diff --git a/i18n/ar/email.md b/i18n/ar/email.md
index 398c8e1c..7ae7a9e6 100644
--- a/i18n/ar/email.md
+++ b/i18n/ar/email.md
@@ -22,7 +22,7 @@ global:
خلا ذلك فنوصي بعدد من موفِّري خدمة البريد الإلكتروني، وذلك حسب استدامة نموذجات عملهم وأمنهم ومزايا الخصوصية عندهم. للمزيد من المعلومات، اطلع على [قائمة المعايير](#criteria).
-| مزوّد | OpenPGP / WKD | IMAP / SMTP | تشفير يمنع وصول المزود إلى البيانات | وسائل الدفع بدون هوية |
+| مزوّد | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | وسائل الدفع بدون هوية |
| ----------------------------- | -------------------------------------- | --------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } خطط مدفوعة فقط | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } البريد فقط | نقداً |
@@ -119,9 +119,9 @@ Proton Mail has internal crash reports that are **not** shared with third partie
#### :material-check:{ .pg-green } أمن البيانات
-عند بريد بروتون [تعمية دون أيِّ وصول](https://proton.me/blog/zero-access-encryption) لبُرُدك الإلكترونية [وتقويماتك](https://proton.me/news/protoncalendar-security-model). البيانات المحمية بتشفير بدون وصول (zero-access encryption) لا يمكن لأي أحد الوصول إليها سوى أنت.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-ليست كل البيانات في Proton Contacts مشفّرة بالكامل؛ فمثلاً، الـ display names وعناوين البريد تظل قابلة للوصول من قِبل مزود الخدمة لأنها لا تخضع لتشفير بدون وصول. الحقول في جهات الاتصال التي تدعم التشفير بدون وصول — مثل أرقام الهاتف — يتم تمييزها بأيقونة قفل.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } تشفير البريد الإلكتروني
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. يمكنك اختيار
## مقدِّموا خدمة آخرون
-يخزِّن مقدمِّو الخدمة هؤلاء بُرُدك معمَّاةً تعمية دون معرفة، وهذا جاعلهم خيارات جيِّدةً لتخزِّنها فيها. لكنهم لا يدعمون التشفير التام بين الطرفين (E2EE) عند إرسال الرسائل إلى مستخدمين في خدمات بريد إلكتروني أخرى.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. لكنهم لا يدعمون التشفير التام بين الطرفين (E2EE) عند إرسال الرسائل إلى مستخدمين في خدمات بريد إلكتروني أخرى.
@@ -254,7 +254,7 @@ Tuta only directly accepts credit cards and PayPal, however you can use [**crypt
#### :material-check:{ .pg-green } أمن البيانات
-تقوم Tuta بتشفير رسائلك، [وجهات اتصالك](https://tuta.com/support#encrypted-address-book)، [وتقويمك](https://tuta.com/support#calendar) باستخدام ما يُعرف بـ ["تشفير بدون وصول" (zero-access encryption)، وهو نظام يضمن أن لا أحد—حتى فريق Tuta نفسه—يمكنه الوصول إلى محتوى بياناتك، مما يعني أن البيانات لا يمكن قراءتها إلا من قبلك أنت فقط.](https://tuta.com/support#what-encrypted). ويعني هذا أن الرسائل والبيانات المخزَّنة في حسابك لا يقرؤها إلا أنت.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } تشفير البريد الإلكتروني
@@ -278,14 +278,14 @@ Tuta only directly accepts credit cards and PayPal, however you can use [**crypt
**الحد الأدنى لترشيح الخدمة:**
-- يجب أن يتم تشفير بيانات حساب البريد الإلكتروني أثناء التخزين باستخدام تشفير يمنع حتى مزود الخدمة من الوصول إليها (تشفير بدون وصول "Zero-access encryption").
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- يجب أن يوفر إمكانية تصدير (exporting) الرسائل بصيغة [MBOX](https://en.wikipedia.org/wiki/Mbox) أو ملفات .EML فردية وفقًا لمعيار [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- يجب أن تتيح الخدمة للمستخدمين إمكانية استخدام [اسم النطاق الخاص بهم](https://en.wikipedia.org/wiki/Domain_name). استخدام أسماء النطاقات المخصصة مهم للمستخدمين، لأنه يمنحهم استقلالية عن مزود الخدمة، في حال تدهورت الخدمة أو تم الاستحواذ عليها من قبل شركة لا تهتم بالخصوصية.
- يجب أن تعمل الخدمة على بنية تحتية مملوكة لها بالكامل، أي دون الاعتماد على مزودي خدمات بريد إلكتروني خارجيين.
**أحسن الاحتمالات:**
-- يُفضّل أن يتمّ تشفير جميع بيانات الحساب (مثل جهات الاتصال، والتقويم، وغيرها) أثناء التخزين باستخدام تشفير يمنع مزوّد الخدمة من الوصول إليها (تشفير بدون وصول "Zero-access encryption").
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- يُستحسن أن يكون التشفير القوي (مثل E2EE أو PGP) مدمجا داخل موقع البريد نفسه، حتى يتمكّن المستخدم من إرسال رسائل آمنة بسهولة.
- يُفضل أن تدعم الخدمة ميزة WKD لتسهيل العثور على مفاتيح OpenPGP العامة عبر بروتوكول HTTP. إذا كانت خدمة البريد تدعم ميزة WKD، يمكن لمستخدمي GnuPG الحصول على مفتاح التشفير العام لأي عنوان بريد باستخدام الأمر: `gpg --locate-key example_user@example.com`.
- إمكانية إرسال رسائل مشفرة إلى مستلمين ليس لديهم حساب، عبر صندوق بريد مؤقّت وآمن. تكون هذه الميزة مفيدة عندما تريد إرسال رسالة مشفّرة دون إرسال نسخة فعلية إلى بريد المستلم، بل يطّلع عليها من خلال رابط آمن. عادةً ما تبقى هذه الرسائل متاحة لفترة قصيرة فقط، ثم تُحذف تلقائيًا من الصندوق المؤقّت. ولا يحتاج المستلم إلى إعداد أي أدوات تشفير معقدة مثل OpenPGP لقراءة الرسالة.
@@ -317,7 +317,7 @@ Tuta only directly accepts credit cards and PayPal, however you can use [**crypt
**أقل المتطلبات لترشيح الخدمة:**
- تأمين واجهة البريد عبر المتصفح (Webmail) باستخدام المصادقة الثنائية (2FA)، مثل [رموز TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp) المؤقتة.
-- تشفير بدون وصول (Zero-access encryption)، وهو امتداد لتشفير البيانات أثناء التخزين (encryption at rest)، ويضمن أن حتى مزود الخدمة لا يمكنه الوصول إلى محتوى بياناتك، لأنه لا يمتلك مفاتيح فك التشفير. مزود الخدمة لا يمتلك مفاتيح فك التشفير الخاصة بالبيانات التي يحتفظ بها. هذا يمنع أي موظف سيئ النية من تسريب البيانات التي يمكنه الوصول إليها، أو أي جهة خارجية من كشف البيانات حتى لو تمكّنت من اختراق الخادم، لأن البيانات تكون مشفرة ولا يمكن قراءتها دون المفاتيح.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- دعم [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)، وهي تقنية تهدف إلى حماية نظام أسماء النطاقات (DNS) من التلاعب، من خلال التحقق من أن البيانات المستلمة من خوادم DNS أصلية ولم يتم تعديلها.
- ألا تظهر أي أخطاء أو ثغرات في بروتوكول TLS عند فحص الخدمة باستخدام أدوات مثل [Hardenize](https://hardenize.com)، أو [testssl.sh](https://testssl.sh)، أو [Qualys SSL Labs](https://ssllabs.com/ssltest). ويشمل ذلك خلو الخدمة من أخطاء في الشهادات الأمنية أو استخدام معايير تشفير ضعيفة (مثل مفاتيح DH غير الآمنة) والتي تسببت سابقا في ثغرات أمنية مثل [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- يفضّل أن يستخدم الخادم مجموعات تشفير قوية (cipher suites) تُعطي أولوية للأمان، وتدعم خصائص مثل forward secrecy والتشفير الموثوق (authenticated encryption).
diff --git a/i18n/ar/pastebins.md b/i18n/ar/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/ar/pastebins.md
+++ b/i18n/ar/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/ar/self-hosting/email-servers.md b/i18n/ar/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/ar/self-hosting/email-servers.md
+++ b/i18n/ar/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/bn-IN/email.md b/i18n/bn-IN/email.md
index 497cf2c3..d885d6ba 100644
--- a/i18n/bn-IN/email.md
+++ b/i18n/bn-IN/email.md
@@ -22,7 +22,7 @@ Email is practically a necessity for using any online service, however we do not
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/bn-IN/pastebins.md b/i18n/bn-IN/pastebins.md
index fd9f64b9..26561077 100644
--- a/i18n/bn-IN/pastebins.md
+++ b/i18n/bn-IN/pastebins.md
@@ -1,5 +1,5 @@
---
-title: Pastebins
+title: "Pastebins"
icon: material/content-paste
description: These tools allow you to have full control of any pasted data you share to other parties.
cover: pastebins.webp
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/bn-IN/self-hosting/email-servers.md b/i18n/bn-IN/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/bn-IN/self-hosting/email-servers.md
+++ b/i18n/bn-IN/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/bn/email.md b/i18n/bn/email.md
index 497cf2c3..d885d6ba 100644
--- a/i18n/bn/email.md
+++ b/i18n/bn/email.md
@@ -22,7 +22,7 @@ Email is practically a necessity for using any online service, however we do not
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/bn/pastebins.md b/i18n/bn/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/bn/pastebins.md
+++ b/i18n/bn/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/bn/self-hosting/email-servers.md b/i18n/bn/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/bn/self-hosting/email-servers.md
+++ b/i18n/bn/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/cs/email.md b/i18n/cs/email.md
index 274eac02..b419b48c 100644
--- a/i18n/cs/email.md
+++ b/i18n/cs/email.md
@@ -22,7 +22,7 @@ E-mail je prakticky nezbytný pro používání jakékoliv online služby, ale n
Pro všechno ostatní doporučujeme různé e-mailové poskytovatele, kteří mají udržitelný byznys model a vestavěné funkce pro zachování bezpečnosti a soukromí. Přečtěte si náš [úplný seznam kritérií](#criteria) pro více informací.
-| Poskytovatel | OpenPGP / WKD | IMAP / SMTP | Zero-Access šifrování | Anonymní platební metody |
+| Poskytovatel | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymní platební metody |
| ----------------------------- | -------------------------------------- | --------------------------------------------------------------- | ------------------------------------------------------ | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Pouze placené tarify | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Pouze maily | Hotovost |
@@ -119,9 +119,9 @@ Proton Mail podporuje [dvoufaktorové ověřování](https://proton.me/support/t
#### :material-check:{ .pg-green } Zabezpečení dat
-Proton Mail má [zero-access šifrování](https://proton.me/blog/zero-access-encryption) pro uložená data e-mailů a [kalendářů](https://proton.me/news/protoncalendar-security-model). K datům zabezpečeným zero-access šifrováním můžete přistupovat jenom vy.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Určité informace uložené v [Kontaktech](https://proton.me/support/proton-contacts), např. zobrazovaná jména nebo e-mailové adresy, nejsou zabezpečené zero-access šifrováním. Pole kontaktu, která podporují zero-access šifrování, např. telefonní čísla, jsou označené ikonou zámku.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Šifrování e-malu
@@ -198,7 +198,7 @@ Mailbox Mail má službu digitálního dědictví ve všech tarifech. Můžete s
## Více poskytovatelů
-Tito poskytovatelé ukládají vaše e-maily pomocí zero-knowledge šifrování, které je skvělou možností pro zabezpečení vašich uložených e-mailů. Nepodporují však interoperabilní šifrovací standardy pro E2EE komunikaci napříč různými poskytovateli.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Nepodporují však interoperabilní šifrovací standardy pro E2EE komunikaci napříč různými poskytovateli.
@@ -254,7 +254,7 @@ Tuta podporuje [dvoufaktorové oveřování](https://tuta.com/support#2fa) pomoc
#### :material-check:{ .pg-green } Zabezpečení dat
-Tuta má [zero-access šifrování v klidu](https://tuta.com/support#what-encrypted) pro vaše e-maily, [kontakty v adresáři](https://tuta.com/support#encrypted-address-book) i [kalendáře](https://tuta.com/support#calendar). To znamená, že zprávy a jiná data uložená na vašem účtu můžete číst pouze vy.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Šifrování e-mailů
@@ -278,14 +278,14 @@ Tyto funkce považujeme za důležité pro to, aby byla služba bezpečná a opt
**Naprosté minimum:**
-- Musí šifrovat data e-mailového účtu v klidu zero-access šifrováním.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Musí být schopen exportovat e-maily jako [Mbox](https://en.wikipedia.org/wiki/Mbox) nebo jednotlivé .EML v normě [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Umožňovat uživatelům používat jejich vlastní [domény](https://en.wikipedia.org/wiki/Domain_name). Vlastní domény jsou pro uživatele důležité, protože jim umožňují zachovávat nezávislost na službě, ať už z důvodu jejího úpadku nebo převzetí jinou společností, která nepovažuje soukromí za prioritu.
- Musí fungovat na vlastní infrastruktuře, tzn. že nesmí běžet na e-mailových službách třetích stran.
**Nejlepší případ:**
-- Měla by šifrovat všechna data účtu (kontakty, kalendáře atd.) v klidu pomocí zero-access šifrování.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Měla by pro jednoduchost poskytovat webmail s integrovaným E2EE/PGP šifrováním.
- Měla by podporovat WKD, aby bylo možné lépe nalézat veřejné OpenPGP klíče přes HTTP. Uživatelé GnuPG mohou získat klíč tímto příkazem: `gpg --locate-key uzivatel@priklad.cz`.
- Podporuje dočasné schránky pro externí uživatele. To je užitečné, pokud chcete poslat zašifrovaný e-mail, aniž byste odeslali skutečnou kopii příjemci. Tyto e-maily mají obvykle omezenou životnost a jsou následně smazány. Také nevyžadují od příjemce nastavování jakékoliv kryptografie, např. OpenPGP.
@@ -317,7 +317,7 @@ E-mailové servery pracují s velkým množstvím citlivých dat. Očekáváme,
**Naprosté minimum:**
- Ochrana webmailu pomocí 2FA, např. [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access šifrování, které staví na šifrování v klidu. Poskytovatel nemá k dispozici dešifrovací klíče k datům, které jsou u něj uložené. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/cs/pastebins.md b/i18n/cs/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/cs/pastebins.md
+++ b/i18n/cs/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/cs/self-hosting/email-servers.md b/i18n/cs/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/cs/self-hosting/email-servers.md
+++ b/i18n/cs/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/de/email.md b/i18n/de/email.md
index fdc12ecf..fc9e3fce 100644
--- a/i18n/de/email.md
+++ b/i18n/de/email.md
@@ -22,7 +22,7 @@ E-Mail ist praktisch eine Voraussetzung für die Nutzung aller Online-Dienste, w
Für alles andere empfehlen wir eine Reihe von E-Mail-Anbietern, die auf nachhaltigen Geschäftsmodellen basieren und integrierte Sicherheits- und Datenschutzfunktionen bieten. Weitere Informationen findest du in unserem [vollständigen Kriterienkatalog](#criteria).
-| Anbieter | OpenPGP / WKD | IMAP / SMTP | Null-Zugriff-Verschlüsselung | Anonyme Zahlungsmethoden |
+| Anbieter | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonyme Zahlungsmethoden |
| ----------------------------- | -------------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Nur kostenpflichtige Pläne | :material-check:{ .pg-green } | Bar
Monero über Dritte |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Nur Mail | Bargeld |
@@ -119,9 +119,9 @@ Proton Mail unterstützt TOTP [Zwei-Faktor-Authentisierung](https://proton.me/su
#### :material-check:{ .pg-green } Datensicherheit
-Proton Mail verfügt über [Zero-Access-Verschlüsselung](https://proton.me/de/blog/zero-access-encryption) bei Ablage auf dem Server für deine E-Mails und [Kalender](https://proton.me/de/blog/protoncalendar-security-model). Die mit einer Zero-Access-Verschlüsselung gesicherten Daten sind nur für dich zugänglich.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Bestimmte Informationen, die in [Proton Contacts](https://proton.me/support/proton-contacts) gespeichert sind, wie z. B. Anzeigenamen und E-Mail-Adressen, sind nicht mit einer Zero-Access-Verschlüsselung gesichert. Kontaktfelder, die eine Zero-Access-Verschlüsselung unterstützen, wie z. B. Telefonnummern, sind mit einem Vorhängeschloss-Symbol gekennzeichnet.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } E-Mail-Verschlüsselung
@@ -198,7 +198,7 @@ Mailbox Mail hat ein digitales Erbe Funktion für alle Pläne. You can choose wh
## Weitere Anbieter
-Diese Anbieter speichern deine E-Mails mit Zero-Knowledge-Verschlüsselung und sind damit eine gute Option für die Sicherheit deiner gespeicherten E-Mails. Allerdings unterstützen sie keine Interoperablen Verschlüsselungsstandards für Ende zu Ende Verschlüsselung zwischen verschiedenen Anbietern.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Allerdings unterstützen sie keine Interoperablen Verschlüsselungsstandards für Ende zu Ende Verschlüsselung zwischen verschiedenen Anbietern.
@@ -254,7 +254,7 @@ Tuta unterstützt die [Zwei-Faktor-Authentisierung](https://tuta.com/support#2fa
#### :material-check:{ .pg-green } Datensicherheit
-Tuta hat [ruhende Zero-Access-Verschlüsselung](https://tuta.com/support#what-encrypted) für deine E-Mails, dein [Adressenbuch](https://tuta.com/support#encrypted-address-book) und dein [Kalender](https://tuta.com/support#calendar). Das bedeutet, dass die in deinem Konto gespeicherten Nachrichten und andere Daten nur von dir gelesen werden können.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } E-Mail-Verschlüsselung
@@ -278,14 +278,14 @@ Wir halten diese Merkmale für wichtig, um einen sicheren und optimalen Service
**Mindestvoraussetzung um sich zu qualifizieren:**
-- Muss Email-Konto-Daten mit ruhende Zero-Access-Verschlüsselung verschlüsseln.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Muss fähig sein, E-Mails als [Mbox](https://en.wikipedia.org/wiki/Mbox) oder als einzelne .EML laut [RFC5322](https://datatracker.ietf.org/doc/rfc5322) Standard zu exportieren.
- Erlaubt Nutzer ihre eigenen [Domainnamen](https://de.wikipedia.org/wiki/Domain_(Internet)) zu nutzen. Benutzerdefinierte Domänennamen sind für die Nutzer wichtig, da du so deine Identität von dem Dienst fernhalten kannst, falls dieser sich als schlecht erweist oder von einem anderen Unternehmen übernommen wird, bei dem der Datenschutz keine Rolle spielt.
- Muss auf besitzte Infrastruktur betrieben werden, d.h. nicht auf Drittanbieter aufgebaut sein.
**Im besten Fall:**
-- Soll alle Kontodaten (Kontakte, Kalender, etc.) mit ruhender Zero-Access-Verschlüsselung verschlüsseln.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Soll als Komfort integrierte Webmail E2EE-/PGP-Verschlüsselung anbieten.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG Nutzer können einen Schlüssel mit dem folgenden Befehl erhalten: `gpg --locate-key example_user@example.com`.
- Unterstützung für eine temporäre Mailbox für externe Benutzer. Dies ist nützlich, wenn du eine verschlüsselte E-Mail verschicken willst, ohne eine echte Kopie zu deinem Empfänger zu schicken. Diese E-Mails haben in der Regel eine begrenzte Lebensdauer und werden dann automatisch gelöscht. Sie erfordern auch nicht, dass der Empfänger eine Kryptographie wie OpenPGP konfiguriert.
@@ -317,7 +317,7 @@ E-Mail-Server befassen sich mit vielen sensiblen Daten. Wir erwarten, dass Anbie
**Mindestvoraussetzung um zu qualifizieren:**
- Schutz von Webmail mit 2FA, wie z.B. [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-Access-Verschlüsselung, die auf ruhende Verschlüsselung aufbaut. Der Anbieter verfügt nicht über die Entschlüsselungsschlüssel zu den Daten, die er besitzt. So wird verhindert, dass ein abtrünniger Mitarbeitender Daten preisgibt, auf die er/sie Zugriff hat, oder dass ein Angreifender Daten freigibt, die er/sie gestohlen hat, indem er/sie sich unbefugt Zugang zum Server verschafft.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://de.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) Unterstützung.
- Keine TLS-Fehler oder -Schwachstellen beim Profiling durch Tools wie [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh)oder [Qualys SSL Labs](https://ssllabs.com/ssltest); dies schließt zertifikatsbezogene Fehler und schwache DH-Parameter ein, wie z. B. die, die zu [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) führten.
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/de/pastebins.md b/i18n/de/pastebins.md
index 865b7d4b..a0b15c38 100644
--- a/i18n/de/pastebins.md
+++ b/i18n/de/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Die Daten werden im Browser mit 256-Bit-AES verschlüsselt bzw. entschlüsselt. Es ist die verbesserte Version von ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Die Daten werden im Browser mit 256-Bit-AES verschlüsselt bzw. entschlüsselt. Es ist die verbesserte Version von ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Mindestanforderungen
- Muss Open Source sein.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Muss passwortgeschützte Dateien unterstützen.
### Im besten Fall
diff --git a/i18n/de/self-hosting/email-servers.md b/i18n/de/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/de/self-hosting/email-servers.md
+++ b/i18n/de/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/el/email.md b/i18n/el/email.md
index 6d37758d..cfb2ea6c 100644
--- a/i18n/el/email.md
+++ b/i18n/el/email.md
@@ -22,7 +22,7 @@ global:
Για όλα τα υπόλοιπα, συνιστούμε μια ποικιλία παρόχων ηλεκτρονικού ταχυδρομείου που βασίζονται σε βιώσιμα επιχειρηματικά μοντέλα και ενσωματωμένα χαρακτηριστικά ασφάλειας και απορρήτου. Διαβάστε τον [πλήρη κατάλογο των κριτηρίων](#criteria) μας για περισσότερες πληροφορίες.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/el/pastebins.md b/i18n/el/pastebins.md
index 9d18ed5e..043b29d6 100644
--- a/i18n/el/pastebins.md
+++ b/i18n/el/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Πρέπει να είναι ανοικτού κώδικα.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/el/self-hosting/email-servers.md b/i18n/el/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/el/self-hosting/email-servers.md
+++ b/i18n/el/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/eo/email.md b/i18n/eo/email.md
index b74abd91..bd6de457 100644
--- a/i18n/eo/email.md
+++ b/i18n/eo/email.md
@@ -22,7 +22,7 @@ Email is practically a necessity for using any online service, however we do not
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/eo/pastebins.md b/i18n/eo/pastebins.md
index fd9f64b9..26561077 100644
--- a/i18n/eo/pastebins.md
+++ b/i18n/eo/pastebins.md
@@ -1,5 +1,5 @@
---
-title: Pastebins
+title: "Pastebins"
icon: material/content-paste
description: These tools allow you to have full control of any pasted data you share to other parties.
cover: pastebins.webp
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/eo/self-hosting/email-servers.md b/i18n/eo/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/eo/self-hosting/email-servers.md
+++ b/i18n/eo/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/es/email.md b/i18n/es/email.md
index c3bbf2e7..20480ed6 100644
--- a/i18n/es/email.md
+++ b/i18n/es/email.md
@@ -22,7 +22,7 @@ El correo electrónico es prácticamente una necesidad para utilizar cualquier s
Para todo lo demás, recomendamos una variedad de proveedores de correo electrónico basados en modelos sostenibles, además de características de seguridad y privacidad integradas. Lee nuestra \[lista completa de criterios\](#criterios) para más información.
-| Proveedor | OpenPGP / WKD | IMAP / SMTP | Cifrado de Acceso Cero | Métodos de Pago Anónimos |
+| Proveedor | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Métodos de Pago Anónimos |
| ----------------------------- | -------------------------------------- | ----------------------------------------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Sólo en planes de pago | :material-check:{ .pg-green } | Efectivo
Monero a través de terceros |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Sólo el correo | Efectivo |
@@ -119,9 +119,9 @@ Proton Mail es compatible con la [autenticación de dos factores](https://proton
#### :material-check:{ .pg-green } Seguridad de Datos
-Proton Mail tiene [encriptacion de cero acceso](https://proton.me/blog/zero-access-encryption) en reposo para tus correos electrónicos y [calendarios](https://proton.me/news/protoncalendar-security-model). Datos asegurados con encriptación de cero-acceso son solamente accesibles por ti.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Cierta información almacenada en [Proton Contacts](https://proton.me/support/proton-contacts), como nombres y direcciones de correo electrónico, no está protegida con encriptación de cero-acceso. Los campos de contacto que admiten encriptación de cero-acceso, como los números de teléfono, se indican con un icono de candado.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Encriptación de Correo Electrónico
@@ -198,7 +198,7 @@ Mailbox Mail tiene una función de legado digital para todos los planes. Puedes
## Más Proveedores
-Estos proveedores almacenan tus correos electrónicos con cifrado de cero-conocimiento, lo que los convierte en excelentes opciones para mantener seguros tus correos electrónicos almacenados. Sin embargo, no admiten normas de cifrado interoperables para las comunicaciones E2EE entre distintos proveedores.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Sin embargo, no admiten normas de cifrado interoperables para las comunicaciones E2EE entre distintos proveedores.
@@ -254,7 +254,7 @@ Tuta soporta la [autenticación de dos factores](https://tuta.com/support#2fa) y
#### :material-check:{ .pg-green } Seguridad de los datos
-Tuta tiene [cifrado de acceso cero en reposo](https://tuta.com/support#what-encrypted) para tus correos, [contactos de la libreta de direcciones](https://tuta.com/support#encrypted-address-book) y [calendarios](https://tuta.com/support#calendar). Esto significa que sólo tú puedes leer los mensajes y otros datos almacenados en tu cuenta.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Cifrado de correo electrónico
@@ -278,14 +278,14 @@ Consideramos que estas características son importantes para ofrecer un servicio
**Mínimo para calificar:**
-- Debe cifrar los datos de la cuenta de correo electrónico en reposo con cifrado de acceso cero.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Debe ser capaz de exportar correos electrónicos como [Mbox](https://en.wikipedia.org/wiki/Mbox) o .EML individuales con el estándar [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Permite a los usuarios utilizar su propio [nombre de dominio](https://en.wikipedia.org/wiki/Domain_name). Los nombres de dominio personalizados son importantes para los usuarios porque les permiten mantener su agencia del servicio, en caso de que éste se estropee o sea adquirido por otra empresa que no dé prioridad a la privacidad.
- Debe funcionar con infraestructura propia, es decir, no debe basarse en proveedores de servicios de correo electrónico de terceros.
**Mejor Caso:**
-- Debe cifrar todos los datos de la cuenta (contactos, calendarios, etc.) en reposo con cifrado de acceso cero.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Debe proporcionar cifrado E2EE/PGP de correo web integrado como comodidad.
- Debe soportar WKD para permitir un mejor descubrimiento de claves públicas OpenPGP a través de HTTP. Los usuarios de GnuPG pueden obtener una clave con este comando: `gpg --locate-key example_user@example.com.`.
- Soporte para un buzón temporal para usuarios externos. Esto es útil cuando quieres enviar un correo electrónico encriptado, sin enviar una copia real a tu destinatario. Estos correos electrónicos suelen tener una vida útil limitada y luego se eliminan automáticamente. Tampoco requieren que el destinatario configure ninguna criptografía como OpenPGP.
@@ -317,7 +317,7 @@ Los servidores de correo electrónico manejan muchos datos sensibles. Esperamos
**Mínimo para Calificar:**
- Protección del correo web con 2FA, como [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Cifrado de acceso cero, que se basa en el cifrado en reposo. El proveedor no disponga de las claves de descifrado de los datos que posee. Esto evita que un empleado deshonesto filtre datos a los que tiene acceso o que un adversario remoto divulgue datos que ha robado al obtener acceso no autorizado al servidor.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Compatible con [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Sin errores o vulnerabilidades TLS al ser perfilado por herramientas como [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) o [Qualys SSL Labs](https://ssllabs.com/ssltest); esto incluye errores relacionados con certificados y parámetros DH débiles, como los que llevaron a [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- Una preferencia de suite de servidor (opcional en TLS 1.3) para suites de cifrado fuertes que soporten secreto hacia adelante y encriptación autenticada.
diff --git a/i18n/es/pastebins.md b/i18n/es/pastebins.md
index 838fcd72..37a35614 100644
--- a/i18n/es/pastebins.md
+++ b/i18n/es/pastebins.md
@@ -17,7 +17,7 @@ Los [**Pastebins**](https://es.wikipedia.org/wiki/Pastebin) son servicios en lí
{ align=right }
-**PrivateBin** es un pastebin en línea minimalista y de código abierto en el que el servidor no tiene ningún conocimiento de los datos pegados. Los datos se cifran/descifran en el navegador utilizando AES de 256 bits. Es la versión mejorada de ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Los datos se cifran/descifran en el navegador utilizando AES de 256 bits. Es la versión mejorada de ZeroBin.
[:octicons-home-16: Página Principal](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Instancias Públicas"}
@@ -49,7 +49,7 @@ Los [**Pastebins**](https://es.wikipedia.org/wiki/Pastebin) son servicios en lí
### Requisitos Mínimos
- Debe ser de código abierto.
-- Debe implantar E2EE de «confianza cero».
+- Must encrypt pasted data on the client side before it is sent to the server.
- Debe admitir archivos protegidos por contraseña.
### Mejor Caso
diff --git a/i18n/es/self-hosting/email-servers.md b/i18n/es/self-hosting/email-servers.md
index 6bf3de2a..7d588676 100644
--- a/i18n/es/self-hosting/email-servers.md
+++ b/i18n/es/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Los administradores de sistemas avanzados pueden considerar configurar su propio
-La [implementación de PGP] de Stalwart(https://stalw.art/docs/encryption/overview) es única entre nuestras recomendaciones de autoalojamiento y te permite operar tu propio servidor de correo con almacenamiento de mensajes de conocimiento cero. Si además configuras Web Key Directory (WKD) en tu dominio, y si utilizas un cliente de correo electrónico que soporte PGP y WKD para el correo saliente (como Thunderbird), entonces esta es la forma más sencilla de conseguir compatibilidad E2EE autoalojada con todos los usuarios de [Proton Mail](../email.md#proton-mail).
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. Si además configuras Web Key Directory (WKD) en tu dominio, y si utilizas un cliente de correo electrónico que soporte PGP y WKD para el correo saliente (como Thunderbird), entonces esta es la forma más sencilla de conseguir compatibilidad E2EE autoalojada con todos los usuarios de [Proton Mail](../email.md#proton-mail).
Stalwart **no** tiene un correo web integrado, así que tendrás que usarlo con un [cliente de correo electrónico dedicado](../email-clients.md) o encontrar un correo web de código abierto para autoalojarlo, como la aplicación Mail de Nextcloud.
diff --git a/i18n/fa/email.md b/i18n/fa/email.md
index 4f0d1a45..bf8dc3b5 100644
--- a/i18n/fa/email.md
+++ b/i18n/fa/email.md
@@ -22,7 +22,7 @@ global:
برای هر چیز دیگری، ما انواع ارائه دهندگان ایمیل را بر اساس مدلهای تجاری پایدار و ویژگیهای امنیتی و حریم خصوصی توصیه میکنیم. برای اطلاعات بیشتر، [فهرست کامل معیارها](#criteria) را بخوانید.
-| ارائهدهنده | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| ارائهدهنده | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } امنیت داده
-Proton Mail دارای [رمزگذاری بدون دسترسی](https://proton.me/blog/zero-access-encryption) برای سرویس ایمیل و [تقویم](https://proton.me/news/protoncalendar-security-model) است. داده های ایمن شده با رمزگذاری دسترسی صفر فقط توسط شما قابل دسترسی است.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-برخی از اطلاعات ذخیره شده در [Proton Contacts](https://proton.me/support/proton-contacts)، مانند نامهای نمایشی و آدرسهای ایمیل، با رمزگذاری دسترسی صفر ایمن نمیشوند. فیلدهای مخاطبین که از رمزگذاری دسترسی صفر پشتیبانی می کنند، مانند شماره تلفن، با نماد قفل نشان مشخص می شوند.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } رمزگذاری ایمیل
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## سرویس دهندگان بیشتر
-این ارائه دهندگان ایمیل های شما را با رمزگذاری دانش صفر (zero-knowledge encryption) ذخیره می کنند که آنها را گزینههای خوبی برای ایمن نگه داشتن ایمیل های شما میکند. با این حال، آنها از استانداردهای رمزگذاری E2EE بین ارائه دهندگان مختلف ایمیل پشتیبانی نمیکنند.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. با این حال، آنها از استانداردهای رمزگذاری E2EE بین ارائه دهندگان مختلف ایمیل پشتیبانی نمیکنند.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } امنیت داده
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). این بدان معناست که پیام ها و سایر داده های ذخیره شده در حساب شما فقط توسط شما قابل خواندن است.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } رمزگذاری ایمیل
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**حداقل شرایط صلاحیت:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**بهترین حالت:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**حداقل شرایط لازم:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/fa/pastebins.md b/i18n/fa/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/fa/pastebins.md
+++ b/i18n/fa/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/fa/self-hosting/email-servers.md b/i18n/fa/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/fa/self-hosting/email-servers.md
+++ b/i18n/fa/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/fr/email.md b/i18n/fr/email.md
index 04f6c19c..48575f56 100644
--- a/i18n/fr/email.md
+++ b/i18n/fr/email.md
@@ -22,7 +22,7 @@ L'e-mail est pratiquement une nécessité pour utiliser n'importe quel service e
Pour tout le reste, nous recommandons une variété de fournisseurs d'email en fonction de la viabilité de leur modèle économique et de leurs fonctions intégrées de sécurité et de confidentialité. Lisez notre \[liste complète de critères\](#criteres) pour plus d'informations.
-| Fournisseur | OpenPGP / WKD | IMAP / SMTP | Chiffrement zéro accès | Méthodes de paiement anonymes |
+| Fournisseur | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Méthodes de paiement anonymes |
| ----------------------------- | -------------------------------------- | ------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Abonnements payants uniquement | :material-check:{ .pg-green } | Espèces
Monero via un tiers |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } E-mails seulement | Argent liquide |
@@ -119,9 +119,9 @@ Proton Mail prend en charge l'[authentification à deux facteurs](https://proton
#### :material-check:{ .pg-green } Sécurité des données
-Proton Mail dispose d'un [chiffrement à accès zéro](https://proton.me/blog/zero-access-encryption) au repos pour vos e-mails et [calendriers](https://proton.me/news/protoncalendar-security-model). Les données sécurisées par un chiffrement à accès zéro ne sont accessibles que par vous.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certaines informations stockées dans [Proton Contacts](https://proton.me/support/proton-contacts), telles que les noms et les adresses e-mail, ne sont pas sécurisées par un chiffrement à accès zéro. Les champs de contact qui prennent en charge le chiffrement à accès zéro, comme les numéros de téléphone, sont indiqués par une icône de cadenas.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Chiffrement des e-mails
@@ -198,7 +198,7 @@ Mailbox Mail dispose d'une fonction d'héritage numérique pour toutes les offre
## D'autres fournisseurs
-Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, ce qui en fait d'excellentes options pour assurer la sécurité de vos e-mails stockés. Cependant, ils ne prennent pas en charge les normes de chiffrement interopérables pour des communications E2EE entre fournisseurs.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Cependant, ils ne prennent pas en charge les normes de chiffrement interopérables pour des communications E2EE entre fournisseurs.
@@ -254,7 +254,7 @@ Tuta prend en charge l'[authentification à deux facteurs](https://tuta.com/supp
#### :material-check:{ .pg-green } Sécurité des données
-Tuta dispose d'un [chiffrement à accès zéro au repos](https://tuta.com/support#what-encrypted) pour vos e-mails, votre [carnet d'adresses, vos contacts](https://tuta.com/support#encrypted-address-book) et vos [calendriers](https://tuta.com/support#calendar). Cela signifie que les messages et autres données stockés dans votre compte ne sont lisibles que par vous.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Chiffrement des e-mails
@@ -278,14 +278,14 @@ Nous considérons ces caractéristiques comme importantes afin de fournir un ser
**Minimum pour se qualifier :**
-- Doit crypter les données des comptes de messagerie au repos avec un cryptage à accès zéro.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Doit être capable d'exporter des courriels sous forme de [Mbox](https://en.wikipedia.org/wiki/Mbox) ou de .EML individuel selon la norme [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Permettre aux utilisateurs d'utiliser leur propre [nom de domaine](https://en.wikipedia.org/wiki/Domain_name). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée.
- Doit fonctionner sur une infrastructure propre, c'est-à-dire qu'elle ne doit pas reposer sur des fournisseurs de services de messagerie tiers.
**Dans le meilleur des cas :**
-- Devrait chiffrer toutes les données du compte (contacts, calendriers, etc.) au repos à l'aide d'un chiffrement à accès zéro.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Devrait fournir un cryptage E2EE/PGP intégré pour le webmail, à titre de commodité.
- Devrait prendre en charge WKD pour permettre une meilleure découverte des clés publiques OpenPGP via HTTP. Les utilisateurs de GnuPG peuvent obtenir une clé avec la commande suivante : `gpg --locate-key example_user@example.com.`
- Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un e-mail chiffré, sans envoyer une copie réelle à votre destinataire. Ces e-mails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP.
@@ -317,7 +317,7 @@ Les serveurs d'e-mail traitent un grand nombre de données très sensibles. Nous
**Minimum pour se qualifier :**
- Protection du webmail par 2FA, tel que [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Le chiffrement à accès zéro, qui s'appuie sur le chiffrement au repos. Le fournisseur ne dispose pas des clés de déchiffrement des données qu'il détient. Cela permet d'éviter qu'un employé malhonnête ne divulgue les données auxquelles il a accès ou qu'un adversaire distant ne divulgue les données qu'il a volées en obtenant un accès non autorisé au serveur.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Prise en charge de [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Aucune erreurs ou vulnérabilités TLS lors du profilage par des outils tels que [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), ou [Qualys SSL Labs](https://ssllabs.com/ssltest); cela inclut les erreurs liées aux certificats et les paramètres DH faibles, tels que ceux qui ont conduit à [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- Une préférence pour les serveurs (facultatif sur TLSv1.3) pour des suites de chiffrement fortes qui prennent en charge la confidentialité persistante et le chiffrement authentifié.
diff --git a/i18n/fr/pastebins.md b/i18n/fr/pastebins.md
index e8001325..2da8b5ca 100644
--- a/i18n/fr/pastebins.md
+++ b/i18n/fr/pastebins.md
@@ -17,7 +17,7 @@ Les [**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) sont des services we
{ align=right }
-**PrivateBin** est un pastebin en ligne minimaliste et open-source dont le serveur n'a aucune connaissance des pastes. Les données sont chiffrées/déchiffrées dans le navigateur en utilisant AES 256 bits. Il s'agit de la version améliorée de ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Les données sont chiffrées/déchiffrées dans le navigateur en utilisant AES 256 bits. Il s'agit de la version améliorée de ZeroBin.
[:octicons-home-16: Pas d'Accueil](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Instances Publiques"}
@@ -49,7 +49,7 @@ Les [**Pastebins**](https://en.wikipedia.org/wiki/Pastebin) sont des services we
### Exigences minimales
- Doit être open-source.
-- Doit implémenter le chiffrement de bout-en-bout "confiance zéro".
+- Must encrypt pasted data on the client side before it is sent to the server.
- Doit prendre en charge les fichiers protégés par un mot de passe.
### Critères optimaux
diff --git a/i18n/fr/self-hosting/email-servers.md b/i18n/fr/self-hosting/email-servers.md
index 0989d812..00b73710 100644
--- a/i18n/fr/self-hosting/email-servers.md
+++ b/i18n/fr/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Les administrateurs système avancés peuvent envisager de configurer leur propr
-L'[implémentation PGP de Stalwart] (https://stalw.art/docs/encryption/overview) est unique parmi nos recommandations auto-hébergées et vous permet d'exploiter votre propre serveur de messagerie avec un stockage de messages à connaissance nulle (zero-knowledge encryption). En configurant en plus Web Key Directory (WKD) sur votre domaine, et si vous utilisez un client mail qui prend en charge PGP et WKD pour les mails sortants (comme Thunderbird), alors c'est la façon la plus simple d'obtenir la compatibilté E2EE auto-hebergée avec tous les utilisateurs de [Proton Mail](../email.md#proton-mail).
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. En configurant en plus Web Key Directory (WKD) sur votre domaine, et si vous utilisez un client mail qui prend en charge PGP et WKD pour les mails sortants (comme Thunderbird), alors c'est la façon la plus simple d'obtenir la compatibilté E2EE auto-hebergée avec tous les utilisateurs de [Proton Mail](../email.md#proton-mail).
Stalwart n'a **pas** de webmail intégré, vous devrez donc l'utiliser avec un [client mail dédié](../email-clients.md) ou trouver un webmail open-source auto-hébergeable, comme l'application Mail de Nextcloud.
diff --git a/i18n/he/email.md b/i18n/he/email.md
index 8f3593ca..0aa822bc 100644
--- a/i18n/he/email.md
+++ b/i18n/he/email.md
@@ -22,7 +22,7 @@ global:
לכל השאר, אנו ממליצים על מגוון ספק אימייל המבוססים על מודלים עסקיים ברי קיימא ותכונות אבטחה ופרטיות מובנות. קרא את \[רשימת הקריטריונים המלאה\](#_20) שלנו למידע נוסף.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | מזומן |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } אבטחת מידע
-ל-Proton Mail יש [הצפנה עם אפס-גישה](https://proton.me/blog/zero-access-encryption) במצב מנוחה עבור המיילים ו[היומנים](https://proton.me/news/protoncalendar-security-model) שלך. נתונים המאובטחים באמצעות הצפנת אפס גישה נגישים רק לך.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-מידע מסוים המאוחסן ב-[Proton Contacts](https://proton.me/support/proton-contacts), כגון שמות תצוגה וכתובות אימייל, אינו מאובטח בהצפנה ללא גישה. שדות אנשי קשר התומכים בהצפנה ללא גישה, כגון מספרי טלפון, מסומנים בסמל מנעול.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } הצפנת אימייל
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## עוד ספקים
-ספקים אלה מאחסנים את המיילים שלך עם הצפנת אפס ידע, מה שהופך אותם לאפשרויות נהדרות לשמירה על אבטחת המיילים המאוחסנים שלך. עם זאת, הם אינם תומכים בתקני הצפנה הדדיים עבור תקשורת E2EE בין ספקים שונים.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. עם זאת, הם אינם תומכים בתקני הצפנה הדדיים עבור תקשורת E2EE בין ספקים שונים.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } אבטחת מידע
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). משמעות הדבר היא שההודעות ונתונים אחרים המאוחסנים בחשבונך ניתנים לקריאה רק על ידך.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } הצפנת אימייל
@@ -278,14 +278,14 @@ Tuta offers the business version of [Tuta to non-profit organizations](https://t
**מינימום כדי לעמוד בדרישות:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). שמות דומיין מותאמים אישית חשובים למשתמשים מכיוון שהם מאפשרים להם לתחזק את הסוכנות שלהם מהשירות, אם היא תהפוך לגרועה או תירכש על ידי חברה אחרת שאינה מתעדפת פרטיות.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**המקרה הטוב ביותר:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- תמיכה בתיבת דואר זמנית למשתמשים חיצוניים. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. למיילים אלה יש בדרך כלל תוחלת חיים מוגבלת ולאחר מכן נמחקות אוטומטית. הם גם לא דורשים מהנמען להגדיר שום קריפטוגרפיה כמו OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**מינימום כדי לעמוד בדרישות:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. לספק אין את מפתחות הפענוח של הנתונים שברשותו. פעולה זו מונעת מעובד שסרח להדליף נתונים שיש לו גישה אליהם או מיריב מרחוק לשחרר נתונים שגנב על ידי השגת גישה בלתי מורשית לשרת.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- תמיכה ב [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/he/pastebins.md b/i18n/he/pastebins.md
index 0afc92f2..e3e6bcd4 100644
--- a/i18n/he/pastebins.md
+++ b/i18n/he/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. הנתונים מוצפנים/מפוענים בדפדפן באמצעות 256 סיביות AES. זוהי הגרסה המשופרת של ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. הנתונים מוצפנים/מפוענים בדפדפן באמצעות 256 סיביות AES. זוהי הגרסה המשופרת של ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### דרישות מינימליות
- חייב להיות קוד פתוח.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- חייב לתמוך בקבצים המוגנים בסיסמה.
### המקרה הטוב ביותר
diff --git a/i18n/he/self-hosting/email-servers.md b/i18n/he/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/he/self-hosting/email-servers.md
+++ b/i18n/he/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/hi/email.md b/i18n/hi/email.md
index 497cf2c3..d885d6ba 100644
--- a/i18n/hi/email.md
+++ b/i18n/hi/email.md
@@ -22,7 +22,7 @@ Email is practically a necessity for using any online service, however we do not
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/hi/pastebins.md b/i18n/hi/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/hi/pastebins.md
+++ b/i18n/hi/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/hi/self-hosting/email-servers.md b/i18n/hi/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/hi/self-hosting/email-servers.md
+++ b/i18n/hi/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/hu/email.md b/i18n/hu/email.md
index f2c1fa18..5b886591 100644
--- a/i18n/hu/email.md
+++ b/i18n/hu/email.md
@@ -22,7 +22,7 @@ Az email gyakorlatilag elengedhetetlen bármilyen online szolgáltatás használ
Minden más esetre olyan emailszolgáltatókat ajánlunk, amelyek fenntartható üzleti modelleken és beépített biztonsági, adat- és magánéletvédelmi funkciókon alapulnak. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Adatbiztonság
-A Proton Mail [zéró hozzáférésű titkosítással](https://proton.me/blog/zero-access-encryption) védi az e-maileket és [naptárakat](https://proton.me/news/protoncalendar-security-model). A zéró hozzáférésű titkosítással védett adatokhoz csak Ön férhet hozzá.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-A [Proton Contactsban](https://proton.me/support/proton-contacts) tárolt bizonyos információk, például a megjelenített nevek és e-mail címek nem biztosítottak zéró hozzáférésű titkosítással. A zéró hozzáférésű titkosítást támogató kapcsolati mezők, például a telefonszámok, lakat ikonjával vannak jelölve.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } E-mail titkosítás
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## További szolgáltatók
-Ezek a szolgáltatók zéró hozzáférésű titkosítással tárolják az e-maileket, így kiválóan alkalmasak a tárolt e-mailek biztonságban tartására. Nem támogatják azonban a különböző szolgáltatók közötti E2EE-kommunikáció interoperábilis titkosítási szabványait.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Nem támogatják azonban a különböző szolgáltatók közötti E2EE-kommunikáció interoperábilis titkosítási szabványait.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Adatbiztonság
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). Ez azt jelenti, hogy a fiókodban tárolt üzeneteket és egyéb adatokhoz kizárólag te férhetsz hozzá.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } E-mail titkosítás
@@ -278,14 +278,14 @@ Ezeket a funkciókat fontosnak tartjuk a biztonságos és optimális szolgáltat
**Alap Elvárások Minősítéshez:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Az egyéni domain nevek azért fontosak a felhasználók számára, mert lehetővé teszik számukra, hogy megőrizzék a függetlenedési képességüket a szolgáltatástól, ha az rosszra fordulna, vagy ha egy másik vállalat felvásárolná, amely nem helyezi előtérbe az adatvédelmet.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Legjobb esetben:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Ideiglenes postafiók támogatása külső felhasználók számára. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Ezek az e-mailek általában korlátozott élettartamúak, majd automatikusan törlődnek. A címzettnek nem kell semmilyen titkosítást konfigurálnia, mint az OpenPGP esetében.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Alap elvárások minősítéshez:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. A szolgáltató nem rendelkezik a birtokában lévő adatok visszafejtési kulcsaival. Ez megakadályozza, hogy egy rosszhiszemű alkalmazott kiszivárogtassa az adatokat, amelyekhez hozzáfér, vagy egy távoli ellenfél a szerverhez való jogosulatlan hozzáféréssel kiadja az ellopott adatokat.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) támogatás.
- Nincsenek TLS-hibák vagy sebezhetőségek, amikor olyan eszközökkel profilozzák, mint a [Hardenize](https://hardenize.com), a [testssl.sh](https://testssl.sh) vagy a [Qualys SSL Labs](https://ssllabs.com/ssltest); ez magában foglalja a tanúsítványokkal kapcsolatos hibákat és a gyenge DH-paramétereket, például azokat, amelyek a [Logjamhoz](https://en.wikipedia.org/wiki/Logjam_(computer_security)) vezettek.
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/hu/pastebins.md b/i18n/hu/pastebins.md
index 2031ed41..66aa42a5 100644
--- a/i18n/hu/pastebins.md
+++ b/i18n/hu/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Az adatok titkosítása/dekódolása a böngészőben történik 256 bites AES használatával. Ez a ZeroBin továbbfejlesztett változata.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Az adatok titkosítása/dekódolása a böngészőben történik 256 bites AES használatával. Ez a ZeroBin továbbfejlesztett változata.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Alap elvárások
- Nyílt forráskódúnak kell lennie.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Legjobb esetben
diff --git a/i18n/hu/self-hosting/email-servers.md b/i18n/hu/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/hu/self-hosting/email-servers.md
+++ b/i18n/hu/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/id/email.md b/i18n/id/email.md
index 122b7f21..e02201f0 100644
--- a/i18n/id/email.md
+++ b/i18n/id/email.md
@@ -22,7 +22,7 @@ Email bisa dibilang merupakan kebutuhan untuk menggunakan layanan daring apa pun
Untuk yang lainnya, kami merekomendasikan berbagai penyedia surel yang didasarkan pada model bisnis yang berkelanjutan serta fitur keamanan dan privasi bawaan. Baca [daftar lengkap kriteria](#criteria) kami untuk informasi lebih lanjut.
-| Penyedia | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Metode Pembayaran Anonim |
+| Penyedia | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Metode Pembayaran Anonim |
| ----------------------------- | -------------------------------------- | --------------------------------------------------------------- | ----------------------------------------------------- | --------------------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Hanya paket berbayar | :material-check:{ .pg-green } | Cash
Monero melalui pihak ketiga |
| [MailBox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Hanya mail | Uang Tunai |
@@ -119,9 +119,9 @@ Proton Mail mendukung [two-factor authentication](https://proton.me/support/two-
#### :material-check:{ .pg-green } Keamanan Data
-Proton Mail memiliki [zero-access encryption](https://proton.me/blog/zero-access-encryption) untuk email dan [kalender](https://proton.me/news/protoncalendar-security-model) Anda. Data yang diamankan dengan zero-access encryption hanya dapat diakses oleh Anda.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Informasi tertentu yang disimpan di [Proton Contacts](https://proton.me/support/proton-contacts), seperti nama tampilan dan alamat email, tidak diamankan dengan zero-access encryption. Bidang kontak yang mendukung zero-access encryption, seperti nomor telepon, ditunjukkan dengan ikon gembok.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Enkripsi Email
@@ -198,7 +198,7 @@ Mailbox Mail memiliki fitur warisan digital untuk semua paket. Anda dapat memili
## Penyedia Lainnya
-Penyedia ini menyimpan email Anda dengan zero-knowledge encryption, menjadikannya pilihan yang bagus untuk menjaga email yang tersimpan tetap aman. Namun, mereka tidak mendukung standar enkripsi yang dapat dioperasikan untuk komunikasi E2EE antara penyedia yang berbeda.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Namun, mereka tidak mendukung standar enkripsi yang dapat dioperasikan untuk komunikasi E2EE antara penyedia yang berbeda.
@@ -254,7 +254,7 @@ Tuta mendukung [two-factor authentication](https://tuta.com/support#2fa) dengan
#### :material-check:{ .pg-green } Keamanan Data
-Tuta memiliki [zero-access encryption](https://tuta.com/support#what-encrypted) untuk email Anda, [kontak buku alamat](https://tuta.com/support#encrypted-address-book), dan [kalender](https://tuta.com/support#calendar). Ini berarti pesan dan data lain yang tersimpan di akun Anda hanya dapat dibaca oleh Anda.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Enkripsi Email
@@ -278,14 +278,14 @@ Kami menganggap fitur-fitur ini penting untuk memberikan layanan yang aman dan o
**Minimum untuk Memenuhi Syarat:**
-- Harus mengenkripsi data akun email saat tidak aktif dengan zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Harus mampu mengekspor email sebagai [Mbox](https://en.wikipedia.org/wiki/Mbox) atau .EML individual dengan standar [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Izinkan pengguna untuk menggunakan [nama domain](https://en.wikipedia.org/wiki/Domain_name) mereka sendiri. Nama domain khusus penting bagi pengguna karena memungkinkan mereka untuk mempertahankan keagenan meraka dari layanan, jika layanan berubah menjadi buruk atau diakuisisi oleh perusahaan lain yang tidak memprioritaskan privasi.
- Harus beroperasi pada infrastruktur milik sendiri, yaitu tidak dibangun di atas penyedia layanan email pihak ketiga.
**Kasus Terbaik:**
-- Harus mengenkripsi semua data akun (kontak, kalender, dll.) saat tidak digunakan dengan zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Harus menyediakan enkripsi E2EE/PGP webmail yang terintegrasi sebagai kenyamanan.
- Harus mendukung WKD untuk memungkinkan penemuan kunci OpenPGP publik yang lebih baik melalui HTTP. Pengguna GnuPG dapat memperoleh kunci dengan perintah `gpg --locate-key example_user@example.com`.
- Dukungan untuk temporary mailbox untuk pengguna eksternal. Ini berguna ketika Anda ingin mengirim email terenkripsi tanpa mengirimkan salinan yang sebenarnya kepada penerima. Email ini biasanya memiliki masa berlaku terbatas dan kemudian dihapus secara otomatis. Mereka juga tidak mengharuskan penerima untuk mengonfigurasi kriptografi apa pun seperti OpenPGP.
@@ -317,7 +317,7 @@ Server email berurusan dengan banyak data yang sangat sensitif. Kami berharap pe
**Minimum untuk Memenuhi Syarat:**
- Perlindungan webmail dengan 2FA, seperti [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, yang dibangun di atas enkripsi saat tidak digunakan. Penyedia tidak memiliki kunci dekripsi untuk data yang mereka miliki. Hal ini mencegah karyawan nakal membocorkan data yang mereka miliki atau musuh jarak jauh merilis data yang telah mereka curi dengan mendapatkan akses tidak sah ke server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Dukungan [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Tidak ada kesalahan atau kerentanan TLS saat diprofilkan oleh alat-alat seperti [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), atau [Qualys SSL Labs](https://ssllabs.com/ssltest); ini termasuk kesalahan terkait sertifikat dan parameter DH yang lemah, seperti yang menyebabkan [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- Preferensi rangkaian server (opsional pada TLS 1.3) untuk rangkaian sandi yang kuat yang mendukung forward secrecy dan enkripsi yang diautentikasi.
diff --git a/i18n/id/pastebins.md b/i18n/id/pastebins.md
index d0e8b70c..ff71f5cc 100644
--- a/i18n/id/pastebins.md
+++ b/i18n/id/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Persyaratan Minimum
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Kasus Terbaik
diff --git a/i18n/id/self-hosting/email-servers.md b/i18n/id/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/id/self-hosting/email-servers.md
+++ b/i18n/id/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/it/email.md b/i18n/it/email.md
index 2ea133a7..d0190590 100644
--- a/i18n/it/email.md
+++ b/i18n/it/email.md
@@ -22,7 +22,7 @@ L'email è praticamente una necessità per utilizzare qualsiasi servizio online,
Per tutto il resto, consigliamo una varietà di provider di posta elettronica basati su modelli di business sostenibile e funzioni di sicurezza integrate. Leggi il nostro [elenco completo di criteri](#criteria) per ulteriori informazioni.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Crittografia ad accesso zero | Metodi di pagamento anonimi |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Metodi di pagamento anonimi |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | -------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Solo a pgamento | :material-check:{ .pg-green } | Incassa
Monero tramite terze parti |
| [Casella Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Solo mail | Contanti |
@@ -119,9 +119,9 @@ Proton Mail supporta [l'autenticazione a due fattori](https://proton.me/support/
#### :material-check:{ .pg-green } Sicurezza dei dati
-Proton Mail presenta una [crittografia ad accesso zero](https://proton.me/blog/zero-access-encryption) a riposo, per le tue email e i tuoi [calendari](https://proton.me/news/protoncalendar-security-model). I dati protetti con la crittografia ad accesso zero sono accessibili soltanto da te.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certe informazioni memorizzate su [Proton Contact](https://proton.me/support/proton-contacts), come i nomi visualizzati e gli indirizzi email, non sono protette da tale crittografia. I campi di contatto che supportano la crittografia ad accesso zero, come i numeri di telefono, sono indicati con l'icona di un lucchetto.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Crittografia Email
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## Altri fornitori
-Questi fornitori memorizzano le tue email con la crittografia a conoscenza zero, rendendoli ottime opzioni per mantenere protette le tue email memorizzate. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra fornitori diversi.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra fornitori diversi.
@@ -254,7 +254,7 @@ Tuta supporta l'[autenticazione a due fattori](https://tuta.com/support#2fa) tra
#### :material-check:{ .pg-green } Sicurezza dei dati
-Tuta dispone di una [crittografia ad accesso zero a riposo](https://tuta.com/support#what-encrypted) per le email, i [contatti della rubrica](https://tuta.com/support#encrypted-address-book) e i [calendari](https://tuta.com/support#calendar). Ciò significa che messaggi e altri dati memorizzati nel tuo profilo, sono leggibili soltanto da te.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Crittografia Email
@@ -278,14 +278,14 @@ Consideriamo queste funzionalità come importanti per poter fornire un servizio
**Requisiti minimi:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). I nomi di dominio personalizzati sono importanti per gli utenti, poiché consentono loro di mantenere la propria autonomia dal servizio, dovesse diventare negativo o essere acquisito da un'altra azienda che non dà priorità alla privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Caso migliore:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Supporto per una casella temporanea per gli utenti esterni. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Queste email, solitamente, hanno una durata limitata, prima di essere eliminate automaticamente. Inoltre, non richiedono al destinatario di configurare alcuna crittografia, come OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Requisiti minimi:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. Il provider non deve disporre delle chiavi di decrittazione dei dati in loro possesso. Questo previene che dipendenti disonesti possano trapelare i dati sensibili, o che un avversario remoto possa rilasciarli, dopo averli rubati, ottenendo un accesso non autorizzato al server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Supporto [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Nessun errore o vulnerabilità TLS quando si viene profilato da strumenti come [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) o [Qualys SSL Labs](https://ssllabs.com/ssltest); questo include errori relativi ai certificati e parametri DH deboli, come quelli che hanno portato a [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/it/pastebins.md b/i18n/it/pastebins.md
index 7de5f64c..a3fc080d 100644
--- a/i18n/it/pastebins.md
+++ b/i18n/it/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. I dati sono crittografati/decrittografati nel browser utilizzando AES a 256 bit. È la versione migliorata di ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. I dati sono crittografati/decrittografati nel browser utilizzando AES a 256 bit. È la versione migliorata di ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Requisiti minimi
- Deve essere open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Deve supportare i file protetti da password.
### Caso migliore
diff --git a/i18n/it/self-hosting/email-servers.md b/i18n/it/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/it/self-hosting/email-servers.md
+++ b/i18n/it/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/ja/email.md b/i18n/ja/email.md
index 322982d3..c690fe5f 100644
--- a/i18n/ja/email.md
+++ b/i18n/ja/email.md
@@ -22,7 +22,7 @@ global:
それ以外にも、持続可能なビジネスモデル、組み込まれたセキュリティーとプライバシー機能に基づき、様々な電子メールプロバイダーを推奨します。 詳細については、[基準の完全なリスト](#criteria)をお読みください。
-| プロバイダー | OpenPGP / WKD | IMAP / SMTP | ゼロアクセス暗号化 | 匿名での支払方法 |
+| プロバイダー | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | 匿名での支払方法 |
| ----------------------------- | -------------------------------------- | -------------------------------------------------- | ------------------------------------------------ | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 有料プランのみ | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } メールのみ | 現金 |
@@ -119,9 +119,9 @@ Proton MailはFIDO2やU2Fを用いたTOTP[二要素認証](https://proton.me/sup
#### :material-check:{ .pg-green } データのセキュリティ
-Proton Mailはメールと [カレンダー](https://proton.me/news/protoncalendar-security-model) を [ゼロアクセス暗号化](https://proton.me/blog/zero-access-encryption) します。 ゼロアクセス暗号化で保護されたデータにアクセスできるのはあなただけです。
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-ディスプレイネームやメールアドレスなど、 [Proton Contacts](https://proton.me/support/proton-contacts) に保存される一部の情報はゼロアクセス暗号化によって保護されていません。 電話番号など、ゼロアクセス暗号化をサポートするContactフィールドには南京錠のアイコンが表示されます。
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } メールの暗号化
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. 相続人が申請し
## その他のプロバイダ
-これらのプロバイダーは、あなたの電子メールをゼロ知識暗号化で保存するため、電子メールを安全に保つのに最適なオプションです。 ただし、異なるプロバイダー間のE2EE通信では、相互運用可能な暗号化規格がサポートされていません。
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. ただし、異なるプロバイダー間のE2EE通信では、相互運用可能な暗号化規格がサポートされていません。
@@ -254,7 +254,7 @@ TutaはTOTPもしくはU2Fによる[二要素認証](https://tuta.com/support#2f
#### :material-check:{ .pg-green } データのセキュリティ
-TutaはEメールや[アドレス帳の連絡先](https://tuta.com/support#encrypted-address-book)、[カレンダー](https://tuta.com/support#calendar)の[ゼロアクセス暗号化](https://tuta.com/support#what-encrypted)に対応しています。 アカウントに保存されたメッセージやその他データはあなたにしか読むことができません。
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } メールの暗号化
@@ -278,14 +278,14 @@ Tutaは[非営利団体](https://tuta.com/blog/secure-email-for-non-profit)向
**最低条件:**
-- ゼロアクセス暗号化によりEメールアカウントのデータを暗号化していること。
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- [Mbox](https://en.wikipedia.org/wiki/Mbox)もしくは[RFC5322](https://datatracker.ietf.org/doc/rfc5322)に基づいた個別の.EMLファイルとしてエクスポートできること。
- ユーザーの独自[ドメイン名](https://en.wikipedia.org/wiki/Domain_name)が利用できること。 プロバイダーが悪化したり、プライバシーを重視しない他の会社に買収されたりした場合に備えることができるため、カスタムドメイン名はユーザーにとって非常に重要である。
- 自社所有のインフラで運用されていること。第三者のEメールサービスプロバイダーによるサービス提供ではないこと。
**満たされることが望ましい基準:**
-- ゼロアクセス暗号化により、すべてのアカウントのデータ(連絡先、カレンダーなど)が暗号化されていること。
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- 利便性のため、エンドツーエンド暗号化・PGP暗号化されたウェブメールサービスが提供されること。
- HTTP経由でのOpenPGP公開鍵の探索をしやすくするため、WKDへ対応していること。 GnuPGでは次のコマンドで鍵を取得できます: `gpg --locate-key example_user@example.com`。
- 外部ユーザー用の一時的なメールボックスがあること。 暗号化されたメールのコピーを送ることなく、暗号化されたメールを送る際に役立ちます。 通常の場合、一時的なメールボックスのメールには期限があり、自動的に削除されます。 また、受信者はOpenPGPのような暗号化を設定する必要がありません。
@@ -317,7 +317,7 @@ Tutaは[非営利団体](https://tuta.com/blog/secure-email-for-non-profit)向
**最低条件:**
- [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp)などの二要素認証によりウェブメールが保護されていること。
-- 保存データの暗号化に基づく、ゼロアクセス暗号化。 プロバイダーは保有するデータの復号鍵を持たないこと。 不正を働く従業員がアクセスしたデータを流出させたり、遠隔地の敵対者がサーバーに不正アクセスして盗んだデータを公開したりすることを防ぐことができます。
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)のサポート。
- [Hardenize](https://hardenize.com)や[testssl.sh](https://testssl.sh)、[Qualys SSL Labs](https://ssllabs.com/ssltest)などのツールでプロファイリングした際にTLSエラーや脆弱性がないこと。証明書関連のエラーや[Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security))の原因となった弱いDHパラメーターを含みます。
- サーバーの暗号スイート設定が(TLS1.3では任意となっている)前方秘匿性と認証付き暗号に対応する強力な暗号スイートを優先していること。
diff --git a/i18n/ja/pastebins.md b/i18n/ja/pastebins.md
index 48cb3d76..49d01918 100644
--- a/i18n/ja/pastebins.md
+++ b/i18n/ja/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. PrivateBinはZeroBinの改良版です。
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. PrivateBinはZeroBinの改良版です。
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### 最低要件
- オープンソースであること。
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- パスワードで保護されたファイルをサポートすること。
### 満たされることが望ましい基準
diff --git a/i18n/ja/self-hosting/email-servers.md b/i18n/ja/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/ja/self-hosting/email-servers.md
+++ b/i18n/ja/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/ko/email.md b/i18n/ko/email.md
index 91b4b187..8d9cad0c 100644
--- a/i18n/ko/email.md
+++ b/i18n/ko/email.md
@@ -22,7 +22,7 @@ global:
그 외 용도로 이메일을 사용한다면, 지속 가능한 비즈니스 모델을 갖추고 보안 및 프라이버시 기능을 기본 제공하는 이메일 제공 업체를 권장합니다. 자세한 사항은 [전체 평가 기준](#criteria)을 참고해 주세요.
-| 서비스 제공자 | OpenPGP/WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| 서비스 제공자 | OpenPGP/WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | -------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 유료 요금제만 | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | 현금 |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } 데이터 보안
-Proton Mail은 이메일 및 [캘린더](https://proton.me/news/protoncalendar-security-model)에 [Zero Access Encryption](https://proton.me/blog/zero-access-encryption)을 적용하고 있습니다. Zero Access Encryption으로 보호된 데이터는 여러분 본인만 접근 가능합니다.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-[Proton Contacts](https://proton.me/support/proton-contacts) 연락처에 저장된 특정 정보(표시된 이름, 이메일 주소 등)는 Zero Access Encryption으로 보호되지 않습니다. 전화번호 등, Zero Access Encrpytion이 적용된 연락처 필드는 자물쇠 아이콘으로 표시됩니다.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } 이메일 암호화
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## 그외 제공자
-이 제공자들은 영지식 암호화를 사용하기에 메일을 안전하게 보관하는 용도로 좋습니다. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } 데이터 보안
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). 즉, 계정에 저장된 메시지 및 기타 데이터는 사용자 본인만 읽을 수 있습니다.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } 이메일 암호화
@@ -278,14 +278,14 @@ Tuta offers the business version of [Tuta to non-profit organizations](https://t
**최소 요구 사항:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). 사용자 지정 도메인 이름은 서비스가 부실해지거나 프라이버시 보호를 우선시하지 않는 다른 회사에 인수되는 경우에도 에이전시를 유지할 수 있도록 해주기 때문에 사용자에게 중요합니다.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**우대 사항:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- 외부 사용자를 위해 임시 메일함을 지원해야 합니다. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. 이러한 이메일은 보통 수명이 제한돼 있으며 이후 자동으로 삭제됩니다. 수신자가 OpenPGP 등의 암호화를 설정할 필요가 없습니다.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**최소 요구 사항:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)를 지원해야 합니다.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/ko/pastebins.md b/i18n/ko/pastebins.md
index a8cd7477..b4cd52b3 100644
--- a/i18n/ko/pastebins.md
+++ b/i18n/ko/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. 데이터는 브라우저에서 AES-256으로 암호화/복호화됩니다. ZeroBin을 개선한 버전의 서비스이기도 합니다.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. 데이터는 브라우저에서 AES-256으로 암호화/복호화됩니다. ZeroBin을 개선한 버전의 서비스이기도 합니다.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### 최소 요구 사항
- 오픈 소스여야 합니다.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- 파일을 비밀번호로 보호하는 기능을 지원해야 합니다
### 우대 사항
diff --git a/i18n/ko/self-hosting/email-servers.md b/i18n/ko/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/ko/self-hosting/email-servers.md
+++ b/i18n/ko/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/ku-IQ/email.md b/i18n/ku-IQ/email.md
index 4d297947..18a05817 100644
--- a/i18n/ku-IQ/email.md
+++ b/i18n/ku-IQ/email.md
@@ -22,7 +22,7 @@ global:
بۆ هەموو شتێکی تر، ئێمە دابینکەری پۆستەی ئەلکتڕۆنی جۆراوجۆر پێشنیاردەکەین لەسەر بنەمای شێوازی بازرگانی پشتپێبەستراو و تایبەتمەندیەکانی پاراستن و تایبەتێێی. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green }پارێزراوێتی زانیاری
-Proton Mail تەکنەلۆژیای [شفرکردن و تێپەڕبوونی-ئەستەمی](https://proton.me/blog/zero-access-encryption) بەکاردێنێت بۆ پۆستە ئەلکتڕۆنیەکان و [ڕۆژ ژمێرەکانت](https://proton.me/news/protoncalendar-security-model). زانیارەکانی، کە بە تەکنەلۆژیای شفرەکردن و تێپەربوونی-ئەستەمی پارێزگاریان لێکراوە تەنهیا تۆو دەستت پێیان دەگات.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-هەندێک زانیاری کە هەڵگیراون لەناو [ Proton Contacts](https://proton.me/support/proton-contacts)، وەک ناوە پیشاندراوەکان و ناونیشانی پۆستە ئەلکتڕۆنیەکان، ئەوائەوانە پارێزگاریان لێ نەکراوە بە تەکنەلۆژیای شفرکردن و تێپەڕبوونی-ئەستەمی. ئەو خانانەی Contacts کە پشتگیری لە شفرکردن و تێپەڕبوونی-ئەستەمی دەکەن، بەشێوەی وێنەیەکی بچووکراوەی قفڵ نیشان دەدرێن.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } شفرکردنی پۆستەی ئەلکتڕۆنی
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green }پارێزراوێتی زانیاری
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/ku-IQ/pastebins.md b/i18n/ku-IQ/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/ku-IQ/pastebins.md
+++ b/i18n/ku-IQ/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/ku-IQ/self-hosting/email-servers.md b/i18n/ku-IQ/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/ku-IQ/self-hosting/email-servers.md
+++ b/i18n/ku-IQ/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/nl/email.md b/i18n/nl/email.md
index fde5d88f..8de8b039 100644
--- a/i18n/nl/email.md
+++ b/i18n/nl/email.md
@@ -22,7 +22,7 @@ E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij r
Voor al het andere raden wij verschillende e-mailproviders aan op basis van duurzame bedrijfsmodellen en ingebouwde beveiligings- en privacyfuncties. Lees onze [volledige lijst met criteria](#criteria) voor meer informatie.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-access encryptie | Anonieme betaalmethoden |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonieme betaalmethoden |
| ----------------------------- | -------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------ | ---------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Alleen betaalde abonnementen | :material-check:{ .pg-green } | Contant
Monero via derde partij |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } alleen mail | Contant |
@@ -119,9 +119,9 @@ Proton Mail ondersteunt TOTP [tweestapsverificatie](https://proton.me/support/tw
#### :material-check:{ .pg-green } Gegevensbeveiliging
-Proton Mail heeft [zero-access encryptie](https://proton.me/blog/zero-access-encryption) in rust voor jouw e-mails en [agenda's](https://proton.me/news/protoncalendar-security-model). Gegevens die zijn beveiligd met zero-access encryptie zijn alleen voor jou toegankelijk.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Bepaalde informatie opgeslagen in [Proton Contacts](https://proton.me/support/proton-contacts), zoals namen en e-mailadressen, zijn niet beveiligd met zero-access encryptie. Contact velden die zero-access encryptie ondersteunen, zoals telefoonnummers, worden aangegeven met een hangslot pictogram.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } E-mail encryptie
@@ -198,7 +198,7 @@ Mailbox Mail heeft een digitale nalatenschap functie voor alle abonnementen. Je
## Meer providers
-Deze providers slaan je e-mails op met zero-knowledge encryptie, waardoor ze geweldige opties zijn om je opgeslagen e-mails veilig te houden. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders.
@@ -254,7 +254,7 @@ Tuta ondersteunt [tweestapsverificatie](https://tuta.com/support#2fa) met TOTP o
#### :material-check:{ .pg-green } Gegevensbeveiliging
-Tuta heeft [zero-access encryptie in rust](https://tuta.com/support#what-encrypted) voor je e-mails, [adresboekcontacten](https://tuta.com/support#encrypted-address-book) en [agenda's](https://tuta.com/support#calendar). Dit betekent dat de berichten en andere gegevens die in jouw account zijn opgeslagen, alleen door je kunnen worden gelezen.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryptie
@@ -278,14 +278,14 @@ Wij beschouwen deze kenmerken als belangrijk om een veilige en optimale dienst t
**Minimum om in aanmerking te komen:**
-- Versleutelt e-mail accountgegevens in rust met zero-access encryptie.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Moet e-mails kunnen exporteren als [Mbox](https://en.wikipedia.org/wiki/Mbox) of individuele .EML met [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standaard.
- Laat gebruikers hun eigen [domeinnaam](https://en.wikipedia.org/wiki/Domain_name) gebruiken. Aangepaste domeinnamen zijn belangrijk voor gebruikers omdat ze zo hun agentschap van de dienst kunnen behouden, mocht het slecht aflopen of overgenomen worden door een ander bedrijf dat geen prioriteit geeft aan privacy.
- Moet werken op een eigen infrastructuur, d.w.z. niet gebaseerd op e-mailserviceproviders van derden.
**Beste geval:**
-- Versleutelt alle accountgegevens (contacten, agenda's, etc.) in rust met zero-access encryptie.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Moet geïntegreerde webmail E2EE/PGP-encryptie bieden.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Ondersteuning voor een tijdelijke mailbox voor externe gebruikers. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Deze e-mails hebben meestal een beperkte levensduur en worden daarna automatisch verwijderd. Zij vereisen ook niet dat de ontvanger cryptografie configureert zoals OpenPGP.
@@ -317,7 +317,7 @@ E-mailservers verwerken veel zeer gevoelige gegevens. We verwachten dat provider
**Minimum om in aanmerking te komen:**
- Bescherming van webmail met 2FA, zoals [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero access encryptie, bouwt voort op encryptie in rust. De provider heeft geen decryptiesleutels voor de gegevens die ze hebben. Dit voorkomt dat een malafide werknemer gegevens lekt waartoe hij toegang heeft, of dat een tegenstander op afstand gegevens vrijgeeft die hij heeft gestolen door ongeoorloofde toegang tot de server te verkrijgen.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) ondersteuning.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/nl/pastebins.md b/i18n/nl/pastebins.md
index bb77c791..37ac790b 100644
--- a/i18n/nl/pastebins.md
+++ b/i18n/nl/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Gegevens worden in de browser versleuteld/ontsleuteld met 256-bit AES. Het is de verbeterde versie van ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Gegevens worden in de browser versleuteld/ontsleuteld met 256-bit AES. Het is de verbeterde versie van ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimale vereisten
- Moet open source zijn.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Moet wachtwoordbeveiligde bestanden ondersteunen.
### Beste geval
diff --git a/i18n/nl/self-hosting/email-servers.md b/i18n/nl/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/nl/self-hosting/email-servers.md
+++ b/i18n/nl/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/pl/email.md b/i18n/pl/email.md
index 6975cf42..b53a432a 100644
--- a/i18n/pl/email.md
+++ b/i18n/pl/email.md
@@ -22,7 +22,7 @@ Korzystanie z poczty e-mail jest praktycznie niezbędne do używania większośc
Do pozostałych zastosowań zalecamy różnorodne usługi e-mail, oparte na zrównoważonych modelach biznesowych i wyposażone we wbudowane funkcje bezpieczeństwa oraz prywatności. Pełną [listę kryteriów](#criteria) znajdziesz w dalszej części strony.
-| Dostawca | OpenPGP / WKD | IMAP / SMTP | Szyfrowanie z zerowym dostępem | Anonimowe metody płatności |
+| Dostawca | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonimowe metody płatności |
| ----------------------------- | -------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko w płatnych planach | :material-check:{ .pg-green } | Gotówka
Monero przez pośrednika |
| [mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko poczta | Gotówka |
@@ -119,9 +119,9 @@ Proton Mail obsługuje [uwierzytelnianie dwuskładnikowe](https://proton.me/pl/s
#### :material-check:{ .pg-green } Bezpieczeństwo danych
-Proton Mail stosuje [szyfrowanie z zerowym dostępem](https://proton.me/blog/zero-access-encryption) (zero-access encryption) dla Twoich wiadomości e-mail oraz [kalendarzy](https://proton.me/news/protoncalendar-security-model). Dane zabezpieczone tym mechanizmem są dostępne wyłącznie dla Ciebie.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Niektóre informacje przechowywane w [Proton Contacts](https://proton.me/pl/support/proton-contacts), takie jak wyświetlane nazwy czy adresy e-mail, nie są objęte szyfrowaniem z zerowym dostępem. Pola kontaktów, które wspierają ten rodzaj szyfrowania (np. numery telefonów), są oznaczone ikoną kłódki.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Szyfrowanie wiadomości e-mail
@@ -198,7 +198,7 @@ Mailbox Mail oferuje funkcję cyfrowego spadku we wszystkich planach. Możesz zd
## Inni dostawcy
-Ci dostawcy przechowują Twoje wiadomości e-mail z wykorzystaniem szyfrowania z wiedzą zerową, co czyni ich doskonałym wyborem do bezpiecznego przechowywania poczty. Nie obsługują jednak interoperacyjnych standardów szyfrowania dla komunikacji E2EE między różnymi usługami.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Nie obsługują jednak interoperacyjnych standardów szyfrowania dla komunikacji E2EE między różnymi usługami.
@@ -254,7 +254,7 @@ Tuta obsługuje [uwierzytelnianie dwuskładnikowe](https://tuta.com/pl/support#2
#### :material-check:{ .pg-green } Bezpieczeństwo danych
-Tuta stosuje [szyfrowanie z zerowym dostępem](https://tuta.com/pl/support#what-encrypted) (zero-access encryption) dla Twoich wiadomości e-mail, [kontaktów w książce adresowej](https://tuta.com/pl/support#encrypted-address-book) oraz [kalendarza](https://tuta.com/pl/support#calendar). Oznacza to, że wiadomości i inne dane przechowywane na Twoim koncie mogą być odczytane wyłącznie przez Ciebie.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Szyfrowanie wiadomości e-mail
@@ -278,14 +278,14 @@ Poniższe funkcje uznajemy za istotne dla zapewnienia bezpiecznej i wydajnej us
**Minimalne wymagania:**
-- Musi szyfrować dane kont e-mail w spoczynku przy użyciu szyfrowania z zerowym dostępem (zero-access encryption).
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Musi umożliwiać eksport wiadomości e-mail w formacie [mbox](https://pl.wikipedia.org/wiki/Mbox) lub jako pojedyncze pliki .EML zgodne ze standardem [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Musi pozwalać użytkownikom na korzystanie z własnej [nazwy domeny](https://pl.wikipedia.org/wiki/Domena_internetowa). Własne domeny są istotne, ponieważ pozwalają użytkownikowi zachować niezależność od dostawcy, jeśli ten np. zmieni właściciela lub przestanie dbać o prywatność.
- Musi działać na własnej infrastrukturze, tj. nie może być zbudowany w oparciu o zewnętrzne platformy e-mailowe.
**Najlepszy scenariusz:**
-- Powinien szyfrować wszystkie dane konta (kontakty, kalendarze itp.) w spoczynku przy użyciu szyfrowania z zerowym dostępem.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Powinien oferować zintegrowane szyfrowanie E2EE/PGP w webmailu dla wygody użytkownika.
- Powinien obsługiwać WKD, aby umożliwić łatwiejsze wyszukiwanie publicznych kluczy OpenPGP poprzez HTTP. Użytkownicy GnuPG mogą pobrać klucz poleceniem: `gpg --locate-key uzytkownik@example.com`.
- Powinien wspierać funkcję tymczasowej skrzynki pocztowej dla użytkowników zewnętrznych. — przydatną do wysyłania zaszyfrowanych wiadomości bez przekazywania ich kopii odbiorcy. Takie wiadomości mają zwykle ograniczoną żywotność i są automatycznie usuwane; odbiorca nie musi konfigurować żadnych narzędzi kryptograficznych jak OpenPGP.
@@ -317,7 +317,7 @@ Serwery pocztowe przetwarzają ogromne ilości wrażliwych danych. Oczekujemy,
**Minimalne wymagania:**
- Ochrona dostępu do webmaila z użyciem 2FA, np. [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Szyfrowanie z zerowym dostępem, będące rozszerzeniem szyfrowania danych w spoczynku — dostawca nie posiada kluczy deszyfrujących dane, co uniemożliwia wyciek informacji przez nieuczciwego pracownika lub zewnętrznego atakującego po uzyskaniu nieautoryzowanego dostępu do serwera.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Obsługa [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Brak błędów lub luk TLS podczas testów za pomocą narzędzi takich jak [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) czy [Qualys SSL Labs](https://ssllabs.com/ssltest); dotyczy to błędów certyfikatów i słabych parametrów DH, takich jak te, które doprowadziły do podatności [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- Preferencja serwera dla silnych zestawów szyfrów obsługujących utajnianie z wyprzedzeniem oraz uwierzytelnione szyfrowanie (dla TLS 1.3 opcjonalna).
diff --git a/i18n/pl/pastebins.md b/i18n/pl/pastebins.md
index b9424a07..d526ccf0 100644
--- a/i18n/pl/pastebins.md
+++ b/i18n/pl/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimalne wymagania
- Musi być open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Najlepszy scenariusz
diff --git a/i18n/pl/self-hosting/email-servers.md b/i18n/pl/self-hosting/email-servers.md
index a8fe1a2b..9e45d4d9 100644
--- a/i18n/pl/self-hosting/email-servers.md
+++ b/i18n/pl/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/pt-BR/email.md b/i18n/pt-BR/email.md
index 77f547d1..6f6c5fab 100644
--- a/i18n/pt-BR/email.md
+++ b/i18n/pt-BR/email.md
@@ -22,7 +22,7 @@ O "email" é praticamente uma necessidade para usar qualquer serviço “online
Para qualquer outra coisa, recomendamos uma variedade de provedores de email baseados em modelos de negócio sustentáveis e recursos de segurança e privacidade incorporados. Leia nossa [lista completa de requisitos](#criteria) para mais informações.
-| Provedor | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Métodos de Pagamento Anônimos |
+| Provedor | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Métodos de Pagamento Anônimos |
| ----------------------------- | -------------------------------------- | -------------------------------------------------------------- | ------------------------------------------------------ | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Planos pagos apenas | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail apenas | Dinheiro |
@@ -119,9 +119,9 @@ O Proton Mail suporta [autenticação de dois fatores](https://proton.me/support
#### :material-check:{ .pg-green } Segurança dos Dados
-Proton Mail tem [criptografia de acesso zero](https://proton.me/blog/zero-access-encryption) em repouso para seus e-mails e [calendários](https://proton.me/news/protoncalendar-security-model). Os dados protegidos com criptografia de acesso zero só são acessíveis por você.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certas informações armazenadas no [Proton Contacts](https://proton.me/support/proton-contacts), como nomes de exibição e endereços de e-mail, não são protegidas com criptografia de acesso zero. Campos de contatos que suportam criptografia de acesso zero, tais como números de telefone, são indicados com um ícone de cadeado.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Criptografia do Email
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## Mais Provedores
-Estes provedores armazenam os seus e-mails com criptografia de conhecimento zero, o que os torna excelentes opções para manter seguros os seus e-mails armazenados. No entanto, eles não suportam padrões de criptografia interoperáveis para comunicações ponta-a-ponta (E2EE) entre provedores.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. No entanto, eles não suportam padrões de criptografia interoperáveis para comunicações ponta-a-ponta (E2EE) entre provedores.
@@ -254,7 +254,7 @@ Também há suporte à [autenticação de dois fatores](https://tuta.com/suppor
#### :material-check:{ .pg-green } Segurança dos Dados
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). Isso significa que as mensagens e outros dados armazenados em sua conta só são legíveis por você.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Criptografia do Email
@@ -278,14 +278,14 @@ Consideramos esses recursos importantes para fornecer um serviço seguro e otimi
**Mínimo Para Qualificação:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Nomes de domínio personalizados são importantes para os usuários, porque lhes permite manter sua agência a partir do serviço. Deve piorar ou ser adquirido por outra empresa que não priorize a privacidade.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Melhor Caso:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Suporte para uma caixa de correio temporária para usuários externos. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Estes e-mails geralmente têm um tempo de vida limitado e depois são automaticamente excluídos. Eles também não exigem que o destinatário configure nenhuma criptografia, como o OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Mínimo Para Qualificação:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. O provedor não tem as chaves de descriptografia dos dados que possui. Isso evita que um funcionário desonesto vaze os dados aos quais tem acesso ou que um adversário remoto libere os dados que roubou ao obter acesso não autorizado ao servidor.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Suporte a [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Nenhum erro ou vulnerabilidade de TLS ao ser analisado por ferramentas como [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) ou [Qualys SSL Labs](https://ssllabs.com/ssltest); isso inclui erros relacionados a certificados e parâmetros DH fracos, como os que levaram ao [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/pt-BR/pastebins.md b/i18n/pt-BR/pastebins.md
index dea634c5..bc61aee0 100644
--- a/i18n/pt-BR/pastebins.md
+++ b/i18n/pt-BR/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Deve ser de código aberto.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Melhor Caso
diff --git a/i18n/pt-BR/self-hosting/email-servers.md b/i18n/pt-BR/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/pt-BR/self-hosting/email-servers.md
+++ b/i18n/pt-BR/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/pt/email.md b/i18n/pt/email.md
index cc073ff9..01680786 100644
--- a/i18n/pt/email.md
+++ b/i18n/pt/email.md
@@ -22,7 +22,7 @@ O correio eletrónico é praticamente uma necessidade para subscrever qualquer s
Para tudo o resto, recomendamos uma variedade de fornecedores de e-mail baseados em modelos de negócio sustentáveis e que incorporem funcionalidades de segurança e de privacidade. Para mais informações, consulte a lista completa de critérios [](#criteria).
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Dinheiro |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Segurança dos dados
-O Proton Mail tem [encriptação de acesso zero](https://proton.me/blog/zero-access-encryption) no estado de repouso para os seus e-mails e [calendários](https://proton.me/news/protoncalendar-security-model). Só você pode aceder aos dados protegidos com encriptação de acesso zero.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certas informações armazenadas em [Proton Contactos](https://proton.me/support/proton-contacts), tais como nomes de apresentação e endereços de e-mail, não estão protegidas por encriptação de acesso zero. Os campos dos contactos que suportam encriptação de acesso zero, como os números de telefone, são indicados com um ícone de cadeado.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Encriptação de e-mail
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## Mais Fornecedores
-Estes fornecedores armazenam as suas mensagens eletrónicas com encriptação de acesso zero, o que os torna excelentes opções para manter a segurança do seu armazenamento. No entanto, não suportam normas de encriptação interoperáveis para comunicações E2EE entre fornecedores.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. No entanto, não suportam normas de encriptação interoperáveis para comunicações E2EE entre fornecedores.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Segurança dos Dados
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). Isto significa que as mensagens e outros dados armazenados na sua conta só podem ser lidos por si.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Encriptação de Correio Eletrónico
@@ -278,14 +278,14 @@ Consideramos que estas características são importantes para podermos prestar u
**Mínimos de qualificação:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Os nomes de domínio personalizados são importantes para os utilizadores, porque lhes permitem manter a sua agência do serviço, caso este se torne mau ou seja adquirido por outra empresa que não dê prioridade à privacidade.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Melhor caso:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Suporte para uma caixa de correio temporária para utilizadores externos. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Estas mensagens de e-mail têm normalmente um tempo de vida limitado e depois são automaticamente eliminadas. Também não requerem que o destinatário configure qualquer criptografia como o OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Mínimos de qualificação:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. Vedar o acesso do fornecedor às chaves de desencriptação dos dados. Isto impede que um funcionário desonesto divulgue os dados a que tem acesso ou que um adversário remoto divulgue os dados que roubou ao obter acesso não autorizado ao servidor.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [Suporte DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/pt/pastebins.md b/i18n/pt/pastebins.md
index d2892d08..b1dec8f8 100644
--- a/i18n/pt/pastebins.md
+++ b/i18n/pt/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Os dados são encriptados/desencriptados no browser utilizando AES de 256 bits. É a versão melhorada do ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Os dados são encriptados/desencriptados no browser utilizando AES de 256 bits. É a versão melhorada do ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Requisitos mínimos
- Deve ser de fonte aberta.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Devem suportar ficheiros protegidos por palavra-passe.
### Melhor caso
diff --git a/i18n/pt/self-hosting/email-servers.md b/i18n/pt/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/pt/self-hosting/email-servers.md
+++ b/i18n/pt/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/ru/email.md b/i18n/ru/email.md
index 7dfd9f7d..dfe16a7c 100644
--- a/i18n/ru/email.md
+++ b/i18n/ru/email.md
@@ -22,7 +22,7 @@ global:
Для всего остального мы рекомендуем различных провайдеров электронной почты, которые базируются на устойчивых бизнес-моделях и встроенных функциях безопасности и конфиденциальности. Для получения дополнительной информации, ознакомьтесь с [полным списком критериев](#criteria).
-| Провайдер | OpenPGP / WKD | IMAP / SMTP | Шифрование с нулевым доступом | Анонимные способы оплаты |
+| Провайдер | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Анонимные способы оплаты |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Только платные планы | :material-check:{ .pg-green } | Наличные,
Монеро через сторонние сервисы |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Только почта | Наличные |
@@ -119,9 +119,9 @@ Proton Mail поддерживает [двухфакторную аутенти
#### :material-check:{ .pg-green } Безопасность данных
-Proton Mail использует [шифрование с нулевым доступом](https://proton.me/blog/zero-access-encryption) в состоянии покоя для твоих писем и [календарей](https://proton.me/news/protoncalendar-security-model). Данные, защищенные с помощью шифрования с нулевым доступом, доступны только тебе.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Определенная информация, хранящаяся в [Proton Contacts](https://proton.me/support/proton-contacts), такая, как имена пользователей и адреса электронной почты, не защищена шифрованием с нулевым доступом. Поля контактов, поддерживающие шифрование с нулевым доступом, например номера телефонов, обозначаются значком замка.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Шифрование электронной почты
@@ -198,7 +198,7 @@ Mailbox Mail имеет функцию цифрового наследия дл
## Дополнительные провайдеры
-Эти провайдеры хранят твою электронную почту с помощью шифрования с нулевым знанием, что делает их отличными вариантами для безопасного хранения твоей электронной почты. Однако они не поддерживают совместимые между различными провайдерами стандарты шифрования для E2EE коммуникаций.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Однако они не поддерживают совместимые между различными провайдерами стандарты шифрования для E2EE коммуникаций.
@@ -253,7 +253,7 @@ Tuta поддерживает [двухфакторную аутентифика
#### :material-check:{ .pg-green } Безопасность данных
-Tuta имеет [шифрование с нулевым доступом](https://tuta.com/support#what-encrypted) для твоих электронных писем, [контактов адресной книги](https://tuta.com/support#encrypted-address-book) и [календарей](https://tuta.com/support#calendar). Это означает, что сообщения и другие данные, хранящиеся на твоём аккаунте, доступны для чтения только тебе.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Шифрование электронной почты
@@ -277,14 +277,14 @@ Tuta предлагает бизнес-версию [Tuta для некомме
**Минимальные требования:**
-- Должен шифровать данные учетных записей электронной почты в состоянии покоя с помощью шифрования с нулевым доступом.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Должен быть способен экспортировать электронные письма в формате [Mbox](https://en.wikipedia.org/wiki/Mbox) или отдельных файлов .EML со стандартом [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Должен позволять пользователям использовать собственное [доменное имя](https://en.wikipedia.org/wiki/Domain_name). Пользовательские доменные имена важны для пользователей, поскольку позволяют им сохранить свое агентство от сервиса, если он окажется плохим или будет приобретен другой компанией, которая не уделяет приоритетного внимания конфиденциальности.
- Должен работать на собственной инфраструктуре, т.е. не основываться на сторонних провайдерах электронной почты.
**В лучшем случае:**
-- Должен шифровать все данные аккаунта (контакты, календари и т.д.) в состоянии покоя с помощью шифрования с нулевым доступом.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Должен предоставлять встроенное сквозное E2EE/PGP шифрование в веб-интерфейсе для удобства пользователей.
- Должен поддерживать WKD для улучшенного обнаружения публичных OpenPGP-ключей через HTTP. GnuPG-пользователи могут получить ключ с помощью этой команды: `gpg --locate-key example_user@example.com`.
- Поддержка временного почтового ящика для внешних пользователей. Это полезно, когда ты хочешь отправить зашифрованное письмо без отправки реальной копии твоему получателю. Такие письма обычно имеют ограниченный срок действия, а затем автоматически удаляются. Они также не требуют от получателя настройки какой-либо криптографии, как OpenPGP.
@@ -316,7 +316,7 @@ Tuta предлагает бизнес-версию [Tuta для некомме
**Минимальные требования:**
- Защита веб-почты с помощью двухфакторной аутентификации, такой как [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Шифрование с нулевым доступом, которое основывается на шифровании данных в состоянии покоя. Провайдер не имеет ключей расшифровки для хранящихся у него данных. Это предотвращает утечку данных, к которым имеет доступ недобросовестный сотрудник. Или утечку данных, которые злоумышленник украл, получив несанкционированный доступ к серверу.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Поддержка [DNSSEC](https://ru.wikipedia.org/wiki/DNSSEC).
- Отсутствие ошибок TLS или уязвимостей при профилировании такими инструментами, как [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) или [Qualys SSL Labs](https://ssllabs.com/ssltest); это включает ошибки, связанные с сертификатами, и слабые параметры DH, такие как те, которые привели к [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security))).
- Предпочтительный набор серверных шифров (опционально для TLS 1.3) с поддержкой сильных шифронаборов, которые обеспечивают прямую секретность и аутентифицированное шифрование.
diff --git a/i18n/ru/pastebins.md b/i18n/ru/pastebins.md
index d65a411d..4072ad84 100644
--- a/i18n/ru/pastebins.md
+++ b/i18n/ru/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Данные шифруются/дешифруются в браузере с помощью 256-битного AES. Это улучшенная версия ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Данные шифруются/дешифруются в браузере с помощью 256-битного AES. Это улучшенная версия ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Минимальные требования к сервисам
- Исходный код проекта должен быть открыт.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Должен поддерживать файлы, защищенные паролем.
### В лучшем случае
diff --git a/i18n/ru/self-hosting/email-servers.md b/i18n/ru/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/ru/self-hosting/email-servers.md
+++ b/i18n/ru/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/sv/email.md b/i18n/sv/email.md
index 4bf46baf..d760fe0d 100644
--- a/i18n/sv/email.md
+++ b/i18n/sv/email.md
@@ -22,7 +22,7 @@ E-post är i praktiken en nödvändighet för att använda internettjänster, me
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Läs vår [fullständiga lista över kriterier](#criteria) för mer information.
-| Leverantör | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Leverantör | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ----------------------------------------------------------------------------- | -------------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Endast för betalda prenumerationer | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Endast e-post | Kontant |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/sv/pastebins.md b/i18n/sv/pastebins.md
index cb765ecc..920a8116 100644
--- a/i18n/sv/pastebins.md
+++ b/i18n/sv/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimikrav
- Måste vara öppen källkod.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Bästa fall
diff --git a/i18n/sv/self-hosting/email-servers.md b/i18n/sv/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/sv/self-hosting/email-servers.md
+++ b/i18n/sv/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/tr/email.md b/i18n/tr/email.md
index 56cbba3e..622cad42 100644
--- a/i18n/tr/email.md
+++ b/i18n/tr/email.md
@@ -22,7 +22,7 @@ E-posta, herhangi bir çevrimiçi hizmeti kullanmak için pratikte bir gereklili
Diğer her şey için, sürdürülebilir iş modellerine ve yerleşik güvenlik ve gizlilik özelliklerine dayalı çeşitli e-posta sağlayıcıları öneriyoruz. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Veri Güvenliği
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Sıfır erişimli şifreleme ile güvence altına alınan verilere yalnızca siz erişebilirsiniz.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } E-posta Şifreleme
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Veri Güvenliği
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/tr/pastebins.md b/i18n/tr/pastebins.md
index 6e81bad1..bacac936 100644
--- a/i18n/tr/pastebins.md
+++ b/i18n/tr/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Gereksinimler
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Parola korumalı dosyaları desteklemelidir.
### En İyi Durum
diff --git a/i18n/tr/self-hosting/email-servers.md b/i18n/tr/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/tr/self-hosting/email-servers.md
+++ b/i18n/tr/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/uk/email.md b/i18n/uk/email.md
index 9a97be37..9d5562d3 100644
--- a/i18n/uk/email.md
+++ b/i18n/uk/email.md
@@ -22,7 +22,7 @@ global:
Для всього іншого ми рекомендуємо різноманітні поштові сервіси, що базуються на стійких бізнес-моделях і мають вбудовані функції безпеки та конфіденційності. Ознайомтеся з нашим [повним списком критеріїв](#criteria) для отримання додаткової інформації.
-| Сервіс | OpenPGP / WKD | IMAP / SMTP | Шифрування з нульовим доступом | Анонімні способи оплати |
+| Сервіс | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Анонімні способи оплати |
| ----------------------------- | -------------------------------------- | --------------------------------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Тільки в платних тарифних планах | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Тільки пошта | Готівка |
@@ -119,9 +119,9 @@ Proton Mail підтримує [двофакторну автентифікац
#### :material-check:{ .pg-green } Безпека даних
-Proton Mail має [шифрування з нульовим доступом](https://proton.me/blog/zero-access-encryption) для ваших електронних листів та [календарів](https://proton.me/news/protoncalendar-security-model). Дані, захищені шифруванням з нульовим доступом, доступні лише вам.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Певна інформація, що зберігається в [Proton Contacts](https://proton.me/support/proton-contacts), наприклад, імена користувачів та адреси електронної пошти, не захищена шифруванням з нульовим доступом. Поля контактів, які підтримують шифрування з нульовим доступом, наприклад, номери телефонів, позначені значком замка.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Шифрування електронної пошти
@@ -198,7 +198,7 @@ Mailbox Mail має функцію цифрової спадщини для вс
## Інші сервіси
-Ці сервіси зберігають ваші електронні листи за допомогою шифрування з нульовим рівнем доступу, що робить їх чудовими варіантами для захисту ваших збережених електронних листів. Однак вони не підтримують сумісні стандарти шифрування для комунікацій E2EE між різними сервісами.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. Однак вони не підтримують сумісні стандарти шифрування для комунікацій E2EE між різними сервісами.
@@ -254,7 +254,7 @@ Tuta підтримує [двофакторну автентифікацію](ht
#### :material-check:{ .pg-green } Безпека даних
-Tuta має [шифрування з нульовим доступом](https://tuta.com/support#what-encrypted) для ваших електронних листів, [контактів адресної книги](https://tuta.com/support#encrypted-address-book) та [календарів](https://tuta.com/support#calendar). Це означає, що повідомлення та інші дані, які зберігаються у вашому акаунті, можете читати тільки ви.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Шифрування електронної пошти
@@ -278,14 +278,14 @@ Tuta пропонує бізнес-версію [неприбутковим ор
**Мінімальний функціонал:**
-- Має шифрувати дані поштового акаунта за допомогою шифрування з нульовим доступом.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Повинен мати можливість експортувати листи у форматі [Mbox](https://en.wikipedia.org/wiki/Mbox) або окремі файли .EML за стандартом [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
- Дозволяти користувачам використовувати власне [доменне ім'я](https://en.wikipedia.org/wiki/Domain_name). Користувацькі доменні імена важливі для користувачів, оскільки вони дозволяють їм зберегти свою суб'єктність від сервісу, якщо він стане поганим або буде придбаний іншою компанією, для якої конфіденційність не є пріоритетом.
- Має працювати на власній інфраструктурі, тобто не на базі сторонніх постачальників послуг електронної пошти.
**Найкращі практики:**
-- Шифрувати всі дані акаунта (контакти, календарі тощо) за допомогою шифрування з нульовим доступом.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Забезпечувати інтегроване шифрування вебпошти E2EE/PGP для зручності.
- Має підтримувати WKD для покращення знаходження відкритих ключів OpenPGP через HTTP. Користувачі GnuPG можуть отримати ключ за допомогою цієї команди: `gpg --locate-key example_user@example.com`.
- Підтримувати тимчасову поштову скриньку для зовнішніх користувачів. Це корисно, коли ви хочете надіслати зашифрований електронний лист, не надсилаючи його копію одержувачу. Ці листи зазвичай мають обмежений термін зберігання, після чого автоматично видаляються. Вони також не вимагають від одержувача налаштування криптографії, як OpenPGP.
@@ -317,7 +317,7 @@ Tuta пропонує бізнес-версію [неприбутковим ор
**Мінімальний функціонал:**
- Захист вебпошти за допомогою 2FA, наприклад, [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Шифрування з нульовим доступом. Сервіс не має ключів для розшифрування даних, які він зберігає. Це запобігає витоку даних, до яких має доступ недобросовісний працівник, або витоку даних, які вкрав віддалений зловмисник, отримавши несанкціонований доступ до сервера.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- Підтримка [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions).
- Відсутність помилок або вразливостей TLS при аналізі такими інструментами, як [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) або [Qualys SSL Labs](https://ssllabs.com/ssltest); це включає помилки, пов'язані з сертифікатом, і слабкі параметри DH, такі як ті, що призвели до [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- Налаштування серверного набору (необов'язкове для TLS 1.3) для стійких наборів шифрів, які підтримують пряме шифрування та шифрування з автентифікацією.
diff --git a/i18n/uk/pastebins.md b/i18n/uk/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/uk/pastebins.md
+++ b/i18n/uk/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/uk/self-hosting/email-servers.md b/i18n/uk/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/uk/self-hosting/email-servers.md
+++ b/i18n/uk/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/vi/email.md b/i18n/vi/email.md
index f134dd3c..d283cf61 100644
--- a/i18n/vi/email.md
+++ b/i18n/vi/email.md
@@ -22,7 +22,7 @@ Email is practically a necessity for using any online service, however we do not
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**Minimum to Qualify:**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/vi/pastebins.md b/i18n/vi/pastebins.md
index 8e75b145..fd8a1a91 100644
--- a/i18n/vi/pastebins.md
+++ b/i18n/vi/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/vi/self-hosting/email-servers.md b/i18n/vi/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/vi/self-hosting/email-servers.md
+++ b/i18n/vi/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/zh-Hant/email.md b/i18n/zh-Hant/email.md
index 54174337..4571d077 100644
--- a/i18n/zh-Hant/email.md
+++ b/i18n/zh-Hant/email.md
@@ -22,7 +22,7 @@ global:
除此之外,我們還推薦各種基於可持續商業模式和內建安全和隱私功能的電子郵件提供商。 閱讀我們[完整的標準清單](#criteria),瞭解更多資訊。
-| 供應商 | OpenPGP / WKD | IMAP / SMTP | 零存取加密 | 匿名付款方式 |
+| 供應商 | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | 匿名付款方式 |
| ----------------------------- | -------------------------------------- | ------------------------------------------------- | ------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 僅提供付費版 | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 限 Mail | 現金 |
@@ -119,9 +119,9 @@ Proton Mail 支援使用 TOTP 作為 [雙重要素驗證](https://proton.me/supp
#### :material-check:{ .pg-green } 資料安全
-Proton Mail 使用「[零存取加密技術](https://proton.me/blog/zero-access-encryption)」來保護電子郵件和[行事曆](https://proton.me/news/protoncalendar-security-model)的資料安全。 使用「零存取加密技術」保護的數據只能由您訪問。
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-儲存在 [Proton 通錄](https://proton.me/support/proton-contacts)中的某些資訊,例如顯示名稱和電子郵件位址,並未使用零存取加密進行保護。 支援零存取加密的聯絡人欄位(例如電話號碼)會以掛鎖圖示顯示。
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } 電子郵件加密
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. 只要繼承人提出
## 更多供應商
-這些提供商以零知識加密方式儲存您的電子郵件,使其成為保護儲存電子郵件安全的絕佳選擇。 但是,它們不支援供應商之間可相互操作 E2EE 通信的加密標準。
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. 但是,它們不支援供應商之間可相互操作 E2EE 通信的加密標準。
@@ -254,7 +254,7 @@ Tuta 支援 TOTP 或 U2F 的[雙重認證](https://tuta.com/support#2fa)。
#### :material-check:{ .pg-green } 資料安全
-Tuta 對您的電子郵件、[通訊錄聯絡人](https://tuta.com/support#encrypted-address-book)和[行事曆](https://tuta.com/support#calendar) [進行零存取加密](https://tuta.com/support#what-encrypted)。 這意味著儲存在您帳戶中的訊息和其他資料只有您能讀取。
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } 電子郵件加密
@@ -278,14 +278,14 @@ Tuta 向非營利組織提供免費 [商業版本](https://tuta.com/blog/secure-
**最低合格要求:**
-- 必須使用零存取加密技術加密電子郵件帳戶資料。
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- 必須能夠以 [Mbox](https://en.wikipedia.org/wiki/Mbox) 或符合 [RFC5322](https://datatracker.ietf.org/doc/rfc5322) 標準的個別 .EML 匯出電子郵件。
- 允許使用者使用自己的[網域名稱](https://en.wikipedia.org/wiki/Domain_name)。 自定網域名稱對用戶來說很重要,因為它允許用戶在使用服務時仍能維持自我代理,以防服務變差或被另一家不優先考慮隱私的公司收購。
- 必須在自有的基礎架構上運作,即不建基於第三方電子郵件服務供應商。
**最佳情況:**
-- 應使用零存取加密技術加密所有帳戶資料 (聯絡人、行事曆等)。
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- 應提供整合式網頁郵件 E2EE/PGP 加密功能,方便用戶使用。
- 應支援 WKD,以便透過 HTTP 改善公共 OpenPGP 金鑰的發現。 GnuPG 使用者可以使用下列指令取得金鑰:`gpg --locate-key example_user@example.com`。
- 支援外部使用者的臨時信箱。 當您要傳送加密的電子郵件,但又不想傳送實際副本給收件人時,這個功能就很有用。 這些電子郵件通常具有限定時效,之後會被自動刪除。 它們也不需要收件人配置任何像OpenPGP這樣的加密技術。
@@ -317,7 +317,7 @@ Tuta 向非營利組織提供免費 [商業版本](https://tuta.com/blog/secure-
**最低合格要求:**
- 使用 2FA(例如:[TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp))保護網頁郵件。
-- 建基於靜態加密之上的零存取加密。 提供者沒有其所持有資料的解密金鑰。 這可防止惡意員工洩露他們存取的資料,或遠端敵人透過未經授權存取伺服器來釋放他們竊取的資料。
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 支援。
- 使用 [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) 或 [Qualys SSL Labs](https://ssllabs.com/ssltest) 等工具沒發現 TLS 錯誤或漏洞; 這包括與憑證相關的錯誤和弱 DH 參數,例如 [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) 錯誤。
- 伺服器套件偏好設定(TLS 1.3 為選用)適用於支援前向保密和認證加密的強密碼套件。
diff --git a/i18n/zh-Hant/pastebins.md b/i18n/zh-Hant/pastebins.md
index a4d72a2d..6c60ec81 100644
--- a/i18n/zh-Hant/pastebins.md
+++ b/i18n/zh-Hant/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. 資料在瀏覽器中使用 256 位元 AES 加密/解密。 它是 ZeroBin 的改良版。
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. 資料在瀏覽器中使用 256 位元 AES 加密/解密。 它是 ZeroBin 的改良版。
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### 最低要求
- 必須開放原始碼。
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- 必須支援密碼保護檔案。
### 最佳情況
diff --git a/i18n/zh-Hant/self-hosting/email-servers.md b/i18n/zh-Hant/self-hosting/email-servers.md
index 4d47d8a4..cf2f6f95 100644
--- a/i18n/zh-Hant/self-hosting/email-servers.md
+++ b/i18n/zh-Hant/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.
diff --git a/i18n/zh-TW/email.md b/i18n/zh-TW/email.md
index ca77b151..456fe3db 100644
--- a/i18n/zh-TW/email.md
+++ b/i18n/zh-TW/email.md
@@ -22,7 +22,7 @@ global:
除此之外,我們還推薦各種基於可持續商業模式和內建安全和隱私功能的電子郵件提供商。 閱讀我們[完整的標準清單](#criteria),瞭解更多資訊。
-| 供應商 | OpenPGP / WKD | IMAP / SMTP | 零存取加密 | 匿名付款方式 |
+| 供應商 | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | 匿名付款方式 |
| ----------------------------- | -------------------------------------- | ------------------------------------------------- | ------------------------------------------------- | --------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 僅提供付費版 | :material-check:{ .pg-green } | 現金
透過第三方使用 Monero |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } 限 Mail | 現金 |
@@ -119,9 +119,9 @@ Proton Mail 支援使用 TOTP 作為 [雙重要素驗證](https://proton.me/supp
#### :material-check:{ .pg-green } 資料安全
-Proton Mail 使用「[零存取加密技術](https://proton.me/blog/zero-access-encryption)」來保護電子郵件和[行事曆](https://proton.me/news/protoncalendar-security-model)的資料安全。 使用「零存取加密技術」保護的數據只能由您訪問。
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-儲存在 [Proton 通錄](https://proton.me/support/proton-contacts)中的某些資訊,例如顯示名稱和電子郵件位址,並未使用零存取加密進行保護。 支援零存取加密的聯絡人欄位(例如電話號碼)會以掛鎖圖示顯示。
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } 電子郵件加密
@@ -198,7 +198,7 @@ Mailbox Mail 所有方案都提供了數位遺產功能。 只要繼承人提出
## 更多供應商
-這些提供商以零知識加密方式儲存您的電子郵件,使其成為保護儲存電子郵件安全的絕佳選擇。 但是,它們不支援供應商之間可相互操作 E2EE 通信的加密標準。
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. 但是,它們不支援供應商之間可相互操作 E2EE 通信的加密標準。
@@ -254,7 +254,7 @@ Tuta 支援 TOTP 或 U2F 的[雙重認證](https://tuta.com/support#2fa)。
#### :material-check:{ .pg-green } 資料安全
-Tuta 對您的電子郵件、[通訊錄聯絡人](https://tuta.com/support#encrypted-address-book)和[行事曆](https://tuta.com/support#calendar) [進行零存取加密](https://tuta.com/support#what-encrypted)。 這意味著儲存在您帳戶中的訊息和其他資料只有您能讀取。
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } 電子郵件加密
@@ -278,14 +278,14 @@ Tuta 向非營利組織提供免費 [商業版本](https://tuta.com/blog/secure-
**最低合格要求:**
-- 必須使用零存取加密技術加密電子郵件帳戶資料。
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- 必須能夠以 [Mbox](https://en.wikipedia.org/wiki/Mbox) 或符合 [RFC5322](https://datatracker.ietf.org/doc/rfc5322) 標準的個別 .EML 匯出電子郵件。
- 允許使用者使用自己的[網域名稱](https://en.wikipedia.org/wiki/Domain_name)。 自定網域名稱對用戶來說很重要,因為它允許用戶在使用服務時仍能維持自我代理,以防服務變差或被另一家不優先考慮隱私的公司收購。
- 必須在自有的基礎架構上運作,即不建基於第三方電子郵件服務供應商。
**最佳情況:**
-- 應使用零存取加密技術加密所有帳戶資料 (聯絡人、行事曆等)。
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- 應提供整合式網頁郵件 E2EE/PGP 加密功能,方便用戶使用。
- 應支援 WKD,以便透過 HTTP 改善公共 OpenPGP 金鑰的發現。 GnuPG 使用者可以使用下列指令取得金鑰:`gpg --locate-key example_user@example.com`。
- 支援外部使用者的臨時信箱。 當您要傳送加密的電子郵件,但又不想傳送實際副本給收件人時,這個功能就很有用。 這些電子郵件通常具有限定時效,之後會被自動刪除。 它們也不需要收件人配置任何像OpenPGP這樣的加密技術。
@@ -317,7 +317,7 @@ Tuta 向非營利組織提供免費 [商業版本](https://tuta.com/blog/secure-
**最低合格要求:**
- 使用 2FA(例如:[TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp))保護網頁郵件。
-- 建基於靜態加密之上的零存取加密。 提供者沒有其所持有資料的解密金鑰。 這可防止惡意員工洩露他們存取的資料,或遠端敵人透過未經授權存取伺服器來釋放他們竊取的資料。
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 支援。
- 使用 [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh) 或 [Qualys SSL Labs](https://ssllabs.com/ssltest) 等工具沒發現 TLS 錯誤或漏洞; 這包括與憑證相關的錯誤和弱 DH 參數,例如 [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) 錯誤。
- 伺服器套件偏好設定(TLS 1.3 為選用)適用於支援前向保密和認證加密的強密碼套件。
diff --git a/i18n/zh-TW/pastebins.md b/i18n/zh-TW/pastebins.md
index 5b57fd2d..281744ed 100644
--- a/i18n/zh-TW/pastebins.md
+++ b/i18n/zh-TW/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** 是一款極簡主義的開放原始碼 pastebin,其伺服器對貼入的資料一無所知。 資料在瀏覽器中使用 256 位元 AES 加密/解密。 它是 ZeroBin 的改良版。
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. 資料在瀏覽器中使用 256 位元 AES 加密/解密。 它是 ZeroBin 的改良版。
[:octicons-home-16: 首頁](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="公開站台"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### 最低要求
- 必須開放原始碼。
-- 必須實作「零信任」E2EE。
+- Must encrypt pasted data on the client side before it is sent to the server.
- 必須支援密碼保護檔案。
### 最佳情況
diff --git a/i18n/zh-TW/self-hosting/email-servers.md b/i18n/zh-TW/self-hosting/email-servers.md
index c95e1e64..d39770c0 100644
--- a/i18n/zh-TW/self-hosting/email-servers.md
+++ b/i18n/zh-TW/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ cover: email.webp
-Stalwart 的 [PGP 實作](https://stalw.art/docs/encryption/overview) 在我們的自架推薦清單中是獨一無二的,可讓您以零知識的訊息儲存空間方式來架設自己的郵件伺服器。 如果您還想在您的網域上另外設定 Web Key Directory(WKD),以及使用支援 PGP 和 WKD 的電子郵件用戶端(例如 Thunderbird)來寄信,那麼這是最簡單就能讓所有 [Proton Mail](../email.md#proton-mail) 使用者能取得自架 E2EE 相容性的方式。
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. 如果您還想在您的網域上另外設定 Web Key Directory(WKD),以及使用支援 PGP 和 WKD 的電子郵件用戶端(例如 Thunderbird)來寄信,那麼這是最簡單就能讓所有 [Proton Mail](../email.md#proton-mail) 使用者能取得自架 E2EE 相容性的方式。
Stalwart **沒有**內建的網頁郵件功能,因此您需要使用[電子郵件軟體](../email-clients.md)使用,或是另外架設一套開放原始碼的網頁郵件軟體,例如 Nextcloud 的 Mail 應用程式。
diff --git a/i18n/zh/email.md b/i18n/zh/email.md
index 5b0c3bb1..bfc19fd9 100644
--- a/i18n/zh/email.md
+++ b/i18n/zh/email.md
@@ -22,7 +22,7 @@ global:
对于其他一切,我们根据可持续的商业模式和内置的安全和隐私功能,推荐各种电子邮件供应商。 Read our [full list of criteria](#criteria) for more information.
-| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
+| Provider | OpenPGP / WKD | IMAP / SMTP | Encrypted Storage | Anonymous Payment Methods |
| ----------------------------- | -------------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------- | ----------------------------------------------------- |
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash
Monero via third party |
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
@@ -119,9 +119,9 @@ Proton Mail supports TOTP [two-factor authentication](https://proton.me/support/
#### :material-check:{ .pg-green } Data Security
-Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). 使用零访问加密的数据只有你才能访问。
+Proton Mail stores your [emails](https://proton.me/blog/zero-access-encryption) and [calendars](https://proton.me/news/protoncalendar-security-model) with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.
-Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. 支持零访问加密的联系人字段,如电话号码,会用挂锁图标表示。
+Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are **not** secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.
#### :material-check:{ .pg-green } Email Encryption
@@ -198,7 +198,7 @@ Mailbox Mail has a digital legacy feature for all plans. You can choose whether
## More Providers
-These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
+These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between different providers.
@@ -254,7 +254,7 @@ Tuta supports [two-factor authentication](https://tuta.com/support#2fa) with eit
#### :material-check:{ .pg-green } Data Security
-Tuta has [zero-access encryption at rest](https://tuta.com/support#what-encrypted) for your emails, [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar). This means the messages and other data stored in your account are only readable by you.
+Tuta stores your [emails](https://tuta.com/support#what-encrypted), [address book contacts](https://tuta.com/support#encrypted-address-book), and [calendars](https://tuta.com/support#calendar) with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.
#### :material-information-outline:{ .pg-blue } Email Encryption
@@ -278,14 +278,14 @@ We regard these features as important in order to provide a safe and optimal ser
**符合条件的最低要求。**
-- Must encrypt email account data at rest with zero-access encryption.
+- Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Must be capable of exporting emails as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .EML with [RFC5322](https://datatracker.ietf.org/doc/rfc5322) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Must operate on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
-- Should encrypt all account data (contacts, calendars, etc.) at rest with zero-access encryption.
+- Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
- Should provide integrated webmail E2EE/PGP encryption as a convenience.
- Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: `gpg --locate-key example_user@example.com`.
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
@@ -317,7 +317,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**符合条件的最低要求。**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
-- Zero-access encryption, which builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
+- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
diff --git a/i18n/zh/pastebins.md b/i18n/zh/pastebins.md
index a53230ec..26561077 100644
--- a/i18n/zh/pastebins.md
+++ b/i18n/zh/pastebins.md
@@ -17,7 +17,7 @@ cover: pastebins.webp
{ align=right }
-**PrivateBin** is a minimalist, open-source, online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
+**PrivateBin** is a minimalist, open-source, online pastebin where the server cannot decrypt and read any pasted data you submit. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin.
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory){ .card-link title="Public Instances"}
@@ -49,7 +49,7 @@ cover: pastebins.webp
### Minimum Requirements
- Must be open source.
-- Must implement "zero-trust" E2EE.
+- Must encrypt pasted data on the client side before it is sent to the server.
- Must support password-protected files.
### Best-Case
diff --git a/i18n/zh/self-hosting/email-servers.md b/i18n/zh/self-hosting/email-servers.md
index 957bee7a..9a307db2 100644
--- a/i18n/zh/self-hosting/email-servers.md
+++ b/i18n/zh/self-hosting/email-servers.md
@@ -30,7 +30,7 @@ Advanced system administrators may consider setting up their own **email server*
-Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with zero-knowledge message storage. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
+Stalwart's [PGP implementation](https://stalw.art/docs/encryption/overview) is unique among our self-hosted recommendations and allows you to operate your own mail server with encrypted message storage, lessening the risk of unauthorized access to your emails. If you additionally configure Web Key Directory (WKD) on your domain, and if you use an email client which supports PGP and WKD for outgoing mail (like Thunderbird), then this is the easiest way to get self-hosted E2EE compatibility with all [Proton Mail](../email.md#proton-mail) users.
Stalwart does **not** have an integrated webmail, so you will need to use it with a [dedicated email client](../email-clients.md) or find an open-source webmail to self-host, like Nextcloud's Mail app.