These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
diff --git a/i18n/pl/cryptocurrency.md b/i18n/pl/cryptocurrency.md
index e69cab60..08687fe5 100644
--- a/i18n/pl/cryptocurrency.md
+++ b/i18n/pl/cryptocurrency.md
@@ -16,7 +16,7 @@ Making payments online is one of the biggest challenges to privacy. These crypto
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
-
Danger
+
Zagrożenie
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
diff --git a/i18n/pl/device-integrity.md b/i18n/pl/device-integrity.md
index 5ff87e93..9d41ed37 100644
--- a/i18n/pl/device-integrity.md
+++ b/i18n/pl/device-integrity.md
@@ -53,7 +53,7 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces, which are helpful to identify potential compromise.
-
Danger
+
Zagrożenie
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
diff --git a/i18n/pl/email.md b/i18n/pl/email.md
index bda22041..2735cb1a 100644
--- a/i18n/pl/email.md
+++ b/i18n/pl/email.md
@@ -22,11 +22,11 @@ Korzystanie z poczty e-mail jest praktycznie niezbędne do używania większośc
Do pozostałych zastosowań zalecamy różnorodne usługi e-mail, oparte na zrównoważonych modelach biznesowych i wyposażone we wbudowane funkcje bezpieczeństwa oraz prywatności. Pełną [listę kryteriów](#criteria) znajdziesz w dalszej części strony.
-| Dostawca | OpenPGP / WKD | IMAP / SMTP | Szyfrowanie z zerowym dostępem | Anonimowe metody płatności |
-| ------------------------------- | -------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- |
-| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko w płatnych planach | :material-check:{ .pg-green } | Cash
Monero via third party |
-| [Poczta Mailbox](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko poczta | Gotówka |
-| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero via third party
Cash via third party |
+| Dostawca | OpenPGP / WKD | IMAP / SMTP | Szyfrowanie z zerowym dostępem | Anonimowe metody płatności |
+| ------------------------------- | -------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------------------- |
+| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko w płatnych planach | :material-check:{ .pg-green } | Gotówka
Monero przez pośrednika |
+| [Poczta Mailbox](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko poczta | Gotówka |
+| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero przez pośrednika
Gotówka przez pośrednika |
Oprócz (lub zamiast) jednego z wymienionych tutaj dostawców usług e-mail, możesz rozważyć skorzystanie z dedykowanej [usługi aliasingu e-maili](email-aliasing.md#recommended-providers) w celu zwiększenia swojej prywatności. Między innymi takie usługi pomagają chronić Twoją prawdziwą skrzynkę przed spamem, uniemożliwiają marketerom powiązanie Twoich kont oraz szyfrują wszystkie przychodzące wiadomości za pomocą PGP.
@@ -85,22 +85,22 @@ Darmowy plan Proton Free oferuje 500 MB miejsca na pocztę, które można bezpł
-Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) such as Thunderbird. Konta płatne obejmują funkcje takie jak Proton Mail Bridge, dodatkową przestrzeń dyskową oraz obsługę własnych domen. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](email-aliasing.md#simplelogin) Premium.
+Konta bezpłatne mają pewne ograniczenia, takie jak brak możliwości wyszukiwania w treści wiadomości oraz brak dostępu do [Proton Mail Bridge](https://proton.me/pl/mail/bridge), który jest wymagany do korzystania z [zalecanego klienta poczty desktopowej](email-clients.md), np. Thunderbird. Konta płatne obejmują funkcje takie jak Proton Mail Bridge, dodatkową przestrzeń dyskową oraz obsługę własnych domen. Plan Proton Unlimited lub dowolny plan dla wielu użytkowników obejmuje darmowy dostęp do [SimpleLogin](email-aliasing.md#simplelogin) Premium.
-A [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) was provided for Proton Mail's apps in November 2021 by [Securitum](https://research.securitum.com).
+[Raport potwierdzający bezpieczeństwo](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) aplikacji Proton Mail został wydany 9 listopada 2021 roku przez firmę [Securitum](https://research.securitum.com).
-Proton Mail has internal crash reports that are **not** shared with third parties and can be disabled.
+Proton Mail gromadzi wewnętrzne raporty o awariach, które **nie są** udostępniane podmiotom trzecim i które mogą zostać wyłączone.
-=== "Web"
+=== "W przeglądarce"
- From your inbox, select :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
+ Z poziomu skrzynki odbiorczej wybierz :gear: → **Wszystkie ustawienia** → **Konto** → **Bezpieczeństwo i prywatność** → **Prywatność i gromadzenie danych**.
- [ ] Disable **Collect usage dignostics**
- [ ] Disable **Send crash reports**
-=== "Mobile"
+=== "W aplikacji mobilnej"
- From your inbox, select :material-menu: → :gear: **Settings** → select your username.
+ Z poziomu skrzynki odbiorczej wybierz :material-menu: → :gear: **Ustawienia** → wybierz swoją nazwę użytkownika.
- [ ] Disable **Send crash reports**
- [ ] Disable **Collect usage dignostics**
@@ -141,9 +141,9 @@ Plan [Proton Unlimited](https://proton.me/pl/support/proton-plans#proton-unlimit
-{ align=right }
+{ align=right }
-**Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. Działa od 2014 roku. Mailbox ma siedzibę w Berlinie, w Niemczech.
+Poczta **Mailbox** (wcześniej **Mailbox.org**) to usługa e-mail skoncentrowana na bezpieczeństwie, braku reklam oraz korzystaniu w 100% z energii pochodzącej ze źródeł odnawialnych. Działa od 2014 roku. Mailbox ma siedzibę w Berlinie, w Niemczech.
Konta oferują do 2 GB przestrzeni, którą można zwiększyć w razie potrzeby.
@@ -246,7 +246,7 @@ Płatne konta Tuta pozwalają na użycie 15 lub 30 aliasów w zależności od pl
#### :material-information-outline:{ .pg-blue } Prywatne metody płatności
-Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](cryptocurrency.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
+Tuta bezpośrednio akceptuje wyłącznie płatności kartą kredytową oraz przez PayPal. Jednak [**kryptowalutami**](cryptocurrency.md) można zapłacić pośrednio, kupując karty podarunkowe poprzez [współpracę](https://tuta.com/support/#cryptocurrency) z ProxyStore.
#### :material-check:{ .pg-green } Bezpieczeństwo konta
@@ -276,7 +276,7 @@ Tuta oferuje wersję biznesową swojej usługi [organizacjom non-profit](https:/
Poniższe funkcje uznajemy za istotne dla zapewnienia bezpiecznej i wydajnej usługi. Warto rozważyć, czy wybrany dostawca oferuje funkcje, których potrzebujesz.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Musi szyfrować dane kont e-mail w spoczynku przy użyciu szyfrowania z zerowym dostępem (zero-access encryption).
- Musi umożliwiać eksport wiadomości e-mail w formacie [mbox](https://pl.wikipedia.org/wiki/Mbox) lub jako pojedyncze pliki .EML zgodne ze standardem [RFC5322](https://datatracker.ietf.org/doc/rfc5322).
@@ -299,7 +299,7 @@ Poniższe funkcje uznajemy za istotne dla zapewnienia bezpiecznej i wydajnej us
Preferujemy dostawców, którzy gromadzą możliwie najmniej danych.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Musi chronić adres IP nadawcy, np. poprzez usuwanie go z nagłówka `Received`.
- Nie może wymagać danych osobowych (PII) innych niż nazwa użytkownika i hasło.
@@ -314,7 +314,7 @@ Preferujemy dostawców, którzy gromadzą możliwie najmniej danych.
Serwery pocztowe przetwarzają ogromne ilości wrażliwych danych. Oczekujemy, że dostawcy będą stosować najlepsze praktyki branżowe w celu ochrony swoich klientów.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Ochrona dostępu do webmaila z użyciem 2FA, np. [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
- Szyfrowanie z zerowym dostępem, będące rozszerzeniem szyfrowania danych w spoczynku — dostawca nie posiada kluczy deszyfrujących dane, co uniemożliwia wyciek informacji przez nieuczciwego pracownika lub zewnętrznego atakującego po uzyskaniu nieautoryzowanego dostępu do serwera.
@@ -347,7 +347,7 @@ Serwery pocztowe przetwarzają ogromne ilości wrażliwych danych. Oczekujemy,
Nie powierzył(a)byś swoich finansów komuś o fałszywej tożsamości, więc po co powierzać mu swoje dane e-mail? Wymagamy, aby zalecani przez nas dostawcy ujawniali informacje o właścicielach lub kadrze zarządzającej. Doceniamy również regularne raporty przejrzystości, szczególnie w zakresie tego, jak obsługiwane są żądania organów państwowych.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Publicznie dostępne informacje o właścicielu lub kadrze kierowniczej.
@@ -359,7 +359,7 @@ Nie powierzył(a)byś swoich finansów komuś o fałszywej tożsamości, więc p
W przypadku polecanych przez nas dostawców poczty e-mail zwracamy uwagę na odpowiedzialne praktyki marketingowe.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Musi samodzielnie hostować analitykę (bez korzystania z Google Analytics, Adobe Analytics itp.).
- Nie może stosować nieodpowiedzialnych działań marketingowych, w tym m.in.:
diff --git a/i18n/pl/encryption.md b/i18n/pl/encryption.md
index 80ce210c..48fe8c57 100644
--- a/i18n/pl/encryption.md
+++ b/i18n/pl/encryption.md
@@ -146,7 +146,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form
```
-
Tip
+
Porada
Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
diff --git a/i18n/pl/frontends.md b/i18n/pl/frontends.md
index 0ed7967e..c2338429 100644
--- a/i18n/pl/frontends.md
+++ b/i18n/pl/frontends.md
@@ -33,14 +33,14 @@ When you are using an instance run by someone else, make sure to read the privac
-
Note
+
Uwaga
The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
-
Tip
+
Porada
Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
@@ -68,7 +68,7 @@ There are a number of public instances, with some that offer a [Tor](tor.md) oni
-
Tip
+
Porada
ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level.
@@ -107,7 +107,7 @@ Invidious does not proxy video streams by default. Videos watched through Invidi
-
Tip
+
Porada
Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
@@ -134,7 +134,7 @@ Piped requires JavaScript in order to function and there are a number of public
-
Tip
+
Porada
Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts.
diff --git a/i18n/pl/meta/admonitions.md b/i18n/pl/meta/admonitions.md
index c0b40f35..7052cbc7 100644
--- a/i18n/pl/meta/admonitions.md
+++ b/i18n/pl/meta/admonitions.md
@@ -13,15 +13,15 @@ To jest przykład objaśnienia. Lorem ipsum dolor sit amet, consectetur adipisci
-Example Collapsible Admonition
+Przykładowe objaśnienie zwijane
-This is an example of a collapsible admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
+To jest przykład objaśnienia zwijanego. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-## Formatting
+## Formatowanie
-To add an admonition to a page, you can use the following code:
+Aby dodać objaśnienie do strony, można użyć następującego kodu:
```markdown title="Admonition"
@@ -43,14 +43,14 @@ ENCLOSED TEXT
The `TITLE` must be specified; if you don't want a specific title you can set it to the same text as the `TYPE` (see below) in title case, e.g. `Note`. The `ENCLOSED TEXT` should be Markdown formatted.
-### Regular types
+### Standardowe rodzaje upomnień
Replace `TYPE` in the examples above with one of the following:
#### `note`
-
Note
+
Uwaga
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -59,7 +59,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `abstract`
-
Abstract
+
Streszczenie
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -68,7 +68,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `info`
-
Info
+
Informacja
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -77,7 +77,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `tip`
-
Tip
+
Porada
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -86,7 +86,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `success`
-
Success
+
Sukces
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -95,7 +95,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `question`
-
Question
+
Pytanie
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -113,7 +113,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `failure`
-
Failure
+
Niepowodzenie
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -122,7 +122,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `danger`
-
Danger
+
Zagrożenie
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -131,7 +131,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `bug`
-
Bug
+
Błąd
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -140,7 +140,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `example`
-
Example
+
Przykład
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
@@ -149,17 +149,17 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit.
#### `quote`
-
Quote
+
Cytat
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-### Special Types
+### Specjalne rodzaje upomnień
#### `recommendation`
-This format is used to generate recommendation cards. Notably it is missing the `
` element.
+Format ten służy do tworzenia kart zaleceń. Należy zauważyć, że brakuje w nim elementu `
`.
```markdown title="Recommendation Card"
@@ -180,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
-{ align=right }
+{ align=right }
**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
@@ -244,7 +244,7 @@ Throughout the site, you may see some admonitions formatted like the following e
-
Note
+
Uwaga
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod
nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor
diff --git a/i18n/pl/mobile-phones.md b/i18n/pl/mobile-phones.md
index 579742b7..692320c4 100644
--- a/i18n/pl/mobile-phones.md
+++ b/i18n/pl/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Kryteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
diff --git a/i18n/pl/news-aggregators.md b/i18n/pl/news-aggregators.md
index c74fd291..58ad9440 100644
--- a/i18n/pl/news-aggregators.md
+++ b/i18n/pl/news-aggregators.md
@@ -153,7 +153,7 @@ Some social media services also support RSS, although it's not often advertised.
Reddit allows you to subscribe to Subreddits via RSS.
-
Example
+
Przykład
Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to.
@@ -168,7 +168,7 @@ https://reddit.com/r/[SUBREDDIT]/new/.rss
You can subscribe to YouTube channels without logging in and associating usage information with your Google account.
-
Example
+
Przykład
To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found in the expanded description (i.e., the "About" section) of the YouTube channel you wish to subscribe to: **About** → **Share channel** → **Copy channel ID**. Replace `[CHANNEL ID]` below:
diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md
index 2a11177f..1184d054 100644
--- a/i18n/pl/os/android-overview.md
+++ b/i18n/pl/os/android-overview.md
@@ -82,7 +82,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
-
Note
+
Uwaga
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics.
@@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Aktualizacje systemowe Google Play
diff --git a/i18n/pl/passwords.md b/i18n/pl/passwords.md
index 4c8ce560..95227f25 100644
--- a/i18n/pl/passwords.md
+++ b/i18n/pl/passwords.md
@@ -131,7 +131,7 @@ schema:
[Introduction to Passwords :material-arrow-right-drop-circle:](basics/passwords-overview.md)
-
Info
+
Informacja
Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have.
diff --git a/i18n/pl/self-hosting/file-management.md b/i18n/pl/self-hosting/file-management.md
index b0fe175d..63dc8618 100644
--- a/i18n/pl/self-hosting/file-management.md
+++ b/i18n/pl/self-hosting/file-management.md
@@ -18,7 +18,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
-{ align=right }
+{ align=right }
**PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
@@ -74,7 +74,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
-
Danger
+
Zagrożenie
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
diff --git a/i18n/pl/tor.md b/i18n/pl/tor.md
index 1b14ce1d..3b187ea8 100644
--- a/i18n/pl/tor.md
+++ b/i18n/pl/tor.md
@@ -34,7 +34,7 @@ schema:
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button.md-button--primary} [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor ""){.md-button}
-
Tip
+
Porada
Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
@@ -74,7 +74,7 @@ If more complete anonymity is paramount to your situation, you should **only** b
-
Danger
+
Zagrożenie
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
diff --git a/i18n/pl/vpn.md b/i18n/pl/vpn.md
index c55cf1d1..b6971301 100644
--- a/i18n/pl/vpn.md
+++ b/i18n/pl/vpn.md
@@ -23,7 +23,7 @@ Korzystanie z VPN **nie** uczyni Twojej aktywności w sieci anonimową ani nie z
Jeśli zależy Ci na **anonimowości**, skorzystaj z przeglądarki Tor Browser. Jeśli zależy Ci na dodatkowym **bezpieczeństwie**, zawsze upewnij się, że łączysz się z witrynami za pomocą HTTPS. VPN nie zastępuje dobrych praktyk w zakresie bezpieczeństwa.
-[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
+[Wprowadzenie do Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Mity dot. sieci Tor i FAQ](advanced/tor-overview.md){ .md-button }
@@ -47,10 +47,10 @@ Zalecani przez nas dostawcy stosują szyfrowanie, obsługują WireGuard i OpenVP
**Proton VPN** to mocny gracz na rynku VPN, działający od 2016 roku. Firma Proton AG ma siedzibę w Szwajcarii i oferuje zarówno ograniczoną darmową wersję, jak i pełniejszą wersję premium.
-[:octicons-home-16: Homepage](https://protonvpn.com){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://protonvpn.com/support){ .card-link title="Documentation" }
-[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
+[:octicons-home-16: Strona główna](https://protonvpn.com/pl){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://protonvpn.com/pl/privacy-policy){ .card-link title="Polityka prywatności" }
+[:octicons-info-16:](https://protonvpn.com/support/pl){ .card-link title="Dokumentacja" }
+[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Kod źródłowy" }
Pobierz
@@ -290,37 +290,37 @@ Mullvad zachowuje pełną przejrzystość w kwestii tego, które węzły [posiad
Zagrożenie
-Ważne jest, aby pamiętać, że korzystanie z usług dostawcy VPN nie zapewni anonimowości, ale zapewni lepszą prywatność w niektórych sytuacjach. VPN nie jest narzędziem do nielegalnych działań. Nie polegaj na polityce "no log".
+Ważne jest, aby pamiętać, że korzystanie z dostawcy usługi VPN nie czyni Cię anonimowym, choć w pewnych sytuacjach zwiększy Twoją prywatność. VPN nie jest narzędziem do działań niezgodnych z prawem. Nie polegaj na polityce „braku logów”.
-**Należy pamiętać, że nie jesteśmy powiązani z żadnym z polecanych przez nas dostawców. Pozwala nam to zapewnić całkowicie obiektywne rekomendacje.** Oprócz [naszych standardowych kryteriów](about/criteria.md), opracowaliśmy jasny zestaw wymagań dla każdego dostawcy VPN, który chce być rekomendowany, w tym silne szyfrowanie, niezależne audyty bezpieczeństwa, nowoczesną technologię i wiele innych. Zalecamy zapoznanie się z tą listą przed wyborem dostawcy VPN i przeprowadzenie własnych badań, aby upewnić się, że wybrany dostawca VPN jest tak godny zaufania, jak to tylko możliwe.
+**Należy pamiętać, że nie jesteśmy powiązani z żadnym z polecanych przez nas dostawców. Pozwala nam to formułować całkowicie obiektywne zalecenia.** Oprócz [naszych standardowych kryteriów](about/criteria.md), opracowaliśmy jasny zestaw wymagań, które musi spełniać dostawca usługi VPN, aby mógł być przez nas polecany — obejmują one wdrożenie silnego szyfrowania, niezależnych audytów bezpieczeństwa, nowoczesnych technologii i nie tylko. Sugerujemy zapoznanie się z tą listą przed wyborem dostawcy usługi VPN i przeprowadzenie własnych badań, aby upewnić się, że wybrany dostawca jest jak najbardziej godny zaufania.
### Technologia
-Wymagamy, aby wszyscy nasi rekomendowani dostawcy VPN dostarczali standardowe pliki konfiguracyjne, które mogą być używane w ogólnym kliencie open-source. **Jeśli** VPN udostępnia własnego klienta, wymagamy kill switch, aby zablokować wycieki danych sieciowych po rozłączeniu.
+Wymagamy, aby wszyscy zalecani przez nas dostawcy VPN udostępniali standardowe pliki konfiguracyjne, które można wykorzystać w uniwersalnym kliencie VPN typu open-source. **Jeśli** dostawca udostępnia własną aplikację, musi ona mieć wbudowany tzw. „kill switch”, który blokuje przesyłanie danych po utracie połączenia z VPN, zapobiegając wyciekom ruchu sieciowego.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Obsługa silnych protokołów, takich jak WireGuard.
-- Kill Switch wbudowany w klientów.
-- Wsparcie Wielokrotnego Przeskoku. Wielokrotny Przeskok jest ważny, aby zachować prywatność danych w przypadku naruszenia bezpieczeństwa pojedynczego węzła.
-- Jeśli klienci VPN są dostarczani, powinni być [open source](https://en.wikipedia.org/wiki/Open_source), podobnie jak oprogramowanie VPN, które zazwyczaj jest w nich wbudowane. Uważamy, że dostępność [kodu źródłowego](https://en.wikipedia.org/wiki/Source_code) zapewnia większą przejrzystość tego, co program faktycznie robi.
-- Funkcje odporności na cenzurę zaprojektowane do omijania zapór sieciowych bez DPI.
+- Wbudowany kill switch w swoich aplikacjach.
+- Obsługa multi-hop (łączenie przez wiele serwerów), co zwiększa prywatność w razie kompromitacji jednego z węzłów.
+- Jeśli dostawca oferuje własne aplikacje, powinny być one [open source](https://en.wikipedia.org/wiki/Open_source), podobnie jak oprogramowanie VPN, na którym zazwyczaj są oparte. Wierzymy, że dostępność [kodu źródłowego](https://en.wikipedia.org/wiki/Source_code) zapewnia większą przejrzystość i możliwość weryfikacji działania programu.
+- Funkcje odporne na cenzurę, zaprojektowane tak, aby omijać zapory sieciowe bez konieczności analizy głębokiej zawartości pakietów (DPI).
**Najlepszy scenariusz:**
-- Kill Switch z wysoce konfigurowalnymi opcjami (włączanie/wyłączanie w określonych sieciach, podczas uruchamiania itp.)
-- Łatwe w użyciu klienty VPN
-- Obsługa protokołu [IPv6](https://en.wikipedia.org/wiki/IPv6). Oczekujemy, że serwery będą zezwalać na połączenia przychodzące przez IPv6 i umożliwiać dostęp do usług hostowanych na adresach IPv6.
-- Możliwość [zdalnego przekierowania portów](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) pomaga w tworzeniu połączeń podczas korzystania z oprogramowania do udostępniania plików P2P[(Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) lub hostowania serwera (np. Mumble).
-- Technologia zaciemniania, która kamufluje prawdziwą naturę ruchu internetowego, zaprojektowana w celu obejścia zaawansowanych metod cenzury internetowej, takich jak DPI.
+- Kill switch z rozbudowanymi opcjami konfiguracji (np. włączenie/wyłączenie w określonych sieciach, uruchamianie przy starcie systemu itp.).
+- Łatwe w obsłudze aplikacje VPN.
+- Obsługa protokołu [IPv6](https://en.wikipedia.org/wiki/IPv6). Oczekujemy, że serwery umożliwiają zarówno połączenia przychodzące przez IPv6, jak i dostęp do usług działających w tej sieci.
+- Możliwość [zdalnego przekierowywania portów](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding), co ułatwia tworzenie połączeń w aplikacjach typu P2P ([peer-to-peer](https://en.wikipedia.org/wiki/Peer-to-peer)) lub przy hostowaniu własnych usług (np. serwera Mumble).
+- Technologia zaciemniania ruchu, która maskuje rzeczywisty charakter przesyłanych danych i pozwala obejść zaawansowane formy cenzury internetowej, takie jak DPI.
### Prywatność
Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. Wymagane jest nie gromadzenie danych osobowych podczas rejestracji i akceptowanie anonimowych form płatności.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- [Anonimowa kryptowaluta](cryptocurrency.md) **lub** opcja płatności gotówką.
- Do rejestracji nie są wymagane żadne dane osobowe: Co najwyżej nazwa użytkownika, hasło i adres e-mail.
@@ -334,7 +334,7 @@ Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. Wymagane je
VPN nie ma sensu, jeśli nie może nawet zapewnić odpowiedniego bezpieczeństwa. Od wszystkich rekomendowanych przez nas dostawców wymagamy przestrzegania aktualnych standardów bezpieczeństwa. Idealnie byłoby, gdyby domyślnie używały bardziej przyszłościowych schematów szyfrowania. Wymagamy również, aby niezależna strona trzecia przeprowadziła audyt bezpieczeństwa dostawcy, najlepiej w bardzo kompleksowy sposób i w sposób powtarzalny (corocznie).
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Silne schematy szyfrowania: OpenVPN z uwierzytelnianiem SHA-256; RSA-2048 lub lepszy handshake; szyfrowanie danych AES-256-GCM lub AES-256-CBC.
- Utajnianie z wyprzedzeniem.
@@ -367,7 +367,7 @@ Nie powierzyłbyś swoich finansów komuś z fałszywą tożsamością, więc po
W przypadku polecanych przez nas dostawców VPN lubimy widzieć odpowiedzialny marketing.
-**Minimum do zakwalifikowania się:**
+**Minimalne wymagania:**
- Musi samodzielnie hostować analitykę (tj. bez Google Analytics).
diff --git a/i18n/pt-BR/android/distributions.md b/i18n/pt-BR/android/distributions.md
index 83be5c66..dd680dda 100644
--- a/i18n/pt-BR/android/distributions.md
+++ b/i18n/pt-BR/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "Os melhores sistemas operacionais Android - Privacy Guides"
-title: "Distribuições alternativas"
+title: Distribuições alternativas
description: Você pode substituir o sistema operacional do seu telefone Android por essas alternativas seguras e que respeitam a privacidade.
schema:
- "@context": http://schema.org
@@ -44,17 +44,21 @@ Recomendamos que você instale o GrapheneOS se tiver um Google Pixel, pois ele o
O GrapheneOS oferece melhorias adicionais de [reforço de segurança](https://en.wikipedia.org/wiki/Hardening_\(computing\)) e privacidade. Tem um [alocador de memória endurecido](https://github.com/GrapheneOS/hardened_malloc), rede e permissões de sensor e vários outros [recursos de segurança](https://grapheneos.org/features). O GrapheneOS também vem com atualizações completas de firmware e compilações assinadas, então a inicialização verificada é totalmente suportada.
-[:octicons-home-16: Página Inicial](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de Privacidade" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentação}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código Fonte" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir }
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS suporta [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), que executa o Google Play Services com sandbox total como qualquer outro aplicativo regular. Isso significa que você pode aproveitar a maioria dos serviços do Google Play, como as notificações por push, ao mesmo tempo em que lhe dá controle total sobre as permissões e o acesso a eles e os restringe a um [perfil de trabalho](../os/android-overview.md#work-profile) ou [perfil de usuário](../os/android-overview.md#user-profiles) específico de sua escolha.
-Os [telefones Google Pixel](../mobile-phones.md#google-pixel) são os únicos dispositivos que atualmente atendem aos [requisitos de segurança de hardware] do GrapheneOS(https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
Por padrão, o Android faz muitas conexões de rede com o Google para realizar verificações de conectividade DNS, para sincronizar com a hora atual da rede, para verificar sua conectividade de rede e para muitas outras tarefas em segundo plano. A GrapheneOS os substitui por conexões com servidores operados pela GrapheneOS e sujeitos à sua política de privacidade. Isso oculta informações como seu endereço IP [do Google](../basics/common-threats.md#privacy-from-service-providers), mas significa que é trivial para um administrador da sua rede ou ISP ver que você está fazendo conexões com `grapheneos.network`, `grapheneos.org`, etc. e deduzir qual sistema operacional você está usando.
diff --git a/i18n/pt-BR/mobile-phones.md b/i18n/pt-BR/mobile-phones.md
index 18becf8f..0000ec4a 100644
--- a/i18n/pt-BR/mobile-phones.md
+++ b/i18n/pt-BR/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md
index 7fa0f8ce..335bca5c 100644
--- a/i18n/pt-BR/os/android-overview.md
+++ b/i18n/pt-BR/os/android-overview.md
@@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Google Play System Updates
diff --git a/i18n/pt/android/distributions.md b/i18n/pt/android/distributions.md
index 2e47e310..9627090a 100644
--- a/i18n/pt/android/distributions.md
+++ b/i18n/pt/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/pt/mobile-phones.md b/i18n/pt/mobile-phones.md
index 3a19be08..3517e47c 100644
--- a/i18n/pt/mobile-phones.md
+++ b/i18n/pt/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Framadate
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md
index 23e9da85..9c59dc10 100644
--- a/i18n/pt/os/android-overview.md
+++ b/i18n/pt/os/android-overview.md
@@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Google Play System Updates
diff --git a/i18n/ru/android/distributions.md b/i18n/ru/android/distributions.md
index 50e38886..ca23f753 100644
--- a/i18n/ru/android/distributions.md
+++ b/i18n/ru/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -44,17 +44,21 @@ We recommend installing GrapheneOS if you have a Google Pixel as it provides imp
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
-[:octicons-home-16: Домашняя страница](https://grapheneos.org){ .md-button .md-button--primary }
-[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Политика конфиденциальности" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Документация}
-[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Исходный код" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Поддержать }
+[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
+[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
+[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/ru/mobile-phones.md b/i18n/ru/mobile-phones.md
index 1f83cd17..7c64e224 100644
--- a/i18n/ru/mobile-phones.md
+++ b/i18n/ru/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Критерии
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md
index 1c6433eb..278c4bf8 100644
--- a/i18n/ru/os/android-overview.md
+++ b/i18n/ru/os/android-overview.md
@@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Предупреждение о непроверенных приложениях
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Обновление Google Play
diff --git a/i18n/sv/android/distributions.md b/i18n/sv/android/distributions.md
index cd62e243..c4d22ebf 100644
--- a/i18n/sv/android/distributions.md
+++ b/i18n/sv/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/sv/mobile-phones.md b/i18n/sv/mobile-phones.md
index 959bd491..e68a83c2 100644
--- a/i18n/sv/mobile-phones.md
+++ b/i18n/sv/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Kriterier
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md
index 86123280..c3feff6e 100644
--- a/i18n/sv/os/android-overview.md
+++ b/i18n/sv/os/android-overview.md
@@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Google Play System Updates
diff --git a/i18n/tr/android/distributions.md b/i18n/tr/android/distributions.md
index 664a91e2..cfd2972c 100644
--- a/i18n/tr/android/distributions.md
+++ b/i18n/tr/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/tr/mobile-phones.md b/i18n/tr/mobile-phones.md
index 0c7a58c3..be633fef 100644
--- a/i18n/tr/mobile-phones.md
+++ b/i18n/tr/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Cep telefonları"
+title: Cep telefonları
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Kriter
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz.
diff --git a/i18n/tr/os/android-overview.md b/i18n/tr/os/android-overview.md
index 4ff9761a..f3eaa048 100644
--- a/i18n/tr/os/android-overview.md
+++ b/i18n/tr/os/android-overview.md
@@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Google Play System Updates
diff --git a/i18n/uk/android/distributions.md b/i18n/uk/android/distributions.md
index 3b96a33f..9b2f32f2 100644
--- a/i18n/uk/android/distributions.md
+++ b/i18n/uk/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/uk/mobile-phones.md b/i18n/uk/mobile-phones.md
index 2419e679..38f15396 100644
--- a/i18n/uk/mobile-phones.md
+++ b/i18n/uk/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice
+## General Purchasing Advice
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
@@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
+### Hardware Security
+
+Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
-The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
+
+### Buying a Google Pixel
A few more tips for purchasing a Google Pixel:
@@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel:
, meaning that the longer use of the device the lower cost per day.
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
+The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
+
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
diff --git a/i18n/uk/os/android-overview.md b/i18n/uk/os/android-overview.md
index 424f280d..7854a91b 100644
--- a/i18n/uk/os/android-overview.md
+++ b/i18n/uk/os/android-overview.md
@@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Попередження про неперевірені додатки
+- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
### Оновлення системи Google Play
diff --git a/i18n/vi/android/distributions.md b/i18n/vi/android/distributions.md
index 64a64a41..e7801a31 100644
--- a/i18n/vi/android/distributions.md
+++ b/i18n/vi/android/distributions.md
@@ -1,6 +1,6 @@
---
meta_title: "The Best Android Operating Systems - Privacy Guides"
-title: "Alternative Distributions"
+title: Alternative Distributions
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
- "@context": http://schema.org
@@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
+[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
-[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
+[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
-[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
+[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
+
+GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
+
+### Connectivity Checks
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
diff --git a/i18n/vi/mobile-phones.md b/i18n/vi/mobile-phones.md
index 3a19be08..3517e47c 100644
--- a/i18n/vi/mobile-phones.md
+++ b/i18n/vi/mobile-phones.md
@@ -1,5 +1,5 @@
---
-title: "Mobile Phones"
+title: Mobile Phones
icon: material/cellphone-check
description: These mobile devices provide the best hardware security support for custom Android operating systems.
cover: android.webp
@@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav