privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-06-16 16:01:15 +00:00
Code

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot 2023-05-28 04:04:10 +00:00
parent d8f807e6d3
commit 93345e0ea8
9 changed files with 176 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
i18n/he/email.md
View File

@ -157,7 +157,7 @@ Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכני
<div class="grid cards" markdown>
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
- ![Tutanota לוגו](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>

6
i18n/he/passwords.md
View File

@ -177,9 +177,9 @@ Bitwarden כולל גם [Bitwarden Send](https://bitwarden.com/products/send/),
**1Password** הוא מנהל סיסמאות עם דגש חזק על אבטחה וקלות שימוש, המאפשר לך לאחסן סיסמאות, כרטיסי אשראי, רישיונות תוכנה וכל מידע רגיש אחר בכספת דיגיטלית מאובטחת. הכספת שלכם מתארחת בשרתים של 1Password תמורת [תשלום חודשי](https://1password.com/sign-up/). 1Password [מבוקרת](https://support.1password.com/security-assessments/) על בסיס קבוע ומספקת תמיכת לקוחות יוצאת דופן. 1Password הוא מקור סגור; עם זאת, האבטחה של המוצר מתועדת ביסודיות ב[מסמך האבטחה הלבן](https://1passwordstatic.com/files/security/1password-white-paper.pdf) שלהם.
[:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://1password.com/legal/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation}
[:octicons-home-16: דף הבית](https://1password.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://1password.com/legal/privacy/){ .card-link title="מדיניות פרטיות" }
[:octicons-info-16:](https://support.1password.com/){ .card-link title=תיעוד}
??? downloads "הורדות"

6
i18n/he/tools.md
View File

@ -172,9 +172,9 @@ description: Privacy Guides הוא האתר השקוף והאמין ביותר
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
- ![Proton Mail לוגו](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org לוגו](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
- ![Tutanota לוגו](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>

4
i18n/ko/about/donate.md
View File

@ -3,7 +3,7 @@ title: 후원하기
---
<!-- markdownlint-disable MD036 -->
Privacy Guides를 지속적으로 업데이트하고, 디지털 프라이버시의 가치와 대규모 감시를 보다 널리 알리기 위해서는 많은 [사람들](https://github.com/privacyguides/privacyguides.org/graphs/contributors)의 [노력](https://github.com/privacyguides/privacyguides.org/pulse/monthly)이 필요합니다. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides).
Privacy Guides를 지속적으로 업데이트하고, 디지털 프라이버시의 가치와 대규모 감시를 보다 널리 알리기 위해서는 많은 [사람들](https://github.com/privacyguides/privacyguides.org/graphs/contributors)의 [노력](https://github.com/privacyguides/privacyguides.org/pulse/monthly)이 필요합니다. 저희의 노력을 응원하신다면 [사이트 편집 기여](https://github.com/privacyguides/privacyguides.org) 혹은 [번역 기여](https://crowdin.com/project/privacyguides)에 참여해보세요.
Privacy Guides를 재정적으로 후원하고 싶으시다면 Privacy Guides의 재정 호스트(Fiscal Host)인 Open Collective를 통해 후원하시는 것이 가장 편리한 방법입니다. Open Collective는 신용카드/체크카드, PayPal, 은행 송금을 통한 결제를 지원합니다.
@ -40,7 +40,7 @@ Privacy Guides는 `privacyguides.org`를 비롯한 몇 가지 도메인을 보
**온라인 서비스**
:
We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.).
Privacy Guides는 여러 [서비스](https://privacyguides.net)를 호스팅하여 저희가 [추천하고 있는](../tools.md) 다양한 프라이버시 제품을 테스트 및 시연하고 있습니다. SearXNG, Tor 등의 일부는 커뮤니티에서 사용 가능하도록 공개적으로 제공되며, 이메일 등의 일부는 팀원에게만 제공됩니다.
**제품 구매**
:

159
i18n/ko/advanced/dns-overview.md
View File

@ -1,30 +1,30 @@
---
title: "DNS Overview"
title: "DNS 개요"
icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers.
[도메인 네임 시스템](https://ko.wikipedia.org/wiki/%EB%8F%84%EB%A9%94%EC%9D%B8_%EB%84%A4%EC%9E%84_%EC%8B%9C%EC%8A%A4%ED%85%9C)은 '인터넷의 전화번호부'라고 할 수 있습니다. DNS는 분산 서버 네트워크를 통해 도메인 이름을 IP 주소로 변환합니다. 브라우저 등의 서비스는 이를 이용해 인터넷 리소스를 로드할 수 있습니다.
## What is DNS?
## DNS란 무엇인가요?
When you visit a website, a numerical address is returned. For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned.
사이트를 방문하면 숫자로 구성된 주소가 반환됩니다. 예를 들어, `privacyguides.org`를 방문할 경우에는 `192.98.54.105` 주소가 반환됩니다.
DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
DNS는 [인터넷의 초창기](https://ko.wikipedia.org/wiki/%EB%8F%84%EB%A9%94%EC%9D%B8_%EB%84%A4%EC%9E%84_%EC%8B%9C%EC%8A%A4%ED%85%9C#%EC%97%AD%EC%82%AC)부터 존재해 왔습니다. DNS 서버와 주고받는 DNS 요청은 일반적으로 암호화가 적용되어 있지 **않습니다**. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol).
Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP.
암호화되지 않은 DNS 요청은 전송 도중에 쉽게 **감시** 및 **변조**될 수 있습니다. 일부 지역에서는 ISP가 기초적인 [DNS 필터링](https://en.wikipedia.org/wiki/DNS_blocking)을 수행하도록 명령받기도 합니다. 이 경우, ISP가 차단하고 있는 도메인의 IP 주소를 요청하면 서버가 응답하지 않거나, 목적지가 아닌 다른 IP 주소로 응답이 돌아옵니다. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP.
Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](#what-is-encrypted-dns).
### Unencrypted DNS
### 암호화되지 않은 DNS
1. Using [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) (part of the [Wireshark](https://en.wikipedia.org/wiki/Wireshark) project) we can monitor and record internet packet flow. This command records packets that meet the rules specified:
1. [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html)를 이용하면 인터넷 패킷 흐름을 모니터링하고 기록할 수 있습니다(tshark는 [Wireshark](https://ko.wikipedia.org/wiki/%EC%99%80%EC%9D%B4%EC%96%B4%EC%83%A4%ED%81%AC) 프로젝트의 일부입니다). 다음 명령어는 명시된 규칙을 충족하는 패킷을 기록합니다.
```bash
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS, etc.) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
2. 이후 Linux, macOS 등에서는 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) 명령어를, Windows에서는 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) 명령어를 사용해 두 서버로 DNS 조회를 전송할 수 있습니다. 웹 브라우저 등의 소프트웨어는 암호화된 DNS를 사용하도록 설정된 경우가 아니라면 이러한 조회를 자동으로 수행합니다.
=== "Linux, macOS"
@ -39,7 +39,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
nslookup privacyguides.org 8.8.8.8
```
3. Next, we want to [analyse](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
3. 이제 결과를 [분석](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs)합니다.
=== "Wireshark"
@ -53,97 +53,128 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s
tshark -r /tmp/dns.pcap
```
If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer.
앞선 과정을 거쳐 Wireshark 명령어를 실행하면 상단 창에 여러 [Frame](https://en.wikipedia.org/wiki/Ethernet_frame)이 표시되고, 하단 창에는 선택한 프레임에 대한 모든 데이터가 표시됩니다. 엔터프라이즈 필터링 및 모니터링 솔루션(정부에서 사용하는 솔루션 등을 말합니다)은 사람이 개입할 필요 없이 자동으로 이런 프로세스를 처리하고 집계하여 네트워크 관찰자에게 필요한 통계 데이터를 생성할 수 있습니다.
| No. | Time | Source | Destination | Protocol | Length | Info |
| --- | -------- | --------- | ----------- | -------- | ------ | ---------------------------------------------------------------------- |
| 번호 | 소요 시간 | 출발지 | 목적지 | 프로토콜 | 길이 | 정보 |
| -- | -------- | --------- | --------- | ---- | --- | ---------------------------------------------------------------------- |
| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT |
| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT |
| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT |
| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT |
An observer could modify any of these packets.
네트워크 관찰자는 이러한 패킷을 변조할 수 있습니다.
## What is "encrypted DNS"?
## '암호화된 DNS'란 무엇인가요?
Encrypted DNS can refer to one of a number of protocols, the most common ones being:
'암호화 DNS'는 여러 프로토콜이 존재합니다. 일반적인 종류는 다음과 같습니다.
### DNSCrypt
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt)는 DNS 쿼리를 암호화하는 최초의 방법 중 하나였습니다. DNSCrypt는 443 포트에서 작동하며, TCP/UDP 전송 프로토콜 모두에서 작동합니다. DNSCrypt는 [국제 인터넷 표준화 기구(IETF)](https://ko.wikipedia.org/wiki/%EA%B5%AD%EC%A0%9C_%EC%9D%B8%ED%84%B0%EB%84%B7_%ED%91%9C%EC%A4%80%ED%99%94_%EA%B8%B0%EA%B5%AC)에 제출되지 않았고
### DNS over TLS (DoT)
RFC 절차를 거치지 않았기 때문에, [일부 구현체](https://dnscrypt.info/implementations)를 제외하고는 널리 사용되지 않았습니다. 결과적으로, 보다 널리 사용되는 [DNS over HTTPS](#dns-over-https-doh)로 대체되었습니다.</p>
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) is another method for encrypting DNS communication that is defined in [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858). Support was first implemented in Android 9, iOS 14, and on Linux in [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to DoH in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq/) and has varying compliance to the RFC across the implementations that exist. DoT also operates on a dedicated port 853 which can be blocked easily by restrictive firewalls.
### DNS over HTTPS (DoH)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83.
### DOT(DNS over TLS)
Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies).
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS)는 DNS 통신을 암호화하는 또 다른 방법으로, [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858)에 정의되어 있습니다. Android 9, iOS 14, Linux([systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) 237 버전)에서 처음으로 지원되었습니다. DoT는 [복잡한 프로토콜](https://dnscrypt.info/faq/)인데다가 구현체마다 RFC 준수 여부가 다양하기 때문에, 최근 몇 년 동안은 업계 선호도가 DoT에서 DoH로 이동하고 있습니다. 또한, 853 포트를 전용으로 사용하기 때문에 제한적인 방화벽에 의해 쉽게 차단될 수 있다는 문제도 존재합니다.
## What can an outside party see?
In this example we will record what happens when we make a DoH request:
1. First, start `tshark`:
### DoH(DNS over HTTPS)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS)는 [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484)에 정의되어 있으며, 쿼리를 [HTTP/2](https://ko.wikipedia.org/wiki/HTTP/2) 프로토콜에 패키징하여 HTTPS를 통해 보안을 제공합니다. Firefox 60, Chrome 83과 같은 웹 브라우저에서 처음으로 지원되었습니다.
DoH 네이티브 구현은 iOS 14, macOS 11, Microsoft Windows, Android 13(단, [기본 활성화가 아닙니다](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144))부터 추가되었습니다. 일반 Linux 데스크톱의 경우, systemd [구현체](https://github.com/systemd/systemd/issues/8639)가 아직 존재하지 않기 때문에 [별도 소프트웨어를 설치해야 합니다](../dns.md#encrypted-dns-proxies).
## 외부 주체는 무엇을 볼 수 있나요?
다음 예시에서는 DoH 요청 시 실제로 어떤 일이 일어나는지 기록해보겠습니다.
1. 먼저 `tshark`를 실행합니다.
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
2. Second, make a request with `curl`:
2. 이후 `curl`를 이용해 요청을 생성합니다.
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
3. After making the request, we can stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
4. Analyse the results in Wireshark:
3. 요청 후 <kbd>CTRL</kbd> + <kbd>C</kbd>를 눌러 패킷 캡처를 중지합니다.
4. Wireshark에서 결과를 분석합니다.
```bash
wireshark -r /tmp/dns_doh.pcap
```
We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) that occurs with any encrypted connection. When looking at the "application data" packets that follow, none of them contain the domain we requested or the IP address returned.
## Why **shouldn't** I use encrypted DNS?
[연결 생성](https://ko.wikipedia.org/wiki/%EC%A0%84%EC%86%A1_%EC%A0%9C%EC%96%B4_%ED%94%84%EB%A1%9C%ED%86%A0%EC%BD%9C#%EC%97%B0%EA%B2%B0_%EC%83%9D%EC%84%B1) 및 [TLS 핸드셰이크](https://www.cloudflare.com/ko-kr/learning/ssl/what-happens-in-a-tls-handshake/)가 모든 암호화 연결에서 발생하는 것을 확인할 수 있습니다. 뒤따르는 'Application Data' 패킷을 살펴보면 요청했던 도메인이나 반환된 IP 주소가 포함되어 있지 않다는 것 또한 확인할 수 있습니다.
## 암호화 DNS를 사용하지 **말아야** 하는 이유는 무엇인가요?
In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity.
When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS:
### IP Address
### IP 주소
The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides.
This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc.). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet.
### Server Name Indication (SNI)
### SNI(Server Name Indication)
Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
2. Then we visit [https://privacyguides.org](https://privacyguides.org).
3. After visiting the website, we want to stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
4. Next we want to analyze the results:
```bash
wireshark -r /tmp/pg.pcap
```
We will see the connection establishment, followed by the TLS handshake for the Privacy Guides website. Around frame 5. you'll see a "Client Hello".
We will see the connection establishment, followed by the TLS handshake for the Privacy Guides website. Around frame 5. you'll see a "Client Hello".
5. Expand the triangle &#9656; next to each field:
```text
▸ Transport Layer Security
▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello
@ -152,17 +183,23 @@ Server Name Indication is typically used when a IP address hosts many websites.
▸ Server Name Indication extension
```
6. We can see the SNI value which discloses the website we are visiting. The `tshark` command can give you the value directly for all packets containing a SNI value:
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
This means even if we are using "Encrypted DNS" servers, the domain will likely be disclosed through SNI. The [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) protocol brings with it [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/), which prevents this kind of leak.
Governments, in particular [China](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) and [Russia](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. Recently, Russia has [started blocking foreign websites](https://github.com/net4people/bbs/issues/108) that use the [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) standard. This is because the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol that is a part of HTTP/3 requires that `ClientHello` also be encrypted.
### Online Certificate Status Protocol (OCSP)
### OCSP(온라인 인증서 상태 프로토콜)
Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting an HTTPS website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted.
@ -172,45 +209,65 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
1. Get the server certificate and use [`sed`](https://en.wikipedia.org/wiki/Sed) to keep just the important part and write it out to a file:
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
2. Get the intermediate certificate. [Certificate Authorities (CA)](https://en.wikipedia.org/wiki/Certificate_authority) normally don't sign a certificate directly; they use what is known as an "intermediate" certificate.
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
3. The first certificate in `pg_and_intermediate.cert` is actually the server certificate from step 1. We can use `sed` again to delete until the first instance of END:
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
4. Get the OCSP responder for the server certificate:
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
Our certificate shows the Lets Encrypt certificate responder. If we want to see all the details of the certificate we can use:
Our certificate shows the Lets Encrypt certificate responder. If we want to see all the details of the certificate we can use:
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
5. Start the packet capture:
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
6. Make the OCSP request:
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
-cert /tmp/pg_server.cert \
@ -218,13 +275,19 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
-url http://r3.o.lencr.org
```
7. Open the capture:
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
There will be two packets with the "OCSP" protocol: a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle &#9656; next to each field:
There will be two packets with the "OCSP" protocol: a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle &#9656; next to each field:
```bash
▸ Online Certificate Status Protocol
@ -235,7 +298,10 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
serialNumber
```
For the "Response" we can also see the "serial number":
For the "Response" we can also see the "serial number":
```bash
▸ Online Certificate Status Protocol
@ -248,18 +314,26 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
serialNumber
```
8. Or use `tshark` to filter the packets for the Serial Number:
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
If the network observer has the public certificate, which is publicly available, they can match the serial number with that certificate and therefore determine the site you're visiting from that. The process can be automated and can associate IP addresses with serial numbers. It is also possible to check [Certificate Transparency](https://en.wikipedia.org/wiki/Certificate_Transparency) logs for the serial number.
## Should I use encrypted DNS?
We made this flow chart to describe when you *should* use encrypted DNS:
``` mermaid
graph TB
Start[Start] --> anonymous{Trying to be<br> anonymous?}
@ -275,11 +349,14 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
## What is DNSSEC?
## DNSSEC이란 무엇인가요?
[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests.
@ -291,13 +368,17 @@ DNSSEC implements a hierarchical digital signing policy across all layers of DNS
<small>Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).</small>
## What is QNAME minimization?
A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server).
Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816).
## What is EDNS Client Subnet (ECS)?
## ECS(EDNS 클라이언트 서브넷)란 무엇인가요?
The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a method for a recursive DNS resolver to specify a [subnetwork](https://en.wikipedia.org/wiki/Subnetwork) for the [host or client](https://en.wikipedia.org/wiki/Client_(computing)) which is making the DNS query.

2
i18n/ko/advanced/payments.md
View File

@ -51,7 +51,7 @@ Cryptocurrencies are a digital form of currency designed to work without central
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
### Privacy Coins
### 프라이버시 코인
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.

34
i18n/ko/android.md
View File

@ -81,23 +81,23 @@ schema:
![Android 로고](assets/img/android/android.svg){ align=right }
The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
**Android 오픈소스 프로젝트**는 Google이 주도하는 오픈 소스 모바일 운영 체제로, 전 세계 모바일 기기의 대부분이 사용하고 있습니다. Android가 탑재되어 판매되는 대부분의 휴대폰은 Google Play 서비스 등의 여러 앱이 강력하게 통합되어 있습니다. 이러한 프라이버시 침해 기능이 포함되지 않은 Android 버전으로 모바일 기기 운영 체제를 교체하여 프라이버시를 크게 향상시킬 수 있습니다.
[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" }
[:octicons-home-16:](https://source.android.com/){ .card-link title=홈페이지 }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=문서}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="소스 코드" }
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
본 내용은 모바일 기기의 보안 및 프라이버시 보호를 극대화하는 용도로 권장드리는 Android 운영 체제, 기기, 애플리케이션 목록입니다. Android 자체에 대한 내용은 Android 기본 개요를 참고해주세요.
[Android 기본 개요 :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
## AOSP 기반
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
Privacy Guides에서 권장하는 커스텀 Android 운영 체제의 우선 순위는 본 페이지에 나열된 순서와 동일합니다. 여러분이 가진 기기 호환성에 따라 적절한 운영 체제를 선택하시는 것을 권장드립니다.
!!! note "참고"
End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
지원 종료 기기(GrapheneOS, CalyxOS에서 '연장 지원'에 해당하는 기기)의 경우, OEM 지원 중단으로 인해 전체 보안 패치(펌웨어 업데이트)를 제공받을 수 없습니다. 지원 종료 기기는 그 어떤 소프트웨어를 설치하더라도 완벽히 안전하다고 간주할 수 없습니다.
### GrapheneOS
@ -108,7 +108,7 @@ We recommend installing one of these custom Android operating systems on your de
**GrapheneOS**는 프라이버시 및 보안 면에서 최고의 선택입니다.
GraphneOS는 추가적인 [보안 강화(Security Hardening)](https://en.wikipedia.org/wiki/Hardening_(computing))와 프라이버시 강화 기능을 제공합니다. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
GraphneOS는 추가적인 [보안 강화](https://en.wikipedia.org/wiki/Hardening_(computing))와 프라이버시 강화 기능을 제공합니다. [메모리 할당 보안 강화](https://github.com/GrapheneOS/hardened_malloc), 네트워크 및 센서 권한 등 다양한 [보안 기능](https://grapheneos.org/features)을 포함하고 있습니다. GrapheneOS는 전체 펌웨어 업데이트 및 서명된 빌드 또한 제공하므로, 자체 검사 부팅을 완벽하게 지원합니다.
[:octicons-home-16: 홈페이지](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="프라이버시 정책" }
@ -116,9 +116,9 @@ We recommend installing one of these custom Android operating systems on your de
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="소스 코드" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=기부 }
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
GrapheneOS는 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play) 지원하여, [Google Play 서비스](https://en.wikipedia.org/wiki/Google_Play_Services)를 여타 일반 앱처럼 완벽하게 샌드박스를 적용하여 실행할 수 있습니다. 즉, 원하는 특정 [직장 프로필](os/android-overview.md#work-profile)이나 [사용자 프로필](os/android-overview.md#user-profiles)에 추가하여, [푸시 알림](https://firebase.google.com/docs/cloud-messaging/) 등 대부분의 Google Play 서비스를 이용하면서도 권한 및 접근 영역을 완전히 제어할 수 있습니다.
Google Pixel 스마트폰은 현재 GpapheneOS [하드웨어 보안 요구 사항](https://grapheneos.org/faq#device-support)을 충족하는 유일한 기기입니다.
Google Pixel 스마트폰은 현재 GrapheneOS [하드웨어 보안 요구 사항](https://grapheneos.org/faq#device-support)을 충족하는 유일한 기기입니다.
[CalyxOS보다 GrapheneOS를 추천하는 이유 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
@ -199,11 +199,11 @@ We recommend a wide variety of Android apps throughout this site. The apps liste
!!! recommendation
![Shelter logo](assets/img/android/shelter.svg){ align=right }
![Shelter 로고](assets/img/android/shelter.svg){ align=right }
**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
**Shelter**는 Android의 직장 프로필 기능을 이용해 기기에서 앱을 격리/복제할 수 있게 해주는 앱입니다.
Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
Shelter는 기본 파일 관리자([DocumentsUI](https://source.android.com/docs/core/architecture/modular-system/documentsui?hl=ko))를 통해 프로필 간 연락처 검색 차단 및 프로필 간 파일 공유를 지원합니다.
[:octicons-repo-16: 저장소](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="소스 코드" }
@ -291,11 +291,11 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
[:octicons-repo-16: 저장소](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="소스 코드" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=기부 }
??? downloads
??? downloads "다운로드"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)

10
i18n/ko/meta/uploading-images.md
View File

@ -1,10 +1,10 @@
---
title: Uploading Images
title: 이미지 업로드
---
Here are a couple of general rules for contributing to Privacy Guides:
본 내용은 Privacy Guides에 기여할 때 주의해야 하는 규정입니다.
## Images
## 이미지
- We **prefer** SVG images, but if those do not exist we can use PNG images
@ -13,11 +13,11 @@ Company logos have canvas size of:
- 128x128px
- 384x128px
## Optimization
## 최적화
### PNG
Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image:
PNG 이미지는 [OptiPNG](https://sourceforge.net/projects/optipng/)를 이용해 최적화하세요.
```bash
optipng -o7 file.png

14
i18n/ko/passwords.md
View File

@ -1,5 +1,5 @@
---
meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides"
meta_title: "프라이버시 및 보안을 지키기에 가장 적합한 비밀번호 관리자 - Privacy Guides"
title: "비밀번호 관리자"
icon: material/form-textbox-password
description: 비밀번호 관리자를 사용하여 비밀번호를 비롯한 기타 자격 증명을 안전하게 저장 및 관리할 수 있습니다.
@ -120,7 +120,7 @@ schema:
비밀번호 관리자를 사용하여, 비밀번호를 비롯한 기타 자격 증명을 마스터 비밀번호로 안전하게 저장 및 관리할 수 있습니다.
[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
[비밀번호 입문 :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
!!! info "정보"
@ -249,9 +249,9 @@ Psono는 제품에 관련된 문서를 매우 폭넓게 제공합니다. Psono
!!! recommendation
![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right }
![KeePassXC 로고](assets/img/password-management/keepassxc.svg){ align=right }
**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager.
**KeePassXC**는 KeePassX(KeePass Password Safe를 네이티브 크로스 플랫폼으로 포팅한 프로젝트)를 커뮤니티에서 포크한 프로젝트입니다. 새로운 기능 추가와 버그 수정을 통해 확장 및 개선하여, 풍부한 기능을 갖추고 크로스 플랫폼을 지원하는 최신 오픈 소스 비밀번호 관리자를 제공하는 것이 목표입니다.
[:octicons-home-16: 홈페이지](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="프라이버시 정책" }
@ -268,15 +268,15 @@ Psono는 제품에 관련된 문서를 매우 폭넓게 제공합니다. Psono
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. 즉, 해당 파일을 다른 비밀번호 관리자로 불러올 경우 데이터 손실이 발생할 수 있습니다. 각 데이터 항목을 수동으로 확인해보는 것이 좋습니다.
KeePassXC는 데이터 내보내기 시 [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) 파일로 저장합니다. 즉, 해당 파일을 다른 비밀번호 관리자로 불러올 경우 데이터 손실이 발생할 수 있습니다. 각 데이터 항목을 수동으로 확인해보는 것이 좋습니다.
### KeePassDX (Android)
!!! recommendation
![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
![KeePassDX 로고](assets/img/password-management/keepassdx.svg){ align=right }
**KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
**KeePassDX**는 Android용 가벼운 비밀번호 관리자입니다. 암호화된 데이터를 KeePass 형식 단일 파일로 편집할 수 있으며, 안전한 방식으로 입력 항목을 채울 수 있습니다. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro)를 결제하면 프로젝트 개발에 큰 도움을 주는 동시에, 추가 디자인 테마 및 비표준 프로토콜 기능을 사용할 수 있습니다.
[:octicons-home-16: 홈페이지](https://www.keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=문서}