privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-06-19 17:24:25 +00:00
Code Activity

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot
2023-10-16 01:34:07 +00:00
parent 7f8177da58
commit 85db4b1b24
5 changed files with 96 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
i18n/zh-Hant/basics/email-security.md
View File

@ -19,13 +19,13 @@ description: 從許多方面來看電子郵件本質上是不安全的,這也
## What is the Web Key Directory standard?
The Web Key Directory (WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
The Web Key Directory (WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. 支援 WKD 的電子郵件用戶端將根據電子郵件地址的網域名稱向收件者的伺服器請求金鑰。 For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you.
If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from keys.openpgp.org, by setting a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then uploading your key to [keys.openpgp.org](https://keys.openpgp.org/). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
如果使用自訂網域,則需另外設定 WKD。 如果你可控制自定域名,則無論電子郵件提供者為何,都可以設定 WKD。 One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from keys.openpgp.org, by setting a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then uploading your key to [keys.openpgp.org](https://keys.openpgp.org/). 或者你可以 [在自己的 Web 伺服器搭建 WKD r](https://wiki.gnupg.org/WKDHosting)
If you use a shared domain from a provider which doesn't support WKD, like @gmail.com, you won't be able to share your OpenPGP key with others via this method.
如使用不支援 WKD 供應商的共用網域(例如 @gmail.com則無法透過此方法與其他人共用你的 OpenPGP 密鑰。
### 哪些郵件客戶端支持 E2EE
@ -35,7 +35,7 @@ If you use a shared domain from a provider which doesn't support WKD, like @gmai
智慧鑰卡(例如 [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) 或 [Nitrokey](https://www.nitrokey.com))的工作原理是從用戶端的設備(手機,平板電腦,電腦等)接收加密的電子郵件消息。 安全鑰卡會解密該訊息再把解開的內容傳到設備。
It is advantageous for the decryption to occur on the smartcard to avoid possibly exposing your private key to a compromised device.
在智慧卡上進行解密的優點是可避免將私鑰暴露在某個遭破壞的裝置。
## 電子郵件元資料概覽

2
i18n/zh-Hant/basics/vpn-overview.md
View File

@ -21,7 +21,7 @@ VPN 確實可向第三方服務隱藏您的實際 IP 但前提是IP 沒被洩
## 什麼時候不該使用 VPN
Using a VPN in cases where you're using your [known identity](common-misconceptions.md#complicated-is-better) is unlikely be useful.
若使用 [已被辨識出身份](common-misconceptions.md#complicated-is-better)的情況VPN 通常就失去效用。
這樣做可能會觸發垃圾郵件和欺詐偵測系統,例如您正試圖登入銀行網站。

91
i18n/zh-Hant/encryption.md
View File

@ -88,7 +88,10 @@ Truecrypt 已完成[多次審計](https://en.wikipedia.org/wiki/TrueCrypt#Securi
## 作業系統完整磁碟加密
For encrypting the drive your operating system boots from, we generally recommend enabling the encryption software that comes with your operating system rather than using a third-party tool. This is because your operating system's native encryption tools often make use of OS and hardware-specific features like the [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor) in your device to protect your computer against more advanced physical attacks. For secondary drives and external drives which you *don't* boot from, we still recommend using open-source tools like [VeraCrypt](#veracrypt-disk) over the tools below, because they offer additional flexibility and let you avoid vendor lock-in.
加密開機用的作業系統,我們通常建議使用其隨附的加密軟體,而不是第三方工具。 因為作業系統原生的加密工具通常會使用作業系統和硬體特定的功能,例如裝置中的[安全加密處理器](https://en.wikipedia.org/wiki/Secure_cryptoprocessor)保護電腦免於進階的實體攻擊。 至於*非開機用*的輔助磁碟和外接硬碟,我們則建議使用開源工具,例如
VeraCrypt< /a> ,因為它們提供了額外的靈活性避免供應商鎖定。</p>
### BitLocker
@ -96,39 +99,52 @@ For encrypting the drive your operating system boots from, we generally recommen
![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
**BitLocker** 是 Microsoft Windows 捆綁的全磁區加密解決方案。 The main reason we recommend it for encrypting your boot drive is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). ElcomSoft, a forensics company, has written about this feature in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
**BitLocker** 是 Microsoft Windows 捆綁的全磁區加密解決方案。 我們推薦利用它加密開機設備,因為其[使用 TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). 鑑證公司 ElcomSoft 曾撰寫過此功能的相關介紹 [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) Windows 專業版、企業版和教育版。 它可以在家庭版上啓用,只要符合先決條件。
??? example "在Windows Home上啓用BitLocker"
若要在 Windows 家用版啟用 BitLocker ,必須使用 [GUID 分割表](https://zh.wikipedia.org/wiki/GUID_Partition_Table) 格式化的分割區並且具有專用的TPM (v1.2, 2.0+)模組。 You may need to [disable the non-Bitlocker "Device encryption" functionality](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5) (which is inferior because it sends your recovery key to Microsoft's servers) if it is enabled on your device already before following this guide.
若要在 Windows 家用版啟用 BitLocker ,必須使用 [GUID 分割表](https://zh.wikipedia.org/wiki/GUID_Partition_Table) 格式化的分割區並且具有專用的TPM (v1.2, 2.0+)模組。 如果在遵循本指南之前已在裝置上啟用,則要[停用非Bitlocker「裝置加密」功能](https://discuss.privacyguides.net/t/enabling-bitlocker-on-the-windows-11-home-edition/13303/5)(因為它會將您的復原金鑰傳送到Microsoft 的伺服器)。
1. 開啟命令提示符,並使用以下命令檢查磁碟機的分區表格格式。 您應該會在“分區樣式”下方看到“**GPT**”
1. 開啟命令提示符,並使用以下命令檢查磁碟機的分區表格格式。 您應該會在“分區樣式”下方看到“**GPT**”
```
powershell Get-Disk
```
2. 在管理員命令提示符中執行此命令以檢查您的TPM版本。 您應該會在 `個SpecVersion`旁邊看到 `2.0` 或 `1.2`
2. 在管理員命令提示符中執行此命令以檢查您的TPM版本。 您應該會在 `個SpecVersion`旁邊看到 `2.0` 或 `1.2`
```
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. 訪問[進階啟動選項](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). 重新啟動時需要在 Windows 啟動前按下F8 鍵,然後進入 *命令提示符* in **疑難排解** → **進階選項** → **命令提示符**。
4. 使用管理員帳戶登入並在命令提示符中輸入指令以開始加密:
4. 使用管理員帳戶登入並在命令提示符中輸入指令以開始加密:
```
manage-bde -on c: -used
```
5. 關閉命令提示符並繼續啟動正常Windows。
6. 打開 admin 命令提示符並運行以下命令:
6. 打開 admin 命令提示符並運行以下命令:
```
manage-bde c: -protectors -add -rp -tpm
@ -136,9 +152,13 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
!!! tip "訣竅"
!!! tip "訣竅"
將桌面上的「BitLocker-Recovery-Key.txt」備份到單獨的儲存裝置。 若遺失恢復代碼可能會導致資料無法回復。
### FileVault
@ -149,9 +169,12 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
**FileVault** 是 macOS 內建的即時磁區加密方案。 建議使用FileVault ,因為它打抵擋 Apple silicon SoC 或 T2 安全晶片 [硬體安全問題](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web)。
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
我們建議您將本地恢復金鑰存放在安全的地方而不是使用您的iCloud 帳戶進行恢復。
### Linux Unified Key設定
!!! recommendation
@ -163,8 +186,11 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
??? example "建立和開啟加密容器"
??? example "建立和開啟加密容器"
```
dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
@ -174,23 +200,35 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
#### 開啟加密容器
建議使用'udisksctl`開啟容器和磁區,因為這使用 [Polkit](https://en.wikipedia.org/wiki/Polkit)。 大多數檔案管理器,例如流行的桌面環境中包含的檔案管理器,都可以解鎖加密的檔案。 [udiskie](https://github.com/coldfix/udiskie) 這類工具執行在系統常駐區並提供有用的使用介面。
```
udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0
```
!!! note "記得備份磁區標頭"
我們建議您務必 [備份您的LUKS標頭](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) 以防部分驅動器故障。 可以通過以下方式完成:
```
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
```
## 瀏覽器端
當您需要加密檔案但無法在裝置上安裝軟體或應用程式時,透過瀏覽器來加密可能很有用。
### hat.sh
!!! recommendation
@ -205,11 +243,16 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
[:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" }
## 命令列
命令行界面的工具可用於集成 [shell 腳本](https://en.wikipedia.org/wiki/Shell_script)。
### Kryptor
!!! recommendation
@ -229,6 +272,9 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
- [:simple-windows11: Windows](https://www.kryptor.co.uk)
- [:simple-apple: macOS](https://www.kryptor.co.uk)
- [:simple-linux: Linux](https://www.kryptor.co.uk)
### Tomb
@ -242,6 +288,9 @@ BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
## OpenPGP
@ -252,11 +301,17 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
!!! tip "在生成金鑰時使用未來的預設值"
[生成密鑰](https://www.gnupg.org/gph/en/manual/c14.html) 時,建議使用`future-default`命令,因為這將指示 GnuPG 使用現代密碼學,例如 [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) 和 [Ed25519](https://ed25519.cr.yp.to/)
```bash
gpg --quick-gen-key alice@example.com future-default
```
### GNU Privacy Guard
!!! recommendation
@ -276,6 +331,9 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
- [:simple-apple: macOS](https://gpgtools.org)
- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
### GPG4win
@ -294,12 +352,16 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
??? downloads "下載"
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
### GPG Suite
!!! note "備註"
我們建議 [Canary Mail](email-clients.md#canary-mail) 在iOS裝置上使用PGP和電子郵件。
!!! recommendation
@ -317,6 +379,9 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
??? downloads "下載"
- [:simple-apple: macOS](https://gpgtools.org)
### OpenKeychain
@ -334,6 +399,9 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
??? downloads "下載"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
## 標準
@ -342,6 +410,9 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
!!! example "此部分是新的"
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在 [論壇上提問](https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
@ -350,6 +421,8 @@ OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件
- 外部磁碟加密應用程式必須支援 Linux、macOS 和 Windows 的解密。
- 作業系統內部磁碟加密應用程式必須是跨平臺或原生內建作業系統。
### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。

2
i18n/zh-Hant/meta/git-recommendations.md
View File

@ -14,7 +14,7 @@ title: Git 使用建議
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Set your SSH key for signing in Git with the following command, substituting `/PATH/TO/.SSH/KEY.PUB` with the path to the public key you'd like to use, e.g. `/home/user/.ssh/id_ed25519.pub`:
2. 透過下方指令來設定簽署 Git 的 SSH 密鑰,把 `/PATH/TO/.SSH/KEY.PUB` 替換成存放公鑰的路徑,如 `/home/user/.ssh/id_ed25519.pub`:
```
git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
```

16
i18n/zh-Hant/os/macos-overview.md
View File

@ -124,31 +124,31 @@ Apple 產品的大多數隱私和安全問題與其*雲服務*有關,而不是
在較舊的 Intel 的 Mac 電腦FileVault 是預設唯一可用的磁盤加密形式,應始終啟用。
- [x] Click **Turn On**
- [x] 點擊 **開啟**
##### 封閉模式
[封閉模式](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) 禁用某些功能以提高安全性。 某些應用程式或功能在封閉時將無法正常工作,例如 [JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in -time-jit- compilers/) 和[WASM](https://developer.mozilla.org/en-US/docs/WebAssembly) 在封閉模式下會被Safari 關閉。 建議啟用封閉模式看看它是否會顯著影響您的使用,它所做的許多更改都很容易接受。
- [x] Click **Turn On**
- [x] 點擊 **開啟**
### MAC 地址隨機化
macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network. However, when you connect to a preferred Wi-Fi network, the MAC address used is never randomized. Full MAC address randomization is an advanced topic, and most people don't need to worry about performing the following steps.
網路斷開時執行 Wi-Fi 掃描macOS 使用隨機 MAC 位址。 但是,當連接到首選 Wi-Fi 網路時,所用的 MAC 位址不會隨機化。 完整 MAC 位址隨機化是一個進階課題,大多數人不需要擔心執行以下步驟。
Unlike iOS, macOS doesn't give you an option to randomize your MAC address in the settings, so if you wish to change this identifier, you'll need to do it with a command or a script. To set a random MAC address, first disconnect from the network if you're already connected, then open **Terminal** and enter this command to randomize your MAC address:
不同於iOSmacOS 設定中不提供隨機化 MAC 位址選項,因此如想變更此標識符,則需要使用命令或腳本來完成。 若要設定隨機 MAC 位址,如已連線請先中斷網路連線,然後開啟**終端機**並輸入下列指令以隨機化 MAC 位址:
``` zsh
openssl rand -hex 6 | sed 's/^\(.\{1\}\)./\12/; s/\(..\)/\1:/g; s/.$//' | xargs sudo ifconfig en0 ether
```
`en0` is the name of the interface you're changing the MAC address for. 這可能並不適合每台 Mac因此要進行檢查可以按住 option 鍵並單擊螢幕右上角的 Wi-Fi 符號。 "Interface name" should be displayed at the top of the dropdown menu.
`en0` 為變更其 MAC 位址的介面名稱。 這可能並不適合每台 Mac因此要進行檢查可以按住 option 鍵並單擊螢幕右上角的 Wi-Fi 符號。 “介面名稱”應顯示在下拉式選單的頂部。
This command sets your MAC address to a randomized, "locally administered" address, matching the behavior of iOS, Windows, and Android's MAC address randomization features. This means that every character in the MAC address is fully randomized except the second character, which denotes the MAC address as *locally administered* and not in conflict with any actual hardware. This method is most compatible with modern networks. An alternative method is to set the first six characters of the MAC address to one of Apple's existing *Organizational Unique Identifiers*, which we'll leave as an exercise to the reader. That method is more likely to conflict with some networks, but may be less noticeable. Given the prevalence of randomized, locally administered MAC addresses in other modern operating systems, we don't think either method has significant privacy advantages over the other.
這個指令會將 MAC 位址設定為隨機的「本機管理」位址,與 iOSWindows Android MAC 位址隨機化功能的行為相符。 這意味著MAC 位址中的每個字符都是完全隨機的除了第二個字符它表示MAC 位址是*本地管理的*並且不與任何實際硬體衝突。 此方法與現代網路最相容。 另一種方法是將 MAC 位址的前六個字元設定為 Apple 現有的*組織唯一識別碼*之一,我們將其留給讀者練習。 該方法可能更容易與某些網路發生衝突,但較不被注意。 鑑於其他現代作業系統中隨機、本地管理的 MAC 位址已普遍存在,我們認為這兩種方法都不具有顯著的隱私優勢。
When you connect to the network again, you'll connect with a random MAC address. 這將在重新開機時重置。
再次連接到網路時,將使用隨機 MAC 位址來連線。 這將在重新開機時重置。
Your MAC address is not the only unique information about your device which is broadcast on the network, your hostname is another piece of information which could uniquely identify you. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** > **General** > **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names.
網路上廣播的 MAC 位址並不是唯一透露裝置身份的訊息,主機名稱是另一個可識別身份的訊息。 您可能想要在**系統設定**中將主機名稱設定為通用名稱,例如「MacBook Air」、「Laptop」、「John's MacBook Pro」或「iPhone」&# 062 ; **常規** > **分享**。 某些[隱私權腳本](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide)可輕鬆產生隨機的主機名稱。
## 安全保護