work profiles, Private Space is a feature native to Android that does not require a third-party app to manage it. For this reason, we generally recommend using a private space over a work profile, though you can use a work profile alongside a private space.
-### VPN Killswitch
+### VPN kill switch
Android 7 and above supports a VPN kill switch, and it is available without the need to install third-party apps. 如果VPN断开连接,此功能可以防止泄漏。 可以在 :gear: **设置** → **网络 & 互联网** → **VPN** → :gear: → **阻止没有VPN的连接**。
@@ -124,7 +124,7 @@ Android 7 and above supports a VPN kill switch, and it is available without the
## Google Services
-If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. 我们仍然建议完全避免使用谷歌服务,或者通过将 *Shelter* 等设备控制器与GrapheneOS的沙盒化谷歌游戏结合起来,将谷歌游戏服务限制在特定的用户/工作档案中。
+If you are using a device with Google services—whether with the stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS—there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play Services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### 高级保护计划
diff --git a/i18n/zh/os/ios-overview.md b/i18n/zh/os/ios-overview.md
index 65399e9a..8944012b 100644
--- a/i18n/zh/os/ios-overview.md
+++ b/i18n/zh/os/ios-overview.md
@@ -125,7 +125,7 @@ If you don't want anyone to be able to control your phone with Siri when it is l
#### Face ID/Touch ID & Passcode
-Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make tradeoffs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
+Setting a strong password on your phone is the most important step you can take for physical device security. You'll have to make trade-offs here between security and convenience: A longer password will be annoying to type in every time, but a shorter password or PIN will be easier to guess. Setting up Face ID or Touch ID along with a strong password can be a good compromise between usability and security.
Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** → **Custom Alphanumeric Code**. Make sure that you create a [secure password](../basics/passwords-overview.md).
@@ -133,7 +133,7 @@ If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
-On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance so you know which method works for your device.
+On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
@@ -247,7 +247,7 @@ Similarly, rather than allow an app to access all the contacts saved on your dev
iOS offers the ability to lock most apps behind Touch ID/Face ID or your passcode, which can be useful for protecting sensitive content in apps which do not provide the option themselves. You can lock an app by long-pressing on it and selecting **Require Face ID/Touch ID**. Any app locked in this way requires biometric authentication whenever opening it or accessing its contents in other apps. Also, notification previews for locked apps will not be shown.
-In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable tradeoff of hiding an app is that you will not receive any of its notifications.
+In addition to locking apps behind biometrics, you can also hide apps so that they don't appear on the Home Screen, App Library, the app list in **Settings**, etc. While hiding apps may be useful in situations where you have to hand your unlocked phone to someone else, the concealment provided by the feature is not absolute, as a hidden app is still visible in some places such as the battery usage list. Moreover, one notable trade off of hiding an app is that you will not receive any of its notifications.
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
@@ -260,7 +260,7 @@ If your device supports it, you can use the [Clean Up](https://support.apple.com
- Open the **Photos** app and tap the photo you have selected for redaction
- Tap the :material-tune: (at the bottom of the screen)
- Tap the button labeled **Clean Up**
-- Draw a circle around whatever you want to redact. Faces will be pixelated and it will attempt to delete anything else.
+- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
diff --git a/i18n/zh/os/linux-overview.md b/i18n/zh/os/linux-overview.md
index e255f826..cbc683f8 100644
--- a/i18n/zh/os/linux-overview.md
+++ b/i18n/zh/os/linux-overview.md
@@ -10,9 +10,9 @@ Our website generally uses the term “Linux” to describe **desktop** Linux di
[我们的Linux推荐 :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
-## Privacy Notes
+## Security Notes
-There are some notable privacy concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
+There are some notable security concerns with Linux which you should be aware of. Despite these drawbacks, desktop Linux distributions are still great for most people who want to:
- 避免专有操作系统中经常出现的遥测现象
- Maintain [software freedom](https://gnu.org/philosophy/free-sw.en.html#four-freedoms)
@@ -52,11 +52,11 @@ For frozen distributions such as [Debian](https://debian.org/security/faq#handli
传统上,Linux发行版的更新方式是依次更新所需的软件包。 Traditional updates such as those used in Fedora, Arch Linux, and Debian-based distributions can be less reliable if an error occurs while updating.
-Atomic updating distributions, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
+Distros which use atomic updates, on the other hand, apply updates in full or not at all. On an atomic distribution, if an error occurs while updating (perhaps due to a power failure), nothing is changed on the system.
The atomic update method can achieve reliability with this model and is used for [distributions](../desktop.md#atomic-distributions) like Silverblue and NixOS. [Adam Šamalík](https://twitter.com/adsamalik) provides a presentation on how `rpm-ostree` works with Silverblue:
-- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik](https://youtu.be/aMo4ZlWznao) (YouTube)
+- [Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalík](https://youtu.be/aMo4ZlWznao) (YouTube)
### “以安全为重点”的分发
@@ -85,7 +85,7 @@ We recommend **against** using the Linux-libre kernel, since it [removes securit
### Mandatory access control
-Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). While Fedora uses SELinux by default, Tumbleweed [defaults](https://en.opensuse.org/Portal:SELinux) to AppArmor in the installer, with an option to [choose](https://en.opensuse.org/Portal:SELinux/Setup) SELinux instead.
+Mandatory access control is a set of additional security controls which help to confine parts of the system such as apps and system services. The two common forms of mandatory access control found in Linux distributions are [SELinux](https://github.com/SELinuxProject) and [AppArmor](https://apparmor.net). Fedora and Tumbleweed use SELinux by default, with Tumbleweed offering an option in its installer to choose AppArmor instead.
SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-getting-started) confines Linux containers, virtual machines, and service daemons by default. AppArmor is used by the snap daemon for [sandboxing](https://snapcraft.io/docs/security-sandboxing) snaps which have [strict](https://snapcraft.io/docs/snap-confinement) confinement such as [Firefox](https://snapcraft.io/firefox). There is a community effort to confine more parts of the system in Fedora with the [ConfinedUsers](https://fedoraproject.org/wiki/SIGs/ConfinedUsers) special interest group.
@@ -93,7 +93,7 @@ SELinux on [Fedora](https://docs.fedoraproject.org/en-US/quick-docs/selinux-gett
### 驱动器加密
-大多数Linux发行版在其安装程序中都有一个选项用于启用 [LUKS](../encryption.md#linux-unified-key-setup) FDE。 如果在安装时没有设置这个选项,你将不得不备份你的数据并重新安装,因为加密是在 [磁盘分区](https://en.wikipedia.org/wiki/Disk_partitioning),但在 [文件系统](https://en.wikipedia.org/wiki/File_system) 被格式化之前应用。 我们还建议安全地删除你的存储设备。
+大多数Linux发行版在其安装程序中都有一个选项用于启用 [LUKS](../encryption.md#linux-unified-key-setup) FDE。 If this option isn’t set at installation time, you will have to back up your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. 我们还建议安全地删除你的存储设备。
- [安全数据清除 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure)
@@ -156,7 +156,7 @@ MAC address randomization is primarily beneficial for Wi-Fi connections. For Eth
Fedora 项目 [通过使用一个 [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) 变量而不是唯一的 ID 来计算](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) 有多少独特的系统访问它的镜像。 Fedora这样做是为了确定负载并在必要时为更新提供更好的服务器。
-这个 [选项](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前默认是关闭的。 我们建议将 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以备将来启用它。 On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
+这个 [选项](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前默认是关闭的。 我们建议将 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以备将来启用它。 On systems that use `rpm-ostree` such as Silverblue, the `countme` option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by emptying the `/var/lib/zypp/AnonymousUniqueId` file.
diff --git a/i18n/zh/os/macos-overview.md b/i18n/zh/os/macos-overview.md
index a7697e63..cc06f884 100644
--- a/i18n/zh/os/macos-overview.md
+++ b/i18n/zh/os/macos-overview.md
@@ -6,7 +6,7 @@ description: macOS is Apple's desktop operating system that works with their har
**macOS** is a Unix operating system developed by Apple for their Mac computers. To enhance privacy on macOS, you can disable telemetry features and harden existing privacy and security settings.
-Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple silicon](https://support.apple.com/HT211814).
+Older Intel-based Macs and Hackintoshes do not support all the security features that macOS offers. To enhance data security, we recommend using a newer Mac with [Apple Silicon](https://support.apple.com/HT211814).
## Privacy Notes
@@ -14,7 +14,7 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### Activation Lock
-Brand new Apple silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
+Brand-new Apple Silicon devices can be set up without an internet connection. However, recovering or resetting your Mac will **require** an internet connection to Apple's servers to check against the Activation Lock database of lost or stolen devices.
### App Revocation Checks
@@ -122,7 +122,7 @@ Decide whether you want personalized ads based on your usage.
##### FileVault
-On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
+On modern devices with a Secure Enclave (Apple T2 Security Chip, Apple Silicon), your data is always encrypted, but is decrypted automatically by a hardware key if your device doesn't detect it's been tampered with. Enabling [FileVault](../encryption.md#filevault) additionally requires your password to decrypt your data, greatly improving security, especially when powered off or before the first login after powering on.
On older Intel-based Mac computers, FileVault is the only form of disk encryption available by default, and should always be enabled.
@@ -207,7 +207,7 @@ If an app is sandboxed, you should see the following output:
[Bool] true
```
-If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the unsandboxed app altogether.
+If you find that the app you want to run is not sandboxed, then you may employ methods of [compartmentalization](../basics/common-threats.md#security-and-privacy) such as virtual machines or separate devices, use a similar app that is sandboxed, or choose to not use the non-sandboxed app altogether.
##### Hardened Runtime
@@ -230,7 +230,7 @@ macOS comes with two forms of malware defense:
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
-We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyways, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
+We recommend against installing third-party antivirus software as they typically do not have the system-level access required to properly function anyway, because of Apple's limitations on third-party apps, and because granting the high levels of access they do ask for often poses an even greater security and privacy risk to your computer.
##### 备份
@@ -238,7 +238,7 @@ macOS comes with automatic backup software called [Time Machine](https://support
### Hardware Security
-Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple silicon, and not older Intel-based Mac computers or Hackintoshes.
+Many modern security features in macOS—such as modern Secure Boot, hardware-level exploit mitigation, OS integrity checks, and file-based encryption—rely on Apple Silicon, and Apple's newer hardware always has the [best security](https://support.apple.com/guide/security/apple-soc-security-sec87716a080/1/web/1). We only encourage the use of Apple Silicon, and not older Intel-based Mac computers or Hackintoshes.
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
@@ -256,7 +256,7 @@ Mac computers can be configured to boot in three security modes: *Full Security*
#### Secure Enclave
-The Secure Enclave is a security chip built into devices with Apple silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
+The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
@@ -268,7 +268,7 @@ Your biometric data never leaves your device; it's stored only in the Secure Enc
#### Hardware Microphone Disconnect
-All laptops with Apple silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
+All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
@@ -287,7 +287,7 @@ When it is necessary to use one of these processors, Apple works with the vendor
#### Direct Memory Access Protections
-Apple silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
+Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
## 资料来源
diff --git a/i18n/zh/os/windows/group-policies.md b/i18n/zh/os/windows/group-policies.md
index 31d7ca00..9032d760 100644
--- a/i18n/zh/os/windows/group-policies.md
+++ b/i18n/zh/os/windows/group-policies.md
@@ -3,9 +3,9 @@ title: Group Policy Settings
description: A quick guide to configuring Group Policy to make Windows a bit more privacy respecting.
---
-Outside of modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
+Outside modifying the registry itself, the **Local Group Policy Editor** is the most powerful way to change many aspects of your system without installing third-party tools. Changing these settings requires [Pro Edition](index.md#windows-editions) or better.
-These settings should be set on a brand new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictible behavior and is done at your own risk.
+These settings should be set on a brand-new installation of Windows. Setting them on your existing installation should work, but may introduce unpredictable behavior and is done at your own risk.
All of these settings have an explanation attached to them in the Group Policy editor which explains exactly what they do, usually in great detail. Please pay attention to those descriptions as you make changes, so you know exactly what we are recommending here. We've also explained some of our choices below whenever the explanation included with Windows is inadequate.
@@ -68,7 +68,7 @@ Setting the cipher strength for the Windows 7 policy still applies that strength
- Require additional authentication at startup: **Enabled**
- Allow enhanced PINs for startup: **Enabled**
-Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the Bitlocker setup wizard.
+Despite the names of these policies, this doesn't _require_ you to do anything by default, but it will unlock the _option_ to have a more complex setup (such as requiring a PIN at startup in addition to the TPM) in the BitLocker setup wizard.
#### Cloud Content
diff --git a/i18n/zh/os/windows/index.md b/i18n/zh/os/windows/index.md
index ade74ef1..f1d08182 100644
--- a/i18n/zh/os/windows/index.md
+++ b/i18n/zh/os/windows/index.md
@@ -21,13 +21,13 @@ You can enhance your privacy and security on Windows without downloading any thi
This section is new
-This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy friendly than other operating systems.
+This section is a work in progress, because it takes considerably more time and effort to make a Windows installation more privacy-friendly than other operating systems.
## Privacy Notes
-Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
+Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy-friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them.
With Windows 11 there are a number of restrictions or defaults such as:
@@ -43,11 +43,11 @@ Microsoft often uses the automatic updates feature to add new functionality to y
## Windows Editions
-Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include Bitlocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
+Many critical privacy and security features are unfortunately locked away behind higher-cost editions of Windows, instead of being available in Windows **Home**. Some features missing from **Home** include BitLocker Drive Encryption, Hyper-V, and Windows Sandbox. In our Windows guides we will cover how to use all of these features appropriately, so having a premium edition of Windows will be necessary.
Windows **Enterprise** provides the most flexibility when it comes to configuring privacy and security settings built in to Windows. For example, they are the only editions that allow you to enable the highest level of restrictions on data sent to Microsoft via telemetry tools. Unfortunately, Enterprise is not available for retail purchase, so it may not be available to you.
-The best version available for _retail_ purchase is Windows **Pro** as it has nearly all of the features you'll want to use to secure your device, including Bitlocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry unfortunately.
+The best version available for _retail_ purchase is Windows **Pro** as it has nearly all the features you'll want to use to secure your device, including BitLocker, Hyper-V, etc. The only thing missing is some of the most restrictive limitations on Microsoft's telemetry, unfortunately.
Students and teachers may be able to obtain a Windows **Education** (equivalent to Enterprise) or **Pro Education** license (equivalent to Pro) for free, including on personal devices, from their educational institution. Many schools partner with Microsoft via OnTheHub or Microsoft Azure for Education, so you can check those sites or your school's benefits page to see if you qualify. Whether or not you are able to get these licenses depends entirely on your institution. This may be the best way for many people to obtain an Enterprise-level edition of Windows for personal use. There are no additional privacy or security risks associated with using an Education license compared to the retail versions.
@@ -59,6 +59,6 @@ Currently, only Windows 11 license keys are available for purchase, but these ke
The official [Media Creation Tool](https://microsoft.com/software-download/windows11) is the best way to put a Windows installer on a USB flash drive. Third-party tools like Rufus or Etcher may unexpectedly modify the files, which could lead to boot issues or other troubles when installing.
-This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the install. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
+This tool only lets you install a **Home** or **Pro** installation, as there are no publicly available downloads for Windows **Enterprise** edition. If you have an **Enterprise** license key, you can easily upgrade a **Pro** installation. To do this, install Windows **Pro** without entering a license key during setup, then enter your **Enterprise** key in the Settings app after completing the installation. Your **Pro** install will be upgraded to **Enterprise** automatically after entering a valid license key.
If you are installing an **Education** license then you will typically have a private download link that will be provided alongside your license key when you obtain it from your institution's benefits portal.
diff --git a/i18n/zh/passwords.md b/i18n/zh/passwords.md
index aac03370..39ea95ce 100644
--- a/i18n/zh/passwords.md
+++ b/i18n/zh/passwords.md
@@ -228,7 +228,7 @@ Bitwarden's server-side code is [open source](https://github.com/bitwarden/serve
With the acquisition of SimpleLogin in April 2022, Proton has offered a "hide-my-email" feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).
-The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June of 2023. The security analysis company concluded:
+The Proton Pass mobile apps and browser extension underwent an audit performed by Cure53 throughout May and June 2023. The security analysis company concluded:
> Proton Pass apps and components leave a rather positive impression in terms of security.
@@ -327,7 +327,7 @@ These options allow you to manage an encrypted password database locally.
{ align=right }
-**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bugfixes to provide a feature-rich, cross-platform, and modern open-source password manager.
+**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal of extending and improving it with new features and bug fixes to provide a feature-rich, cross-platform, and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
@@ -357,7 +357,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se
{ align=right }
-**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms in a secure way. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
+**KeePassDX** is a lightweight password manager for Android; it allows for editing encrypted data in a single file in KeePass format and can fill in forms securely. The [pro version](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) of the app allows you to unlock cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title="Documentation" }
diff --git a/i18n/zh/photo-management.md b/i18n/zh/photo-management.md
index 070fac30..417eb5c9 100644
--- a/i18n/zh/photo-management.md
+++ b/i18n/zh/photo-management.md
@@ -19,7 +19,7 @@ Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon
{ align=right }
{ align=right }
-**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5GB of storage as long as you use the service at least once a year.
+**Ente Photos** is an end-to-end encrypted photo backup service which supports automatic backups on iOS and Android. Their code is fully open-source, both on the client side and on the server side. It is also [self-hostable](https://github.com/ente-io/ente/tree/main/server#self-hosting). The free plan offers 5 GB of storage as long as you use the service at least once a year.
[:octicons-home-16: Homepage](https://ente.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
@@ -51,7 +51,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
{ align=right }
{ align=right }
-**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
+**Stingle** is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1 GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.
[:octicons-home-16: Homepage](https://stingle.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://stingle.org/privacy){ .card-link title="Privacy Policy" }
@@ -100,7 +100,7 @@ Ente Photos underwent an [audit by Cure53](https://ente.io/blog/cryptography-aud
- Cloud-hosted providers must enforce end-to-end encryption.
- 必须提供免费计划或试用期进行测试。
-- Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
+- Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- 必须提供一个支持基本文件管理功能的网络界面。
- 必须允许所有文件/文档的轻松导出。
- Must be open source.
diff --git a/i18n/zh/real-time-communication.md b/i18n/zh/real-time-communication.md
index 855eb75b..775117dd 100644
--- a/i18n/zh/real-time-communication.md
+++ b/i18n/zh/real-time-communication.md
@@ -259,7 +259,7 @@ Oxen requested an independent audit for Session in March 2020. The audit [conclu
> The overall security level of this application is good and makes it usable for privacy-concerned people.
-Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
+Session has a [white paper](https://arxiv.org/pdf/2002.04609.pdf) describing the technical details of the app and protocol.
## Criteria
diff --git a/i18n/zh/router.md b/i18n/zh/router.md
index 3cd9b952..32a83821 100644
--- a/i18n/zh/router.md
+++ b/i18n/zh/router.md
@@ -19,7 +19,7 @@ Below are a few alternative operating systems that can be used on routers, Wi-Fi
{ align=right }
{ align=right }
-**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
+**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
diff --git a/i18n/zh/security-keys.md b/i18n/zh/security-keys.md
index 9e3c317f..2f651d3c 100644
--- a/i18n/zh/security-keys.md
+++ b/i18n/zh/security-keys.md
@@ -10,7 +10,7 @@ cover: multi-factor-authentication.webp
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
-A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multi-factor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
+A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
## Yubico Security Key
@@ -67,7 +67,7 @@ The **YubiKey** series from Yubico are among the most popular security keys. The
The [comparison table](https://yubico.com/store/compare) shows the features and how the YubiKeys compare to each other and to Yubico's [Security Key](#yubico-security-key) series. One of the benefits of the YubiKey series is that one key can do almost everything you could expect from a hardware security key. We encourage you to take their [quiz](https://yubico.com/quiz) before purchasing in order to make sure you make the right choice.
-The Yubikey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [Yubikey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
+The YubiKey 5 series has FIDO Level 1 certification, which is the most common. However, some governments or other organizations may require a key with Level 2 certification, in which case you'll have to purchase a [YubiKey 5 **FIPS** series](https://yubico.com/products/yubikey-fips) key, or a [Yubico Security Key](#yubico-security-key). Most people do not have to worry about this distinction.
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
diff --git a/i18n/zh/tools.md b/i18n/zh/tools.md
index 8690f312..9f47a237 100644
--- a/i18n/zh/tools.md
+++ b/i18n/zh/tools.md
@@ -180,7 +180,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton公司总部位于瑞士日内瓦。 The Proton Mail Free plan comes with 500MB of Mail storage, which you can increase up to 1GB for free.
+ Proton Mail is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland. The Proton Mail Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.
[Read Full Review :material-arrow-right-drop-circle:](email.md#proton-mail)
@@ -188,7 +188,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2GB storage, which can be upgraded as needed.
+ Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 Accounts start with up to 2 GB storage, which can be upgraded as needed.
[Read Full Review :material-arrow-right-drop-circle:](email.md#mailboxorg)
@@ -196,7 +196,7 @@ If you're looking for added **security**, you should always ensure you're connec
---
- Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1GB of storage.
+ Tuta (formerly *Tutanota*) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany. Free accounts start with 1 GB of storage.
[Read Full Review :material-arrow-right-drop-circle:](email.md#tuta)
@@ -220,7 +220,7 @@ If you're looking for added **security**, you should always ensure you're connec
-- { .twemoji loading=lazy } [mailcow](email.md#self-hosting-email)
+- { .twemoji loading=lazy } [Mailcow](email.md#self-hosting-email)
- { .twemoji loading=lazy } [Mail-in-a-Box](email.md#self-hosting-email)
@@ -646,10 +646,10 @@ For encrypting your OS drive, we typically recommend using the encryption tool y
- { .twemoji loading=lazy } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- { .twemoji loading=lazy } [Fedora Workstation](desktop.md#fedora-workstation)
-- { .twemoji loading=lazy } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
+- { .twemoji loading=lazy } [openSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- { .twemoji loading=lazy } [Arch Linux](desktop.md#arch-linux)
- { .twemoji loading=lazy } [Fedora Atomic Desktops](desktop.md#fedora-atomic-desktops)
-- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
+- { .twemoji loading=lazy } [NixOS](desktop.md#nixos)
- { .twemoji loading=lazy } [Whonix (Tor)](desktop.md#whonix)
- { .twemoji loading=lazy } [Tails (Live Boot)](desktop.md#tails)
- { .twemoji loading=lazy } [Kicksecure](desktop.md#kicksecure)
diff --git a/i18n/zh/tor.md b/i18n/zh/tor.md
index 7a80813e..fc81f3e9 100644
--- a/i18n/zh/tor.md
+++ b/i18n/zh/tor.md
@@ -44,7 +44,7 @@ There are a variety of ways to connect to the Tor network from your device, the
Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
-If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against de-anonymization.
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
## Tor浏览器
@@ -114,11 +114,11 @@ We previously recommended enabling the *Isolate Destination Address* preference
Tips for Android
-Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
+Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN kill switch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
-All versions are signed using the same signature so they should be compatible with each other.
+All versions are signed using the same signature, so they should be compatible with each other.
diff --git a/i18n/zh/vpn.md b/i18n/zh/vpn.md
index d57a6d6b..0f61627c 100644
--- a/i18n/zh/vpn.md
+++ b/i18n/zh/vpn.md
@@ -2,7 +2,7 @@
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: "VPN Services"
icon: material/vpn
-description: The best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
+description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
-
@@ -99,11 +99,11 @@ Proton [now supports IPv6](https://protonvpn.com/support/prevent-ipv6-vpn-leaks)
#### :material-information-outline:{ .pg-info } Remote Port Forwarding
-Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy to access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
+Proton VPN currently only supports ephemeral remote [port forwarding](https://protonvpn.com/support/port-forwarding) via NAT-PMP, with 60 second lease times. The Windows app provides an easy-to-access option for it, while on other operating systems you'll need to run your own [NAT-PMP client](https://protonvpn.com/support/port-forwarding-manual-setup). Torrent applications often support NAT-PMP natively.
#### :material-information-outline:{ .pg-blue } Anti-Censorship
-Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or Wireguard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
+Proton VPN has their [Stealth](https://protonvpn.com/blog/stealth-vpn-protocol) protocol which *may* help in situations where VPN protocols like OpenVPN or WireGuard are blocked with various rudimentary techniques. Stealth encapsulates the VPN tunnel in TLS session in order to look like more generic internet traffic.
Unfortunately, it does not work very well in countries where sophisticated filters that analyze all outgoing traffic in an attempt to discover encrypted tunnels are deployed. Stealth is available on Android, iOS, Windows, and macOS, but it's not yet available on Linux.
@@ -113,11 +113,11 @@ In addition to providing standard OpenVPN configuration files, Proton VPN has mo
#### :material-information-outline:{ .pg-blue } Additional Notes
-Proton VPN clients support two factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
+Proton VPN clients support two-factor authentication on all platforms. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer content blocking and known-malware blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](tor.md#tor-browser) for this purpose.
-##### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
+##### :material-alert-outline:{ .pg-orange } Kill switch feature is broken on Intel-based Macs
-System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
+System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch) on Intel-based Macs when using the VPN kill switch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
### IVPN
@@ -183,7 +183,7 @@ IVPN previously supported port forwarding, but removed the option in [June 2023]
#### :material-check:{ .pg-green } Anti-Censorship
-IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or Wireguard are blocked. Currently this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
+IVPN has obfuscation modes using [v2ray](https://v2ray.com/en/index.html) which helps in situations where VPN protocols like OpenVPN or WireGuard are blocked. Currently, this feature is only available on Desktop and [iOS](https://ivpn.net/knowledgebase/ios/v2ray). It has two modes where it can use [VMess](https://guide.v2fly.org/en_US/basics/vmess.html) over QUIC or TCP connections. QUIC is a modern protocol with better congestion control and therefore may be faster with reduced latency. The TCP mode makes your data appear as regular HTTP traffic.
#### :material-check:{ .pg-green } Mobile Clients
@@ -191,7 +191,7 @@ In addition to providing standard OpenVPN configuration files, IVPN has mobile c
#### :material-information-outline:{ .pg-blue } Additional Notes
-IVPN clients support two factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
+IVPN clients support two-factor authentication. IVPN also provides "[AntiTracker](https://ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
@@ -199,7 +199,7 @@ IVPN clients support two factor authentication. IVPN also provides "[AntiTracker
{ align=right }
-**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 30-day money-back guarantee for payment methods that allow it.
+**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since 2009. Mullvad is based in Sweden and offers a 14-day money-back guarantee for [payment methods](https://mullvad.net/en/help/refunds) that allow it.
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -260,7 +260,7 @@ Mullvad previously supported port forwarding, but removed the option in [May 202
Mullvad offers several features to help bypass censorship and access the internet freely:
-- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["Wireguard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
+- **Obfuscation modes**: Mullvad has two built-in obfuscation modes: "UDP-over-TCP" and ["WireGuard over Shadowsocks"](https://mullvad.net/en/blog/introducing-shadowsocks-obfuscation-for-wireguard). These modes disguise your VPN traffic as regular web traffic, making it harder for censors to detect and block. Supposedly, China has to use a [new method to disrupt Shadowsocks-routed traffic](https://gfw.report/publications/usenixsecurity23/en).
- **Advanced obfuscation with Shadowsocks and v2ray**: For more advanced users, Mullvad provides a guide on how to use the [Shadowsocks with v2ray](https://mullvad.net/en/help/shadowsocks-with-v2ray) plugin with Mullvad clients. This setup provides an additional layer of obfuscation and encryption.
- **Custom server IPs**: To counter IP-blocking, you can request custom server IPs from Mullvad's support team. Once you receive the custom IPs, you can input the text file in the "Server IP override" settings, which will override the chosen server IP addresses with ones that aren't known to the censor.
- **Bridges and proxies**: Mullvad also allows you to use bridges or proxies to reach their API (needed for authentication), which can help bypass censorship attempts that block access to the API itself.
@@ -286,19 +286,19 @@ Mullvad is very transparent about which nodes they [own or rent](https://mullvad
### 技术
-我们要求所有我们推荐的VPN供应商提供OpenVPN配置文件,以便在任何客户端使用。 **如果** 一个VPN提供他们自己的定制客户端,我们需要一个killswitch来阻止断开连接时的网络数据泄露。
+We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client. **If** a VPN provides their own custom client, we require a kill switch to block network data leaks when disconnected.
**符合条件的最低要求。**
-- 支持强大的协议,如WireGuard & OpenVPN。
-- 客户端内置的杀毒软件。
-- 多跳支持。 多重跳转对于在单个节点受损的情况下保持数据的私密性非常重要。
+- Support for strong protocols such as WireGuard.
+- Kill switch built in to clients.
+- Multi-hop support. Multi-hopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what the program is actually doing.
- Censorship resistance features designed to bypass firewalls without DPI.
**Best Case:**
-- 具有高度可配置的选项(在某些网络上启用/禁用,在启动时,等等)的杀戮开关。
+- Kill switch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- 易于使用的VPN客户端
- [IPv6](https://en.wikipedia.org/wiki/IPv6) support. 我们希望服务器将允许通过IPv6的传入连接,并允许你访问IPv6地址上托管的服务。
- [远程端口转发的能力](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) 在使用P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) 文件共享软件或托管服务器(如Mumble)时,有助于创建连接。
@@ -316,11 +316,11 @@ We prefer our recommended providers to collect as little data as possible. 不
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
-- No personal information accepted (autogenerated username, no email required, etc.).
+- No personal information accepted (auto-generated username, no email required, etc.).
### 安全性
-A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
+A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**符合条件的最低要求。**
@@ -358,7 +358,7 @@ With the VPN providers we recommend we like to see responsible marketing.
**符合条件的最低要求。**
-- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
+- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt out.
Must not have any marketing which is irresponsible: