From bc469fdf07d1cacf1c2e6d4958b5d2a94951101d Mon Sep 17 00:00:00 2001 From: Crowdin Bot Date: Mon, 10 Nov 2025 19:32:44 +0000 Subject: [PATCH] New Crowdin translations by GitHub Action --- i18n/ar/android/distributions.md | 12 ++++--- i18n/ar/mobile-phones.md | 14 ++++++--- i18n/ar/os/android-overview.md | 1 + i18n/bn-IN/android/distributions.md | 16 ++++++---- i18n/bn-IN/mobile-phones.md | 14 ++++++--- i18n/bn-IN/os/android-overview.md | 1 + i18n/bn/android/distributions.md | 16 ++++++---- i18n/bn/mobile-phones.md | 14 ++++++--- i18n/bn/os/android-overview.md | 1 + i18n/cs/android/distributions.md | 12 ++++--- i18n/cs/mobile-phones.md | 14 ++++++--- i18n/cs/os/android-overview.md | 1 + i18n/de/android/distributions.md | 16 ++++++---- i18n/de/mobile-phones.md | 14 ++++++--- i18n/de/os/android-overview.md | 1 + i18n/el/android/distributions.md | 12 ++++--- i18n/el/mobile-phones.md | 14 ++++++--- i18n/el/os/android-overview.md | 1 + i18n/eo/android/distributions.md | 16 ++++++---- i18n/eo/mobile-phones.md | 14 ++++++--- i18n/eo/os/android-overview.md | 1 + i18n/es/android/distributions.md | 18 ++++++----- i18n/es/mobile-phones.md | 14 ++++++--- i18n/es/os/android-overview.md | 1 + i18n/fa/android/distributions.md | 12 ++++--- i18n/fa/mobile-phones.md | 14 ++++++--- i18n/fa/os/android-overview.md | 1 + i18n/fr/android/distributions.md | 18 ++++++----- i18n/fr/mobile-phones.md | 14 ++++++--- i18n/fr/os/android-overview.md | 1 + i18n/he/android/distributions.md | 12 ++++--- i18n/he/mobile-phones.md | 14 ++++++--- i18n/he/os/android-overview.md | 1 + i18n/hi/android/distributions.md | 12 ++++--- i18n/hi/mobile-phones.md | 14 ++++++--- i18n/hi/os/android-overview.md | 1 + i18n/hu/android/distributions.md | 12 ++++--- i18n/hu/mobile-phones.md | 14 ++++++--- i18n/hu/os/android-overview.md | 1 + i18n/id/android/distributions.md | 12 ++++--- i18n/id/mobile-phones.md | 14 ++++++--- i18n/id/os/android-overview.md | 1 + i18n/it/android/distributions.md | 18 ++++++----- i18n/it/mobile-phones.md | 14 ++++++--- i18n/it/os/android-overview.md | 1 + i18n/ja/android/distributions.md | 18 ++++++----- i18n/ja/mobile-phones.md | 14 ++++++--- i18n/ja/os/android-overview.md | 1 + i18n/ko/android/distributions.md | 12 ++++--- i18n/ko/mobile-phones.md | 14 ++++++--- i18n/ko/os/android-overview.md | 1 + i18n/ku-IQ/android/distributions.md | 12 ++++--- i18n/ku-IQ/mobile-phones.md | 14 ++++++--- i18n/ku-IQ/os/android-overview.md | 1 + i18n/nl/android/distributions.md | 12 ++++--- i18n/nl/mobile-phones.md | 14 ++++++--- i18n/nl/os/android-overview.md | 1 + i18n/pl/advanced/dns-overview.md | 2 +- i18n/pl/advanced/payments.md | 2 +- i18n/pl/android/distributions.md | 12 ++++--- i18n/pl/android/general-apps.md | 2 +- i18n/pl/basics/account-creation.md | 2 +- i18n/pl/basics/common-misconceptions.md | 2 +- i18n/pl/basics/common-threats.md | 8 ++--- i18n/pl/basics/hardware.md | 4 +-- i18n/pl/basics/passwords-overview.md | 2 +- i18n/pl/cryptocurrency.md | 2 +- i18n/pl/device-integrity.md | 2 +- i18n/pl/email.md | 40 +++++++++++------------ i18n/pl/encryption.md | 2 +- i18n/pl/frontends.md | 10 +++--- i18n/pl/meta/admonitions.md | 40 +++++++++++------------ i18n/pl/mobile-phones.md | 14 ++++++--- i18n/pl/news-aggregators.md | 4 +-- i18n/pl/os/android-overview.md | 3 +- i18n/pl/passwords.md | 2 +- i18n/pl/self-hosting/file-management.md | 4 +-- i18n/pl/tor.md | 4 +-- i18n/pl/vpn.md | 42 ++++++++++++------------- i18n/pt-BR/android/distributions.md | 18 ++++++----- i18n/pt-BR/mobile-phones.md | 14 ++++++--- i18n/pt-BR/os/android-overview.md | 1 + i18n/pt/android/distributions.md | 12 ++++--- i18n/pt/mobile-phones.md | 14 ++++++--- i18n/pt/os/android-overview.md | 1 + i18n/ru/android/distributions.md | 18 ++++++----- i18n/ru/mobile-phones.md | 14 ++++++--- i18n/ru/os/android-overview.md | 1 + i18n/sv/android/distributions.md | 12 ++++--- i18n/sv/mobile-phones.md | 14 ++++++--- i18n/sv/os/android-overview.md | 1 + i18n/tr/android/distributions.md | 12 ++++--- i18n/tr/mobile-phones.md | 14 ++++++--- i18n/tr/os/android-overview.md | 1 + i18n/uk/android/distributions.md | 12 ++++--- i18n/uk/mobile-phones.md | 14 ++++++--- i18n/uk/os/android-overview.md | 1 + i18n/vi/android/distributions.md | 12 ++++--- i18n/vi/mobile-phones.md | 14 ++++++--- i18n/vi/os/android-overview.md | 1 + i18n/zh-Hant/android/distributions.md | 18 ++++++----- i18n/zh-Hant/mobile-phones.md | 14 ++++++--- i18n/zh-Hant/os/android-overview.md | 1 + i18n/zh-TW/android/distributions.md | 18 ++++++----- i18n/zh-TW/mobile-phones.md | 14 ++++++--- i18n/zh-TW/os/android-overview.md | 1 + i18n/zh/android/distributions.md | 12 ++++--- i18n/zh/mobile-phones.md | 14 ++++++--- i18n/zh/os/android-overview.md | 1 + 109 files changed, 691 insertions(+), 361 deletions(-) diff --git a/i18n/ar/android/distributions.md b/i18n/ar/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/ar/android/distributions.md +++ b/i18n/ar/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/ar/mobile-phones.md b/i18n/ar/mobile-phones.md index 49fefed1..aa08e94c 100644 --- a/i18n/ar/mobile-phones.md +++ b/i18n/ar/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/ar/os/android-overview.md b/i18n/ar/os/android-overview.md index 5ab2b455..3c7dae74 100644 --- a/i18n/ar/os/android-overview.md +++ b/i18n/ar/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/bn-IN/android/distributions.md b/i18n/bn-IN/android/distributions.md index 1600780c..9b2f32f2 100644 --- a/i18n/bn-IN/android/distributions.md +++ b/i18n/bn-IN/android/distributions.md @@ -1,12 +1,12 @@ --- -meta_title: The Best Android Operating Systems - Privacy Guides +meta_title: "The Best Android Operating Systems - Privacy Guides" title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org "@type": WebPage name: Private Android Operating Systems - url: ./ + url: "./" - "@context": http://schema.org "@type": CreativeWork name: GrapheneOS @@ -16,7 +16,7 @@ schema: subjectOf: "@context": http://schema.org "@type": WebPage - url: ./ + url: "./" robots: nofollow, max-snippet:-1, max-image-preview:large --- @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/bn-IN/mobile-phones.md b/i18n/bn-IN/mobile-phones.md index d7a849db..56d8d68b 100644 --- a/i18n/bn-IN/mobile-phones.md +++ b/i18n/bn-IN/mobile-phones.md @@ -7,7 +7,7 @@ schema: - "@context": http://schema.org "@type": WebPage name: Mobile Phone Recommendations - url: ./ + url: "./" - "@context": http://schema.org "@type": Product name: Pixel @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/bn-IN/os/android-overview.md b/i18n/bn-IN/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/bn-IN/os/android-overview.md +++ b/i18n/bn-IN/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/bn/android/distributions.md b/i18n/bn/android/distributions.md index 1600780c..9b2f32f2 100644 --- a/i18n/bn/android/distributions.md +++ b/i18n/bn/android/distributions.md @@ -1,12 +1,12 @@ --- -meta_title: The Best Android Operating Systems - Privacy Guides +meta_title: "The Best Android Operating Systems - Privacy Guides" title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org "@type": WebPage name: Private Android Operating Systems - url: ./ + url: "./" - "@context": http://schema.org "@type": CreativeWork name: GrapheneOS @@ -16,7 +16,7 @@ schema: subjectOf: "@context": http://schema.org "@type": WebPage - url: ./ + url: "./" robots: nofollow, max-snippet:-1, max-image-preview:large --- @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/bn/mobile-phones.md b/i18n/bn/mobile-phones.md index d7a849db..56d8d68b 100644 --- a/i18n/bn/mobile-phones.md +++ b/i18n/bn/mobile-phones.md @@ -7,7 +7,7 @@ schema: - "@context": http://schema.org "@type": WebPage name: Mobile Phone Recommendations - url: ./ + url: "./" - "@context": http://schema.org "@type": Product name: Pixel @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/bn/os/android-overview.md b/i18n/bn/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/bn/os/android-overview.md +++ b/i18n/bn/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/cs/android/distributions.md b/i18n/cs/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/cs/android/distributions.md +++ b/i18n/cs/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/cs/mobile-phones.md b/i18n/cs/mobile-phones.md index 2c9e982f..d473320b 100644 --- a/i18n/cs/mobile-phones.md +++ b/i18n/cs/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/cs/os/android-overview.md b/i18n/cs/os/android-overview.md index 2ec0440f..8debcd02 100644 --- a/i18n/cs/os/android-overview.md +++ b/i18n/cs/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/de/android/distributions.md b/i18n/de/android/distributions.md index 825beb6a..1ae19c88 100644 --- a/i18n/de/android/distributions.md +++ b/i18n/de/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "Die besten Android-Betriebssysteme - Privacy Guides" -title: "Alternative Distributionen" +title: Alternative Distributionen description: Du kannst das Betriebssystem deines Android-Handys mit diesen sicheren und Privatsphäre-freundlichen Alternativen ersetzen. schema: - "@context": http://schema.org @@ -45,16 +45,20 @@ Wir empfehlen die Installation von GrapheneOS, wenn du ein Google Pixel besitzt, GrapheneOS bietet zusätzliche [Sicherheitshärtungen](https://de.wikipedia.org/wiki/Härten_\(Computer\)) und Verbesserungen beim Datenschutz. Es verfügt über eine [gehärtete Speicher-Allocator](https://github.com/GrapheneOS/hardened_malloc), Netzwerk- und Sensorberechtigungen und verschiedene andere [Sicherheitsfunktionen](https://grapheneos.org/features). GrapheneOS wird auch mit vollständigen Firmware-Updates und signierten Builds geliefert, so dass verifiziertes Booten vollständig unterstützt wird. [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Datenschutzrichtlinie" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Dokumentation} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Quellcode" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Spenden } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS unterstützt [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), das die Google Play Services vollständig sandboxed, wie jede andere reguläre App. Das bedeutet, dass du die meisten Google Play-Dienste, wie z. B. Push-Benachrichtigungen, nutzen kannst, während du die volle Kontrolle über deren Berechtigungen und Zugriff hast und sie auf ein bestimmtes [Arbeitsprofil](../os/android-overview.md#work-profile) oder [Benutzerprofil](../os/android-overview.md#user-profiles) deiner Wahl beschränken kannst. -[Google Pixel-Handys](../mobile-phones.md#google-pixel) sind die einzigen Geräte, die derzeit die [Hardware-Sicherheitsanforderungen](https://grapheneos.org/faq#future-devices) von GrapheneOS erfüllen. +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks Standardmäßig stellt Android viele Netzwerkverbindungen zu Google her, um DNS-Verbindungsprüfungen durchzuführen, sich mit der aktuellen Netzwerkzeit zu synchronisieren, deine Netzwerkverbindung zu prüfen und viele andere Aufgaben im Hintergrund zu erledigen. GrapheneOS ersetzt diese durch Verbindungen zu Servern, die von GrapheneOS betrieben werden und deren Datenschutzbestimmungen unterliegen. Dies verbirgt Informationen wie deine IP-Adresse [vor Google](../basics/common-threats.md#privacy-from-service-providers), aber es bedeutet, dass es für einen Administrator in deinem Netzwerk oder ISP trivial ist, zu sehen, dass du Verbindungen zu `grapheneos.network`, `grapheneos.org` usw. herstellen, und daraus zu schließen, welches Betriebssystem du verwendest. diff --git a/i18n/de/mobile-phones.md b/i18n/de/mobile-phones.md index 21266542..19bbb869 100644 --- a/i18n/de/mobile-phones.md +++ b/i18n/de/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobiltelefone" +title: Mobiltelefone icon: material/cellphone-check description: Diese mobilen Geräte bieten die beste Hardware-Sicherheitsunterstützung für benutzerdefinierte Android-Betriebssysteme. cover: android.webp @@ -42,7 +42,7 @@ End-of-Life-Geräte (z. B. "erweitertem Support"-Geräte von GrapheneOS) verfüg -## Kauf-Hinweis +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Ab dem **Pixel 8** und **8 Pro** erhalten Pixel-Geräte mindestens 7 Jahre lang -Secure-Elements wie das Titan M2 sind eingeschränkter als die Trusted Execution Environment des Prozessors, die von den meisten anderen Handys verwendet wird, da sie nur für die Speicherung von Geheimnissen, die Hardware-Bescheinigung und die Ratenbegrenzung verwendet werden, nicht aber für die Ausführung "vertrauenswürdiger" Programme. Hndys ohne Secure-Element müssen das TEE für _alle_ diese Funktionen verwenden, was zu einer größeren Angriffsfläche führt. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Hndys ohne Secure-Element müssen das TEE für _alle_ diese Funktionen verwenden, was zu einer größeren Angriffsfläche führt. Google Pixel-Telefone verwenden ein TEE-Betriebssystem namens Trusty, das im Gegensatz zu vielen anderen Telefonen [Open Source] (https://source.android.com/security/trusty#whyTrusty) ist. -Die Installation von GrapheneOS auf einem Pixel-Telefon ist mit dem [Web-Installer](https://grapheneos.org/install/web) einfach. Wenn du dich nicht wohl dabei fühlst, es selbst zu tun und bereit bist, etwas mehr Geld auszugeben, solltest du dir das [NitroPhone](https://shop.nitrokey.com/shop) ansehen, auf dem GrapheneOS von der renommierten Firma [Nitrokey](https://nitrokey.com/about) vorinstalliert ist. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel Ein paar weitere Tipps für den Kauf eines Google Pixel: @@ -87,6 +91,8 @@ Ein paar weitere Tipps für den Kauf eines Google Pixel: , d. h. dass die Kosten pro Tag umso niedriger sind, je länger das Gerät genutzt wird. - Auch wenn das Pixel in deiner Region nicht verfügbar ist, kann das [NitroPhone](https://shop.nitrokey.com/shop) weltweit versendet werden. +Die Installation von GrapheneOS auf einem Pixel-Telefon ist mit dem [Web-Installer](https://grapheneos.org/install/web) einfach. Wenn du dich nicht wohl dabei fühlst, es selbst zu tun und bereit bist, etwas mehr Geld auszugeben, solltest du dir das [NitroPhone](https://shop.nitrokey.com/shop) ansehen, auf dem GrapheneOS von der renommierten Firma [Nitrokey](https://nitrokey.com/about) vorinstalliert ist. + ## Kriterien **Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, in Verbindung stehen.** Zusätzlich zu [unseren Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen entwickelt, die es uns ermöglichen, objektive Empfehlungen zu geben. Wir empfehlen dir, dich mit der Liste vertraut zu machen, bevor du dich für ein Projekt entscheidest, und deine eigenen Recherchen anzustellen, um sicherzustellen, dass es die richtige Wahl für dich ist. diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md index 7c5a8117..963c67c1 100644 --- a/i18n/de/os/android-overview.md +++ b/i18n/de/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/el/android/distributions.md b/i18n/el/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/el/android/distributions.md +++ b/i18n/el/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/el/mobile-phones.md b/i18n/el/mobile-phones.md index 8713a4da..56d8d68b 100644 --- a/i18n/el/mobile-phones.md +++ b/i18n/el/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/el/os/android-overview.md b/i18n/el/os/android-overview.md index fdc8552c..14581e6d 100644 --- a/i18n/el/os/android-overview.md +++ b/i18n/el/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/eo/android/distributions.md b/i18n/eo/android/distributions.md index 1600780c..9b2f32f2 100644 --- a/i18n/eo/android/distributions.md +++ b/i18n/eo/android/distributions.md @@ -1,12 +1,12 @@ --- -meta_title: The Best Android Operating Systems - Privacy Guides +meta_title: "The Best Android Operating Systems - Privacy Guides" title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org "@type": WebPage name: Private Android Operating Systems - url: ./ + url: "./" - "@context": http://schema.org "@type": CreativeWork name: GrapheneOS @@ -16,7 +16,7 @@ schema: subjectOf: "@context": http://schema.org "@type": WebPage - url: ./ + url: "./" robots: nofollow, max-snippet:-1, max-image-preview:large --- @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/eo/mobile-phones.md b/i18n/eo/mobile-phones.md index d7a849db..56d8d68b 100644 --- a/i18n/eo/mobile-phones.md +++ b/i18n/eo/mobile-phones.md @@ -7,7 +7,7 @@ schema: - "@context": http://schema.org "@type": WebPage name: Mobile Phone Recommendations - url: ./ + url: "./" - "@context": http://schema.org "@type": Product name: Pixel @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/eo/os/android-overview.md b/i18n/eo/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/eo/os/android-overview.md +++ b/i18n/eo/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/es/android/distributions.md b/i18n/es/android/distributions.md index 879d63d6..1cee8119 100644 --- a/i18n/es/android/distributions.md +++ b/i18n/es/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "Los Mejores Sistemas Operativos Android - Privacy Guides" -title: "Distribuciones alternativas" +title: Distribuciones alternativas description: Puedes reemplazar el sistema operativo en tu teléfono Android por estas alternativas seguras y respetuosas con la privacidad. schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ Recomendamos instalar GrapheneOS si tienes un Google Pixel, ya que proporciona u GrapheneOS proporciona [mejoras adicionales de seguridad](https://en.wikipedia.org/wiki/Hardening_\(computing\)) y privacidad. Dispone de un [asignador de memoria reforzado](https://github.com/GrapheneOS/hardened_malloc), permisos de red y sensores, y otras diversas [características de seguridad](https://grapheneos.org/features). GrapheneOS también incluye actualizaciones completas de firmware y compilaciones firmadas, por lo que el arranque verificado es totalmente compatible. -[:octicons-home-16: Página Principal](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de Privacidad" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentación} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código Fuente" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS es compatible con [Google Play aislado](https://grapheneos.org/usage#sandboxed-google-play), que ejecuta los servicios de Google Play totalmente aislados como cualquier otra aplicación normal. Esto significa que puedes aprovechar la mayoría de los servicios de Google Play, como las notificaciones push, a la vez que tienes un control total sobre sus permisos y accesos, y los limitas a un [perfil de trabajo](../os/android-overview.md#work-profile) o [perfil de usuario](../os/android-overview.md#user-profiles) específico de tu elección. -Los [teléfonos Google Pixel](../mobile-phones.md#google-pixel) son los únicos dispositivos que actualmente cumplen los [requisitos de seguridad de hardware] de GrapheneOS(https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks Por defecto, Android realiza muchas conexiones de red a Google para realizar comprobaciones de conectividad DNS, para sincronizar con la hora actual de la red, para comprobar tu conectividad de red y para muchas otras tareas en segundo plano. GrapheneOS los sustituye por conexiones a servidores operados por GrapheneOS y sujetos a su política de privacidad. Esto oculta información como tu dirección IP [de Google](../basics/common-threats.md#privacy-from-service-providers), pero significa que es trivial para un administrador de tu red o ISP ver que estás haciendo conexiones a `grapheneos.network`, `grapheneos.org`, etc. y deducir qué sistema operativo estás usando. diff --git a/i18n/es/mobile-phones.md b/i18n/es/mobile-phones.md index 4ba1cca3..86888a05 100644 --- a/i18n/es/mobile-phones.md +++ b/i18n/es/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Teléfonos celulares" +title: Teléfonos celulares icon: material/cellphone-check description: Estos dispositivos móviles ofrecen el mejor soporte de seguridad de hardware para sistemas operativos Android personalizados. cover: android.webp @@ -42,7 +42,7 @@ Al final de su vida útil, los dispositivos (como los dispositivos con el "sopor -## Consejo de compra +## General Purchasing Advice Al comprar un dispositivo, recomendamos obtener uno tan nuevo como sea posible. El software y el firmware de los dispositivos móviles cuentan con soporte por un periodo limitado de tiempo, por lo que comprar uno nuevo extiende la vida útil tanto como sea posible. @@ -72,11 +72,15 @@ Iniciando con el **Pixel 8** y **8 Pro**, los dispositivos Pixel cuentan como m -Los Elementos Seguros como el Titan M2 se encuentran limitados al Entorno de Ejecución Confiable del procesador, utilizado por la mayoría de los otros teléfono para el almacenamiento secreto, la certificación de hardware y la limitación de velocidad, no para ejecutar programas "confiables". Los teléfonos sin un Entorno Seguro suelen utilizar TEE para _todas_ las demás funciones, lo que resulta en una gran superficie de ataque. +### Seguridad del hardware + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Los teléfonos sin un Entorno Seguro suelen utilizar TEE para _todas_ las demás funciones, lo que resulta en una gran superficie de ataque. A diferencia de otros teléfonos, los Google Pixel utilizan un SO TEE de [código abierto](https://source.android.com/security/trusty#whyTrusty) llamado Trusty. -La instalación de GrapheneOS en un Pixel es sencilla con su [instalador web](https://grapheneos.org/install/web). Si no te sientes cómodo realizando esto por ti mismo y te gustaría invertir un poco más de dinero, echa un vistazo al [NitroPhone](https://shop.nitrokey.com/shop) que viene con GrapheneOS preinstalado y proviene de la reputada empresa [Nitrokey](https://nitrokey.com/about). +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel Algunos consejos adicionales al comprar un Google Pixel: @@ -87,6 +91,8 @@ Algunos consejos adicionales al comprar un Google Pixel: , significando que el precio es más bajo entre más se use el dispositivo. - Si el Pixel no se encuentra disponible en tu país, el [NitroPhone](https://shop.nitrokey.com/shop) cuenta con envíos a nivel mundial. +La instalación de GrapheneOS en un Pixel es sencilla con su [instalador web](https://grapheneos.org/install/web). Si no te sientes cómodo realizando esto por ti mismo y te gustaría invertir un poco más de dinero, echa un vistazo al [NitroPhone](https://shop.nitrokey.com/shop) que viene con GrapheneOS preinstalado y proviene de la reputada empresa [Nitrokey](https://nitrokey.com/about). + ## Criterios **Por favor, tome en cuenta que no estamos afiliados con ninguno de los proyectos recomendados.** Además de nuestros [criterios estándar](about/criteria.md), hemos desarrollado un claro conjunto de requerimientos que nos permite proporcionar recomendaciones objetivas. Sugerimos que te familiarices con esta lista, antes de decidir utilizar un proyecto y realizar tu propia investigación para asegurarte de que es la elección ideal para ti. diff --git a/i18n/es/os/android-overview.md b/i18n/es/os/android-overview.md index 9dd40751..99f13f9c 100644 --- a/i18n/es/os/android-overview.md +++ b/i18n/es/os/android-overview.md @@ -143,6 +143,7 @@ El Programa de Protección Avanzada proporciona una supervisión de amenazas mej - No permitir la instalación de aplicaciones fuera de Google Play Store, la tienda de aplicaciones del proveedor del sistema operativo o a través de [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Escaneo automático obligatorio de dispositivos con [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Advertencia sobre aplicaciones no verificadas +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Actualizaciones del sistema de Google Play diff --git a/i18n/fa/android/distributions.md b/i18n/fa/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/fa/android/distributions.md +++ b/i18n/fa/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/fa/mobile-phones.md b/i18n/fa/mobile-phones.md index 8713a4da..56d8d68b 100644 --- a/i18n/fa/mobile-phones.md +++ b/i18n/fa/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/fa/os/android-overview.md b/i18n/fa/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/fa/os/android-overview.md +++ b/i18n/fa/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/fr/android/distributions.md b/i18n/fr/android/distributions.md index d078f7cd..209014dc 100644 --- a/i18n/fr/android/distributions.md +++ b/i18n/fr/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "Les meilleurs systèmes d'exploitation Android - Privacy Guides" -title: "Distributions alternatives" +title: Distributions alternatives description: Vous pouvez remplacer le système d'exploitation de votre téléphone Android par ces alternatives sécurisées et respectueuses de la vie privée. schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ Nous recommandons d'installer GrapheneOS si vous avez un Google Pixel, puisqu'il GrapheneOS fournit des [renforcements de sécurité](https://en.wikipedia.org/wiki/Hardening_\(computing\)) et de confidentialité supplémentaire. Il dispose d'un [allocateur de mémoire renforcé](https://github.com/GrapheneOS/hardened_malloc), de permissions de réseau et de capteurs, et de diverses autres [fonctions de sécurité](https://grapheneos.org/features). GrapheneOS est également livré avec des mises à jour complètes du micrologiciel et des versions signées, de sorte que le démarrage sécurisé est entièrement pris en charge. -[:octicons-home-16: Page d'accueil](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Politique de confidentialité" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Code source" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuer } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS prend en charge [l'isolation Google Play] (https://grapheneos.org/usage#sandboxed-google-play), qui exécute les services Google Play de façon isolée, comme n'importe quelle autre application. Cela signifie que vous pouvez profiter de la plupart des avantages des services Google Play, comme les notifications, tout en vous donnant le contrôle total à leurs permissions et leurs accès, en plus de les limiter à un [profil professionnel](../os/android-overview.md#work-profile) ou à un [profil personnel](../os/android-overview.md#user-profiles) de votre choix. -Les [téléphones Google Pixel](../mobile-phones.md#google-pixel) sont présentement les seuls à répondre aux [exigences de sécurité matérielle](https://grapheneos.org/faq#future-devices) de GrapheneOS. +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks Par défaut, Android effectue de nombreuses connexions réseau avec Google pour effectuer des vérifications de connectivité DNS, pour se synchroniser avec l'heure actuelle du réseau, pour vérifier votre connectivité réseau et pour de nombreuses autres tâches d'arrière-plan. GrapheneOS vient remplacer celles-ci par des connexions à des serveurs opérés par GrapheneOS qui sont soumis à leur propre politique de confidentialité. Cela cache votre information comme votre adresse IP [de Google](../basics/common-threats.md#privacy-from-service-providers), mais fais en sorte qu'il est trivial pour un administrateur de votre réseau ou pour votre fournisseur d'accès internet que vous faites des connexions à `grapheneos.network`, `grapheneos.org`, etc. et de déuire quel système d'exploitation vous utilisez. diff --git a/i18n/fr/mobile-phones.md b/i18n/fr/mobile-phones.md index 104ca681..fbbbdf63 100644 --- a/i18n/fr/mobile-phones.md +++ b/i18n/fr/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Smartphones" +title: Smartphones icon: material/cellphone-check description: Les smartphones suivants possèdent la meilleure sécurité matérielle (hardware) pour les systèmes d'exploitation Android alternatifs (ou custom ROMs). cover: android.webp @@ -42,7 +42,7 @@ Les appareils en fin de vie (comme les appareils à "support prolongé" de Graph -## Conseil d'achat +## General Purchasing Advice Lorsque vous achetez un appareil, nous vous recommandons d'en acheter un le plus neuf possible. Puisque le logiciel et le micrologiciel d'un appareil ne sont mis à jour que pendant une courte période, acheter un appareil neuf permet de profiter de celle-ci le plus longtemps possible. @@ -72,11 +72,15 @@ Les appareils **Google Pixel** sont connus pour avoir une bonne sécurité et po -Les Composants Sécurisés comme le Titan M2 sont plus limités que les Environnements d'Exécution Sécurisés (Trusted Execution Environment, ou TEE) des processeurs utilisés par la plupart des autres smartphones, ils sont utilisés uniquement pour le stockage secret, l'authentification hardware, et la limitation du débit (rate limiting), et non pour l'exécution de programmes "de confiance". Les smartphones qui ne possèdent pas de Composant Sécurisé doivent utiliser le TEE pour _toutes_ ces fonctions, laissant ainsi une surface d'attaque plus importante. +### Sécurité matérielle + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Les smartphones qui ne possèdent pas de Composant Sécurisé doivent utiliser le TEE pour _toutes_ ces fonctions, laissant ainsi une surface d'attaque plus importante. Les Pixels utilisent un système d'exploitation particulier pour le TEE appelé Trusty qui, contrairement à beaucoup d'autres téléphones, est [open source](https://source.android.com/security/trusty#whyTrusty). -L'installation de GrapheneOS sur un Pixel est très simple grâce à leur [web installer](https://grapheneos.org/install/web)(en anglais uniquement, mais des tutoriels en français sont facilement trouvables). Si vous n'êtes pas à l'aise à l'idée de le faire vous-même et si cela entre dans votre budget, vous pouvez investir dans un [NitroPhone](https://shop.nitrokey.com/shop) préinstallé avec GrapheneOS, vendu par l'entreprise réputée [Nitrokey](https://nitrokey.com/about). +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel Quelques conseils supplémentaires : @@ -87,6 +91,8 @@ Quelques conseils supplémentaires : , ce qui signifie que plus vous utilisez votre appareil longtemps, moins le coût journalier sera élevé. - Si les Pixels ne sont pas disponibles à la vente dans votre pays, les [NitroPhones](https://shop.nitrokey.com/shop) peuvent être livrés dans le monde entier. +L'installation de GrapheneOS sur un Pixel est très simple grâce à leur [web installer](https://grapheneos.org/install/web)(en anglais uniquement, mais des tutoriels en français sont facilement trouvables). Si vous n'êtes pas à l'aise à l'idée de le faire vous-même et si cela entre dans votre budget, vous pouvez investir dans un [NitroPhone](https://shop.nitrokey.com/shop) préinstallé avec GrapheneOS, vendu par l'entreprise réputée [Nitrokey](https://nitrokey.com/about). + ## Critères **Nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de nos [critères de base](about/criteria.md), nous avons élaboré un ensemble d'exigences clair nous permettant de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de faire votre choix, et de mener vos propres recherches pour vous assurer que c'est ce choix vous correspond. diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md index 37c5d274..cf0f60d2 100644 --- a/i18n/fr/os/android-overview.md +++ b/i18n/fr/os/android-overview.md @@ -143,6 +143,7 @@ Le Programme de Protection Avancée offre une surveillance accrue des menaces et - Ne pas autoriser l'installation d'applications en dehors du Google Play Store, de la boutique d'applications du fournisseur du système d'exploitation ou via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Analyse automatique obligatoire des appareils avec [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Avertissement concernant les applications non vérifiées +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Mise à jour du système avec Google Play diff --git a/i18n/he/android/distributions.md b/i18n/he/android/distributions.md index 20c8b3e8..fc188efe 100644 --- a/i18n/he/android/distributions.md +++ b/i18n/he/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "מערכות ההפעלה הטובות ביותר של אנדרואיד - Privacy Guides" -title: "הפצות אלטרנטיביות" +title: הפצות אלטרנטיביות description: אתה יכול להחליף את מערכת ההפעלה בטלפון האנדרואיד שלך בחלופות מאובטחות ומכבדות פרטיות. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks כברירת מחדל, אנדרואיד מייצרת חיבורי רשת רבים לגוגל כדי לבצע בדיקות קישוריות של DNS, לסנכרון עם זמן הרשת הנוכחי, כדי לבדוק את קישוריות הרשת שלך ועבור משימות רקע רבות אחרות. GrapheneOS מחליף את אלה בחיבורים לשרתים המופעלים על ידי GrapheneOS ובכפוף למדיניות הפרטיות שלהם. זה מסתיר מידע כמו כתובת ה- IP שלך [מגוגל](../basics/common-threats.md#privacy-from-service-providers), אבל פירושו שזה טריוויאלי שמנהל המנהל ברשת או בספקס שלך יראה שאתה יוצר חיבורים ל- `grapheneos.network`, `grapheneos.org`, וכו' ותסיק באיזו מערכת הפעלה אתה משתמש. diff --git a/i18n/he/mobile-phones.md b/i18n/he/mobile-phones.md index f2bda9b9..6d5d3390 100644 --- a/i18n/he/mobile-phones.md +++ b/i18n/he/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### אבטחת חומרה + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## קריטריונים **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. diff --git a/i18n/he/os/android-overview.md b/i18n/he/os/android-overview.md index bb74747f..11f2b9a4 100644 --- a/i18n/he/os/android-overview.md +++ b/i18n/he/os/android-overview.md @@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - מזהיר אותך לגבי יישומים לא מאומתים +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### עדכוני מערכת Google Play diff --git a/i18n/hi/android/distributions.md b/i18n/hi/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/hi/android/distributions.md +++ b/i18n/hi/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/hi/mobile-phones.md b/i18n/hi/mobile-phones.md index 8713a4da..56d8d68b 100644 --- a/i18n/hi/mobile-phones.md +++ b/i18n/hi/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/hi/os/android-overview.md b/i18n/hi/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/hi/os/android-overview.md +++ b/i18n/hi/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/hu/android/distributions.md b/i18n/hu/android/distributions.md index 76116d2b..d2cb5964 100644 --- a/i18n/hu/android/distributions.md +++ b/i18n/hu/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/hu/mobile-phones.md b/i18n/hu/mobile-phones.md index d02a86d6..c72a461b 100644 --- a/i18n/hu/mobile-phones.md +++ b/i18n/hu/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Követelmények **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. diff --git a/i18n/hu/os/android-overview.md b/i18n/hu/os/android-overview.md index 58ecb1e2..59b9a239 100644 --- a/i18n/hu/os/android-overview.md +++ b/i18n/hu/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/id/android/distributions.md b/i18n/id/android/distributions.md index 286739a5..eff8d6cb 100644 --- a/i18n/id/android/distributions.md +++ b/i18n/id/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/id/mobile-phones.md b/i18n/id/mobile-phones.md index d9da8ca4..ec97ae43 100644 --- a/i18n/id/mobile-phones.md +++ b/i18n/id/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Kriteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan penelitian sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda. diff --git a/i18n/id/os/android-overview.md b/i18n/id/os/android-overview.md index 62da2092..f4428e60 100644 --- a/i18n/id/os/android-overview.md +++ b/i18n/id/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/it/android/distributions.md b/i18n/it/android/distributions.md index 790a8983..24bb67cd 100644 --- a/i18n/it/android/distributions.md +++ b/i18n/it/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "I Migliori Sistemi Operativi Android – Privacy Guides" -title: "Distribuzioni Alternative" +title: Distribuzioni Alternative description: Puoi sostituire il sistema operativo del tuo telefono Android con queste alternative sicure e rispettose della privacy. schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ Consigliamo di installare GrapheneOS se hai un Google Pixel, perché migliora la GrapheneOS offre un ulteriore miglioramento della privacy e della [sicurezza](https://en.wikipedia.org/wiki/Hardening_\(computing\)). Dispone di un [allocatore di memoria rafforzato](https://github.com/GrapheneOS/hardened_malloc), permessi per rete e sensori, e altre [funzionalità di sicurezza](https://grapheneos.org/features). GrapheneOS include anche aggiornamenti firmware completi e build firmate, quindi il Verified Boot è completamente supportato. -[:octicons-home-16: Pagina principale](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Informativa Sulla Privacy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentazione} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Codice Sorgente" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuisci } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS consente l’uso di [Google Play in una sandbox](https://grapheneos.org/usage#sandboxed-google-play), che esegue Google Play Services isolati come qualsiasi altra app. In questo modo è possibile utilizzare la maggior parte dei servizi di Google Play Services, come le notifiche push, dandoti un controllo completo sui loro permessi e autorizzazioni, e limitandoli a un [profilo di lavoro](../os/android-overview.md#work-profile) o a un [profilo utente](../os/android-overview.md#user-profiles) a tua scelta. -Al momento, solo i [telefoni Google Pixel](../mobile-phones.md#google-pixel) soddisfano i [requisiti di sicurezza hardware](https://grapheneos.org/faq#future-devices) di GrapheneOS. +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks Per impostazione predefinita, Android effettua molte connessioni di rete verso Google per verificare che il DNS funzioni correttamente, sincronizzarsi con l’orario di rete, verificare la connessione e svolgere altri compiti in background. GrapheneOS sostituisce queste connessioni con server gestiti da loro e soggetti alla loro informativa sulla privacy. Questo nasconde informazioni come il tuo indirizzo IP [a Google](../basics/common-threats.md#privacy-from-service-providers), ma rende facile per un amministratore di rete o per il provider Internet vedere che ti stai collegando a grapheneos.network, grapheneos.org, ecc., e capire quale sistema operativo stai usando. diff --git a/i18n/it/mobile-phones.md b/i18n/it/mobile-phones.md index 8e7c641d..aab4a05c 100644 --- a/i18n/it/mobile-phones.md +++ b/i18n/it/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Sicurezza Hardware + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteri **Ti preghiamo di notare che non siamo affiliati con alcun progetto che consigliamo.** Oltre ai nostri [criteri standard](about/criteria.md), abbiamo sviluppato un chiaro insieme di requisiti per consentirci di fornire dei consigli oggettivi. Ti suggeriamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e di condurre le tue ricerche per assicurarti che si tratti della scelta adatta a te. diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md index b17389c2..a3ee0481 100644 --- a/i18n/it/os/android-overview.md +++ b/i18n/it/os/android-overview.md @@ -143,6 +143,7 @@ Il Programma di Protezione Avanzata fornisce un migliore monitoraggio delle mina - Non permette l'installazione di app al di fuori del Google Play Store, dell'app store del fornitore del sistema operativo o tramite [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Scansione automatica obbligatoria del dispositivo con [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Avviso sulle applicazioni non verificate +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Aggiornamenti di Sistema di Google Play diff --git a/i18n/ja/android/distributions.md b/i18n/ja/android/distributions.md index f778689c..305db9b9 100644 --- a/i18n/ja/android/distributions.md +++ b/i18n/ja/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "一番良いAndroidのオペレーティングシステム - Privacy Guides" -title: "別のディストリビューション" +title: 別のディストリビューション description: 本記事で紹介する安全かつプライバシー重視のOSで自分のAndroidスマホのOSを置き換えることができます。 schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ Google Pixelを使用している人は、セキュリティが強化され、 GrapheneOSでは、[セキュリティが強化(ハードニング)](https://ja.wikipedia.org/wiki/%E3%83%8F%E3%83%BC%E3%83%89%E3%83%8B%E3%83%B3%E3%82%B0)され、プライバシーが改善されています。 [ハードニングされたメモリアロケータ](https://github.com/GrapheneOS/hardened_malloc)、ネットワークとセンサーの権限管理機能、その他のさまざまな[セキュリティ機能](https://grapheneos.org/features)を備えています。 さらに、ファームウェアアップデートがすべて含まれ、ビルドも署名付きのため、セキュアブートに完全対応しています。 -[:octicons-home-16: ホームページ](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="プライバシーポリシー" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=ドキュメント} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="ソースコード" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=支援 } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOSでは、[サンドボックス化されたGoogle Play](https://grapheneos.org/usage#sandboxed-google-play)を使うことができます。これは、Google Playサービスを他のアプリと同じように完全にサンドボックス化して実行するものです。 サンドボックス化により、プッシュ通知などほとんどのGoogle Playサービスが利用可能でありながら、Playサービスの権限やアクセスを完全に制御することができ、また、自由に特定の[仕事用プロファイル](../os/android-overview.md#work-profile)や[ユーザープロファイル](../os/android-overview.md#user-profiles)の中に隔離することができます。 -現在、GrapheneOSの[ハードウェアセキュリティ要件](https://grapheneos.org/faq#future-devices)を満たすデバイスは、[Google Pixelスマートフォン](../mobile-phones.md#google-pixel)のみです。 +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks デフォルトでAndroidは、DNS接続確認やネットワーク現在時刻の同期、ネットワーク接続確認など、色々なバックグラウンドタスクのために、Googleに頻繁にネットワーク接続を行います。 GrapheneOSでは、この通信先がGrapheneOSが運営するサーバーに変更されます。この通信は、GrapheneOSのプライバシーポリシーに従って管理されます。 これにより、あなたのIPアドレスなどの情報が[Googleから](../basics/common-threats.md#privacy-from-service-providers)見えなくなりますが、逆にネットワーク管理者やISPからは、あなたが`grapheneos.network`や`grapheneos.org`などに接続しているのが観測できるため、GrapheneOSを使用していることが容易に推測できてしまいます。 diff --git a/i18n/ja/mobile-phones.md b/i18n/ja/mobile-phones.md index 11249c7f..a314a359 100644 --- a/i18n/ja/mobile-phones.md +++ b/i18n/ja/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### ハードウェアセキュリティ + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## 規準 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. プロジェクトを利用する前に、このリストをよく理解し、ご自身で調査を行って、そのプロジェクトがあなたにとって適切な選択かどうかをご確認ください。 diff --git a/i18n/ja/os/android-overview.md b/i18n/ja/os/android-overview.md index 63e8e577..79d3b845 100644 --- a/i18n/ja/os/android-overview.md +++ b/i18n/ja/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play システム アップデート diff --git a/i18n/ko/android/distributions.md b/i18n/ko/android/distributions.md index 51253dd7..e3a805ab 100644 --- a/i18n/ko/android/distributions.md +++ b/i18n/ko/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/ko/mobile-phones.md b/i18n/ko/mobile-phones.md index 510cb337..7138cea0 100644 --- a/i18n/ko/mobile-phones.md +++ b/i18n/ko/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## 평가 기준 **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. 어떠한 프로젝트를 선택해 사용하기 전에, 이러한 요구 사항들을 숙지하고 여러분 스스로 조사하는 과정을 거쳐 적절한 선택을 하시기 바랍니다. diff --git a/i18n/ko/os/android-overview.md b/i18n/ko/os/android-overview.md index 85e0bd2d..8afa486b 100644 --- a/i18n/ko/os/android-overview.md +++ b/i18n/ko/os/android-overview.md @@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - 검증되지 않은 애플리케이션에 대한 경고 표시 +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play 시스템 업데이트 diff --git a/i18n/ku-IQ/android/distributions.md b/i18n/ku-IQ/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/ku-IQ/android/distributions.md +++ b/i18n/ku-IQ/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/ku-IQ/mobile-phones.md b/i18n/ku-IQ/mobile-phones.md index 8713a4da..56d8d68b 100644 --- a/i18n/ku-IQ/mobile-phones.md +++ b/i18n/ku-IQ/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/ku-IQ/os/android-overview.md b/i18n/ku-IQ/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/ku-IQ/os/android-overview.md +++ b/i18n/ku-IQ/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/nl/android/distributions.md b/i18n/nl/android/distributions.md index f3766b0a..8bfbd356 100644 --- a/i18n/nl/android/distributions.md +++ b/i18n/nl/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternatieve Distributions" +title: Alternatieve Distributions description: Je kunt het besturingssysteem op jouw Android-telefoon vervangen door deze veilige en privacy respecterende alternatieven. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" } GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/nl/mobile-phones.md b/i18n/nl/mobile-phones.md index ff3edd72..7a26a654 100644 --- a/i18n/nl/mobile-phones.md +++ b/i18n/nl/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav -## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Wij stellen voor dat je jezelf vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat je de juiste keuze maakt. diff --git a/i18n/nl/os/android-overview.md b/i18n/nl/os/android-overview.md index f0f3e954..fdc6536c 100644 --- a/i18n/nl/os/android-overview.md +++ b/i18n/nl/os/android-overview.md @@ -143,6 +143,7 @@ Het geavanceerde beschermingsprogramma biedt verbeterde controle op bedreigingen - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Je waarschuwt voor niet geverifieerde toepassingen +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play Systeem Updates diff --git a/i18n/pl/advanced/dns-overview.md b/i18n/pl/advanced/dns-overview.md index 5c0e5ed3..bfa25438 100644 --- a/i18n/pl/advanced/dns-overview.md +++ b/i18n/pl/advanced/dns-overview.md @@ -55,7 +55,7 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer. -| No. | Time | Source | Destination | Protocol | Length | Info | +| No. | Time | Source | Destination | Protocol | Length | Informacja | | --- | -------- | --------- | ----------- | ------------ | ------ | ---------------------------------------------------------------------- | | 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | Wyszukiwarki | 104 | Standard query 0x58ba A privacyguides.org OPT | | 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | Wyszukiwarki | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT | diff --git a/i18n/pl/advanced/payments.md b/i18n/pl/advanced/payments.md index 2629b255..af540eff 100644 --- a/i18n/pl/advanced/payments.md +++ b/i18n/pl/advanced/payments.md @@ -47,7 +47,7 @@ These tend to be good options for recurring/subscription payments online, while Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose.
-

Danger

+

Zagrożenie

The vast majority of cryptocurrencies operate on a **transparent** blockchain, meaning that every transaction's details are public knowledge. This includes most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. diff --git a/i18n/pl/android/distributions.md b/i18n/pl/android/distributions.md index 45e9ec9e..c47a895c 100644 --- a/i18n/pl/android/distributions.md +++ b/i18n/pl/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/pl/android/general-apps.md b/i18n/pl/android/general-apps.md index 588d1a3f..8e62b3a4 100644 --- a/i18n/pl/android/general-apps.md +++ b/i18n/pl/android/general-apps.md @@ -93,7 +93,7 @@ Main privacy features include: - Microphone permission not required unless you want to record sound
-

Note

+

Uwaga

Metadata is not currently deleted from video files, but that is planned. diff --git a/i18n/pl/basics/account-creation.md b/i18n/pl/basics/account-creation.md index fd94a80a..bd829614 100644 --- a/i18n/pl/basics/account-creation.md +++ b/i18n/pl/basics/account-creation.md @@ -30,7 +30,7 @@ There are usually multiple ways to sign up for an account, each with their own b The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords.
-

Tip

+

Porada

You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. diff --git a/i18n/pl/basics/common-misconceptions.md b/i18n/pl/basics/common-misconceptions.md index 31b1b249..bb1da879 100644 --- a/i18n/pl/basics/common-misconceptions.md +++ b/i18n/pl/basics/common-misconceptions.md @@ -80,7 +80,7 @@ One of the clearest threat models is one where people *know who you are* and one We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
-

Tip

+

Porada

When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. diff --git a/i18n/pl/basics/common-threats.md b/i18n/pl/basics/common-threats.md index f6fae387..e2b21cb5 100644 --- a/i18n/pl/basics/common-threats.md +++ b/i18n/pl/basics/common-threats.md @@ -72,7 +72,7 @@ When it comes to application security, we generally don't (and sometimes can't) To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control.
-

Tip

+

Porada

Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. @@ -87,7 +87,7 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS ha Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies.
-

Tip

+

Porada

By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. @@ -102,7 +102,7 @@ If you are concerned about **physical attacks** you should use an operating syst Supply chain attacks are frequently a form of :material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
-

Example

+

Przykład

A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network. @@ -214,7 +214,7 @@ Censorship on corporate platforms is increasingly common, as platforms like Twit People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../social-networks.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
-

Tip

+

Porada

While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. diff --git a/i18n/pl/basics/hardware.md b/i18n/pl/basics/hardware.md index abb3bcdc..99d54901 100644 --- a/i18n/pl/basics/hardware.md +++ b/i18n/pl/basics/hardware.md @@ -38,7 +38,7 @@ If you build your own PC, you may need to manually update your motherboard's fir Most computers and phones come equipped with a TPM (or a similar secure cryptoprocessor) which safely stores your encryption keys and handles other security-related functions. If you're currently using a machine that doesn't have one of these, you might benefit from purchasing a newer computer that has this feature. Some desktop and server motherboards have a "TPM header" which can accept a small accessory board containing the TPM.
-

Note

+

Uwaga

Virtual TPMs are susceptible to side-channel attacks and external TPMs, as a result of being separate from the CPU on the motherboard, are vulnerable to [sniffing](https://pulsesecurity.co.nz/articles/TPM-sniffing) when an attacker has access to the hardware. The solution to this problem is to include the secure processor inside the CPU itself, which is the case for Apple's chips and Microsoft's [Pluton](https://microsoft.com/en-us/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs). @@ -137,7 +137,7 @@ You may find it useful to go around your home and make a list of every connected Your router handles all your network traffic and acts as your first line of defense between you and the open internet.
-

Note

+

Uwaga

A lot of routers come with storage to put your files on so you can access them from any computer on your network. We recommend you don't use networking devices for things other than networking. In the event your router was compromised, your files would also be compromised. diff --git a/i18n/pl/basics/passwords-overview.md b/i18n/pl/basics/passwords-overview.md index 75852b8e..4eb7a9c3 100644 --- a/i18n/pl/basics/passwords-overview.md +++ b/i18n/pl/basics/passwords-overview.md @@ -52,7 +52,7 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve To generate a diceware passphrase using real dice, follow these steps:
-

Note

+

Uwaga

These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. diff --git a/i18n/pl/cryptocurrency.md b/i18n/pl/cryptocurrency.md index e69cab60..08687fe5 100644 --- a/i18n/pl/cryptocurrency.md +++ b/i18n/pl/cryptocurrency.md @@ -16,7 +16,7 @@ Making payments online is one of the biggest challenges to privacy. These crypto [Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
-

Danger

+

Zagrożenie

Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. diff --git a/i18n/pl/device-integrity.md b/i18n/pl/device-integrity.md index 5ff87e93..9d41ed37 100644 --- a/i18n/pl/device-integrity.md +++ b/i18n/pl/device-integrity.md @@ -53,7 +53,7 @@ These tools provide analysis based on the information they have the ability to a External verification tools run on your computer and scan your mobile device for forensic traces, which are helpful to identify potential compromise.
-

Danger

+

Zagrożenie

Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security. diff --git a/i18n/pl/email.md b/i18n/pl/email.md index bda22041..2735cb1a 100644 --- a/i18n/pl/email.md +++ b/i18n/pl/email.md @@ -22,11 +22,11 @@ Korzystanie z poczty e-mail jest praktycznie niezbędne do używania większośc Do pozostałych zastosowań zalecamy różnorodne usługi e-mail, oparte na zrównoważonych modelach biznesowych i wyposażone we wbudowane funkcje bezpieczeństwa oraz prywatności. Pełną [listę kryteriów](#criteria) znajdziesz w dalszej części strony. -| Dostawca | OpenPGP / WKD | IMAP / SMTP | Szyfrowanie z zerowym dostępem | Anonimowe metody płatności | -| ------------------------------- | -------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | -| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko w płatnych planach | :material-check:{ .pg-green } | Cash
Monero via third party | -| [Poczta Mailbox](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko poczta | Gotówka | -| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero via third party
Cash via third party | +| Dostawca | OpenPGP / WKD | IMAP / SMTP | Szyfrowanie z zerowym dostępem | Anonimowe metody płatności | +| ------------------------------- | -------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------- | ---------------------------------------------------------- | +| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko w płatnych planach | :material-check:{ .pg-green } | Gotówka
Monero przez pośrednika | +| [Poczta Mailbox](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Tylko poczta | Gotówka | +| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero przez pośrednika
Gotówka przez pośrednika | Oprócz (lub zamiast) jednego z wymienionych tutaj dostawców usług e-mail, możesz rozważyć skorzystanie z dedykowanej [usługi aliasingu e-maili](email-aliasing.md#recommended-providers) w celu zwiększenia swojej prywatności. Między innymi takie usługi pomagają chronić Twoją prawdziwą skrzynkę przed spamem, uniemożliwiają marketerom powiązanie Twoich kont oraz szyfrują wszystkie przychodzące wiadomości za pomocą PGP. @@ -85,22 +85,22 @@ Darmowy plan Proton Free oferuje 500 MB miejsca na pocztę, które można bezpł
-Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) such as Thunderbird. Konta płatne obejmują funkcje takie jak Proton Mail Bridge, dodatkową przestrzeń dyskową oraz obsługę własnych domen. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](email-aliasing.md#simplelogin) Premium. +Konta bezpłatne mają pewne ograniczenia, takie jak brak możliwości wyszukiwania w treści wiadomości oraz brak dostępu do [Proton Mail Bridge](https://proton.me/pl/mail/bridge), który jest wymagany do korzystania z [zalecanego klienta poczty desktopowej](email-clients.md), np. Thunderbird. Konta płatne obejmują funkcje takie jak Proton Mail Bridge, dodatkową przestrzeń dyskową oraz obsługę własnych domen. Plan Proton Unlimited lub dowolny plan dla wielu użytkowników obejmuje darmowy dostęp do [SimpleLogin](email-aliasing.md#simplelogin) Premium. -A [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) was provided for Proton Mail's apps in November 2021 by [Securitum](https://research.securitum.com). +[Raport potwierdzający bezpieczeństwo](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) aplikacji Proton Mail został wydany 9 listopada 2021 roku przez firmę [Securitum](https://research.securitum.com). -Proton Mail has internal crash reports that are **not** shared with third parties and can be disabled. +Proton Mail gromadzi wewnętrzne raporty o awariach, które **nie są** udostępniane podmiotom trzecim i które mogą zostać wyłączone. -=== "Web" +=== "W przeglądarce" - From your inbox, select :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**. + Z poziomu skrzynki odbiorczej wybierz :gear: → **Wszystkie ustawienia** → **Konto** → **Bezpieczeństwo i prywatność** → **Prywatność i gromadzenie danych**. - [ ] Disable **Collect usage dignostics** - [ ] Disable **Send crash reports** -=== "Mobile" +=== "W aplikacji mobilnej" - From your inbox, select :material-menu: → :gear: **Settings** → select your username. + Z poziomu skrzynki odbiorczej wybierz :material-menu: → :gear: **Ustawienia** → wybierz swoją nazwę użytkownika. - [ ] Disable **Send crash reports** - [ ] Disable **Collect usage dignostics** @@ -141,9 +141,9 @@ Plan [Proton Unlimited](https://proton.me/pl/support/proton-plans#proton-unlimit
-![Mailbox Mail logo](assets/img/email/mailbox-mail.svg){ align=right } +![Logo Mailbox.org](assets/img/email/mailbox-mail.svg){ align=right } -**Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. Działa od 2014 roku. Mailbox ma siedzibę w Berlinie, w Niemczech. +Poczta **Mailbox** (wcześniej **Mailbox.org**) to usługa e-mail skoncentrowana na bezpieczeństwie, braku reklam oraz korzystaniu w 100% z energii pochodzącej ze źródeł odnawialnych. Działa od 2014 roku. Mailbox ma siedzibę w Berlinie, w Niemczech. Konta oferują do 2 GB przestrzeni, którą można zwiększyć w razie potrzeby. @@ -246,7 +246,7 @@ Płatne konta Tuta pozwalają na użycie 15 lub 30 aliasów w zależności od pl #### :material-information-outline:{ .pg-blue } Prywatne metody płatności -Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](cryptocurrency.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore. +Tuta bezpośrednio akceptuje wyłącznie płatności kartą kredytową oraz przez PayPal. Jednak [**kryptowalutami**](cryptocurrency.md) można zapłacić pośrednio, kupując karty podarunkowe poprzez [współpracę](https://tuta.com/support/#cryptocurrency) z ProxyStore. #### :material-check:{ .pg-green } Bezpieczeństwo konta @@ -276,7 +276,7 @@ Tuta oferuje wersję biznesową swojej usługi [organizacjom non-profit](https:/ Poniższe funkcje uznajemy za istotne dla zapewnienia bezpiecznej i wydajnej usługi. Warto rozważyć, czy wybrany dostawca oferuje funkcje, których potrzebujesz. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Musi szyfrować dane kont e-mail w spoczynku przy użyciu szyfrowania z zerowym dostępem (zero-access encryption). - Musi umożliwiać eksport wiadomości e-mail w formacie [mbox](https://pl.wikipedia.org/wiki/Mbox) lub jako pojedyncze pliki .EML zgodne ze standardem [RFC5322](https://datatracker.ietf.org/doc/rfc5322). @@ -299,7 +299,7 @@ Poniższe funkcje uznajemy za istotne dla zapewnienia bezpiecznej i wydajnej us Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Musi chronić adres IP nadawcy, np. poprzez usuwanie go z nagłówka `Received`. - Nie może wymagać danych osobowych (PII) innych niż nazwa użytkownika i hasło. @@ -314,7 +314,7 @@ Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. Serwery pocztowe przetwarzają ogromne ilości wrażliwych danych. Oczekujemy, że dostawcy będą stosować najlepsze praktyki branżowe w celu ochrony swoich klientów. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Ochrona dostępu do webmaila z użyciem 2FA, np. [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp). - Szyfrowanie z zerowym dostępem, będące rozszerzeniem szyfrowania danych w spoczynku — dostawca nie posiada kluczy deszyfrujących dane, co uniemożliwia wyciek informacji przez nieuczciwego pracownika lub zewnętrznego atakującego po uzyskaniu nieautoryzowanego dostępu do serwera. @@ -347,7 +347,7 @@ Serwery pocztowe przetwarzają ogromne ilości wrażliwych danych. Oczekujemy, Nie powierzył(a)byś swoich finansów komuś o fałszywej tożsamości, więc po co powierzać mu swoje dane e-mail? Wymagamy, aby zalecani przez nas dostawcy ujawniali informacje o właścicielach lub kadrze zarządzającej. Doceniamy również regularne raporty przejrzystości, szczególnie w zakresie tego, jak obsługiwane są żądania organów państwowych. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Publicznie dostępne informacje o właścicielu lub kadrze kierowniczej. @@ -359,7 +359,7 @@ Nie powierzył(a)byś swoich finansów komuś o fałszywej tożsamości, więc p W przypadku polecanych przez nas dostawców poczty e-mail zwracamy uwagę na odpowiedzialne praktyki marketingowe. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Musi samodzielnie hostować analitykę (bez korzystania z Google Analytics, Adobe Analytics itp.). - Nie może stosować nieodpowiedzialnych działań marketingowych, w tym m.in.: diff --git a/i18n/pl/encryption.md b/i18n/pl/encryption.md index 80ce210c..48fe8c57 100644 --- a/i18n/pl/encryption.md +++ b/i18n/pl/encryption.md @@ -146,7 +146,7 @@ To enable BitLocker on "Home" editions of Windows, you must have partitions form ```
-

Tip

+

Porada

Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. diff --git a/i18n/pl/frontends.md b/i18n/pl/frontends.md index 0ed7967e..c2338429 100644 --- a/i18n/pl/frontends.md +++ b/i18n/pl/frontends.md @@ -33,14 +33,14 @@ When you are using an instance run by someone else, make sure to read the privac
-

Note

+

Uwaga

The [Old Reddit](https://old.reddit.com) website doesn't require as much JavaScript as the new Reddit website does, but it has recently blocked access to IP addresses reserved for public VPNs. You can use Old Reddit in conjunction with the [Tor](tor.md) Onion that was [launched in October 2022](https://forum.torproject.org/t/reddit-onion-service-launch/5305) at [https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion](https://old.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion).
-

Tip

+

Porada

Redlib is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. @@ -68,7 +68,7 @@ There are a number of public instances, with some that offer a [Tor](tor.md) oni
-

Tip

+

Porada

ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. @@ -107,7 +107,7 @@ Invidious does not proxy video streams by default. Videos watched through Invidi
-

Tip

+

Porada

Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](tor.md#tor-browser) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. @@ -134,7 +134,7 @@ Piped requires JavaScript in order to function and there are a number of public
-

Tip

+

Porada

Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension. It does not provide privacy by itself, and we don’t recommend logging into any accounts. diff --git a/i18n/pl/meta/admonitions.md b/i18n/pl/meta/admonitions.md index c0b40f35..7052cbc7 100644 --- a/i18n/pl/meta/admonitions.md +++ b/i18n/pl/meta/admonitions.md @@ -13,15 +13,15 @@ To jest przykład objaśnienia. Lorem ipsum dolor sit amet, consectetur adipisci
-Example Collapsible Admonition +Przykładowe objaśnienie zwijane -This is an example of a collapsible admonition. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa. +To jest przykład objaśnienia zwijanego. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor massa, nec semper lorem quam in massa.
-## Formatting +## Formatowanie -To add an admonition to a page, you can use the following code: +Aby dodać objaśnienie do strony, można użyć następującego kodu: ```markdown title="Admonition"
@@ -43,14 +43,14 @@ ENCLOSED TEXT The `TITLE` must be specified; if you don't want a specific title you can set it to the same text as the `TYPE` (see below) in title case, e.g. `Note`. The `ENCLOSED TEXT` should be Markdown formatted. -### Regular types +### Standardowe rodzaje upomnień Replace `TYPE` in the examples above with one of the following: #### `note`
-

Note

+

Uwaga

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -59,7 +59,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `abstract`
-

Abstract

+

Streszczenie

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -68,7 +68,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `info`
-

Info

+

Informacja

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -77,7 +77,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `tip`
-

Tip

+

Porada

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -86,7 +86,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `success`
-

Success

+

Sukces

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -95,7 +95,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `question`
-

Question

+

Pytanie

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -113,7 +113,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `failure`
-

Failure

+

Niepowodzenie

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -122,7 +122,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `danger`
-

Danger

+

Zagrożenie

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -131,7 +131,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `bug`
-

Bug

+

Błąd

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -140,7 +140,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `example`
-

Example

+

Przykład

Lorem ipsum dolor sit amet, consectetur adipiscing elit. @@ -149,17 +149,17 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `quote`
-

Quote

+

Cytat

Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-### Special Types +### Specjalne rodzaje upomnień #### `recommendation` -This format is used to generate recommendation cards. Notably it is missing the `

` element. +Format ten służy do tworzenia kart zaleceń. Należy zauważyć, że brakuje w nim elementu `

`. ```markdown title="Recommendation Card"

@@ -180,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
-![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right } +![Logo PhotoPrism](../assets/img/self-hosting/photoprism.svg){ align=right } **PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control. @@ -244,7 +244,7 @@ Throughout the site, you may see some admonitions formatted like the following e
-

Note

+

Uwaga

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla et euismod nulla. Curabitur feugiat, tortor non consequat finibus, justo purus auctor diff --git a/i18n/pl/mobile-phones.md b/i18n/pl/mobile-phones.md index 579742b7..692320c4 100644 --- a/i18n/pl/mobile-phones.md +++ b/i18n/pl/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Kryteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/pl/news-aggregators.md b/i18n/pl/news-aggregators.md index c74fd291..58ad9440 100644 --- a/i18n/pl/news-aggregators.md +++ b/i18n/pl/news-aggregators.md @@ -153,7 +153,7 @@ Some social media services also support RSS, although it's not often advertised. Reddit allows you to subscribe to Subreddits via RSS.
-

Example

+

Przykład

Replace `[SUBREDDIT]` with the Subreddit you wish to subscribe to. @@ -168,7 +168,7 @@ https://reddit.com/r/[SUBREDDIT]/new/.rss You can subscribe to YouTube channels without logging in and associating usage information with your Google account.
-

Example

+

Przykład

To subscribe to a YouTube channel with an RSS client, first look for its [channel code](https://support.google.com/youtube/answer/6180214). The channel code can be found in the expanded description (i.e., the "About" section) of the YouTube channel you wish to subscribe to: **About** → **Share channel** → **Copy channel ID**. Replace `[CHANNEL ID]` below: diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md index 2a11177f..1184d054 100644 --- a/i18n/pl/os/android-overview.md +++ b/i18n/pl/os/android-overview.md @@ -82,7 +82,7 @@ If an app is mostly a web-based service, the tracking may occur on the server si
-

Note

+

Uwaga

Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all the analytics features that are provided by Google Firebase Analytics. @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Aktualizacje systemowe Google Play diff --git a/i18n/pl/passwords.md b/i18n/pl/passwords.md index 4c8ce560..95227f25 100644 --- a/i18n/pl/passwords.md +++ b/i18n/pl/passwords.md @@ -131,7 +131,7 @@ schema: [Introduction to Passwords :material-arrow-right-drop-circle:](basics/passwords-overview.md)
-

Info

+

Informacja

Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features that standalone offerings have. diff --git a/i18n/pl/self-hosting/file-management.md b/i18n/pl/self-hosting/file-management.md index b0fe175d..63dc8618 100644 --- a/i18n/pl/self-hosting/file-management.md +++ b/i18n/pl/self-hosting/file-management.md @@ -18,7 +18,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
-![PhotoPrism logo](../assets/img/self-hosting/photoprism.svg){ align=right } +![Logo PhotoPrism](../assets/img/self-hosting/photoprism.svg){ align=right } **PhotoPrism** is a platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control. @@ -74,7 +74,7 @@ Self-hosting your own **file management** tools may be a good idea to reduce the
-

Danger

+

Zagrożenie

We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. diff --git a/i18n/pl/tor.md b/i18n/pl/tor.md index 1b14ce1d..3b187ea8 100644 --- a/i18n/pl/tor.md +++ b/i18n/pl/tor.md @@ -34,7 +34,7 @@ schema: [Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button.md-button--primary} [:material-movie-open-play-outline: Video: Why You Need Tor](https://www.privacyguides.org/videos/2025/03/02/why-you-need-tor ""){.md-button}
-

Tip

+

Porada

Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity. @@ -74,7 +74,7 @@ If more complete anonymity is paramount to your situation, you should **only** b
-

Danger

+

Zagrożenie

You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). diff --git a/i18n/pl/vpn.md b/i18n/pl/vpn.md index c55cf1d1..b6971301 100644 --- a/i18n/pl/vpn.md +++ b/i18n/pl/vpn.md @@ -23,7 +23,7 @@ Korzystanie z VPN **nie** uczyni Twojej aktywności w sieci anonimową ani nie z Jeśli zależy Ci na **anonimowości**, skorzystaj z przeglądarki Tor Browser. Jeśli zależy Ci na dodatkowym **bezpieczeństwie**, zawsze upewnij się, że łączysz się z witrynami za pomocą HTTPS. VPN nie zastępuje dobrych praktyk w zakresie bezpieczeństwa. -[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } +[Wprowadzenie do Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Mity dot. sieci Tor i FAQ](advanced/tor-overview.md){ .md-button }
@@ -47,10 +47,10 @@ Zalecani przez nas dostawcy stosują szyfrowanie, obsługują WireGuard i OpenVP **Proton VPN** to mocny gracz na rynku VPN, działający od 2016 roku. Firma Proton AG ma siedzibę w Szwajcarii i oferuje zarówno ograniczoną darmową wersję, jak i pełniejszą wersję premium. -[:octicons-home-16: Homepage](https://protonvpn.com){ .md-button .md-button--primary } -[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://protonvpn.com/support){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } +[:octicons-home-16: Strona główna](https://protonvpn.com/pl){ .md-button .md-button--primary } +[:octicons-eye-16:](https://protonvpn.com/pl/privacy-policy){ .card-link title="Polityka prywatności" } +[:octicons-info-16:](https://protonvpn.com/support/pl){ .card-link title="Dokumentacja" } +[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Kod źródłowy" }
Pobierz @@ -290,37 +290,37 @@ Mullvad zachowuje pełną przejrzystość w kwestii tego, które węzły [posiad

Zagrożenie

-Ważne jest, aby pamiętać, że korzystanie z usług dostawcy VPN nie zapewni anonimowości, ale zapewni lepszą prywatność w niektórych sytuacjach. VPN nie jest narzędziem do nielegalnych działań. Nie polegaj na polityce "no log". +Ważne jest, aby pamiętać, że korzystanie z dostawcy usługi VPN nie czyni Cię anonimowym, choć w pewnych sytuacjach zwiększy Twoją prywatność. VPN nie jest narzędziem do działań niezgodnych z prawem. Nie polegaj na polityce „braku logów”.
-**Należy pamiętać, że nie jesteśmy powiązani z żadnym z polecanych przez nas dostawców. Pozwala nam to zapewnić całkowicie obiektywne rekomendacje.** Oprócz [naszych standardowych kryteriów](about/criteria.md), opracowaliśmy jasny zestaw wymagań dla każdego dostawcy VPN, który chce być rekomendowany, w tym silne szyfrowanie, niezależne audyty bezpieczeństwa, nowoczesną technologię i wiele innych. Zalecamy zapoznanie się z tą listą przed wyborem dostawcy VPN i przeprowadzenie własnych badań, aby upewnić się, że wybrany dostawca VPN jest tak godny zaufania, jak to tylko możliwe. +**Należy pamiętać, że nie jesteśmy powiązani z żadnym z polecanych przez nas dostawców. Pozwala nam to formułować całkowicie obiektywne zalecenia.** Oprócz [naszych standardowych kryteriów](about/criteria.md), opracowaliśmy jasny zestaw wymagań, które musi spełniać dostawca usługi VPN, aby mógł być przez nas polecany — obejmują one wdrożenie silnego szyfrowania, niezależnych audytów bezpieczeństwa, nowoczesnych technologii i nie tylko. Sugerujemy zapoznanie się z tą listą przed wyborem dostawcy usługi VPN i przeprowadzenie własnych badań, aby upewnić się, że wybrany dostawca jest jak najbardziej godny zaufania. ### Technologia -Wymagamy, aby wszyscy nasi rekomendowani dostawcy VPN dostarczali standardowe pliki konfiguracyjne, które mogą być używane w ogólnym kliencie open-source. **Jeśli** VPN udostępnia własnego klienta, wymagamy kill switch, aby zablokować wycieki danych sieciowych po rozłączeniu. +Wymagamy, aby wszyscy zalecani przez nas dostawcy VPN udostępniali standardowe pliki konfiguracyjne, które można wykorzystać w uniwersalnym kliencie VPN typu open-source. **Jeśli** dostawca udostępnia własną aplikację, musi ona mieć wbudowany tzw. „kill switch”, który blokuje przesyłanie danych po utracie połączenia z VPN, zapobiegając wyciekom ruchu sieciowego. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Obsługa silnych protokołów, takich jak WireGuard. -- Kill Switch wbudowany w klientów. -- Wsparcie Wielokrotnego Przeskoku. Wielokrotny Przeskok jest ważny, aby zachować prywatność danych w przypadku naruszenia bezpieczeństwa pojedynczego węzła. -- Jeśli klienci VPN są dostarczani, powinni być [open source](https://en.wikipedia.org/wiki/Open_source), podobnie jak oprogramowanie VPN, które zazwyczaj jest w nich wbudowane. Uważamy, że dostępność [kodu źródłowego](https://en.wikipedia.org/wiki/Source_code) zapewnia większą przejrzystość tego, co program faktycznie robi. -- Funkcje odporności na cenzurę zaprojektowane do omijania zapór sieciowych bez DPI. +- Wbudowany kill switch w swoich aplikacjach. +- Obsługa multi-hop (łączenie przez wiele serwerów), co zwiększa prywatność w razie kompromitacji jednego z węzłów. +- Jeśli dostawca oferuje własne aplikacje, powinny być one [open source](https://en.wikipedia.org/wiki/Open_source), podobnie jak oprogramowanie VPN, na którym zazwyczaj są oparte. Wierzymy, że dostępność [kodu źródłowego](https://en.wikipedia.org/wiki/Source_code) zapewnia większą przejrzystość i możliwość weryfikacji działania programu. +- Funkcje odporne na cenzurę, zaprojektowane tak, aby omijać zapory sieciowe bez konieczności analizy głębokiej zawartości pakietów (DPI). **Najlepszy scenariusz:** -- Kill Switch z wysoce konfigurowalnymi opcjami (włączanie/wyłączanie w określonych sieciach, podczas uruchamiania itp.) -- Łatwe w użyciu klienty VPN -- Obsługa protokołu [IPv6](https://en.wikipedia.org/wiki/IPv6). Oczekujemy, że serwery będą zezwalać na połączenia przychodzące przez IPv6 i umożliwiać dostęp do usług hostowanych na adresach IPv6. -- Możliwość [zdalnego przekierowania portów](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) pomaga w tworzeniu połączeń podczas korzystania z oprogramowania do udostępniania plików P2P[(Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) lub hostowania serwera (np. Mumble). -- Technologia zaciemniania, która kamufluje prawdziwą naturę ruchu internetowego, zaprojektowana w celu obejścia zaawansowanych metod cenzury internetowej, takich jak DPI. +- Kill switch z rozbudowanymi opcjami konfiguracji (np. włączenie/wyłączenie w określonych sieciach, uruchamianie przy starcie systemu itp.). +- Łatwe w obsłudze aplikacje VPN. +- Obsługa protokołu [IPv6](https://en.wikipedia.org/wiki/IPv6). Oczekujemy, że serwery umożliwiają zarówno połączenia przychodzące przez IPv6, jak i dostęp do usług działających w tej sieci. +- Możliwość [zdalnego przekierowywania portów](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding), co ułatwia tworzenie połączeń w aplikacjach typu P2P ([peer-to-peer](https://en.wikipedia.org/wiki/Peer-to-peer)) lub przy hostowaniu własnych usług (np. serwera Mumble). +- Technologia zaciemniania ruchu, która maskuje rzeczywisty charakter przesyłanych danych i pozwala obejść zaawansowane formy cenzury internetowej, takie jak DPI. ### Prywatność Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. Wymagane jest nie gromadzenie danych osobowych podczas rejestracji i akceptowanie anonimowych form płatności. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - [Anonimowa kryptowaluta](cryptocurrency.md) **lub** opcja płatności gotówką. - Do rejestracji nie są wymagane żadne dane osobowe: Co najwyżej nazwa użytkownika, hasło i adres e-mail. @@ -334,7 +334,7 @@ Preferujemy dostawców, którzy gromadzą możliwie najmniej danych. Wymagane je VPN nie ma sensu, jeśli nie może nawet zapewnić odpowiedniego bezpieczeństwa. Od wszystkich rekomendowanych przez nas dostawców wymagamy przestrzegania aktualnych standardów bezpieczeństwa. Idealnie byłoby, gdyby domyślnie używały bardziej przyszłościowych schematów szyfrowania. Wymagamy również, aby niezależna strona trzecia przeprowadziła audyt bezpieczeństwa dostawcy, najlepiej w bardzo kompleksowy sposób i w sposób powtarzalny (corocznie). -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Silne schematy szyfrowania: OpenVPN z uwierzytelnianiem SHA-256; RSA-2048 lub lepszy handshake; szyfrowanie danych AES-256-GCM lub AES-256-CBC. - Utajnianie z wyprzedzeniem. @@ -367,7 +367,7 @@ Nie powierzyłbyś swoich finansów komuś z fałszywą tożsamością, więc po W przypadku polecanych przez nas dostawców VPN lubimy widzieć odpowiedzialny marketing. -**Minimum do zakwalifikowania się:** +**Minimalne wymagania:** - Musi samodzielnie hostować analitykę (tj. bez Google Analytics). diff --git a/i18n/pt-BR/android/distributions.md b/i18n/pt-BR/android/distributions.md index 83be5c66..dd680dda 100644 --- a/i18n/pt-BR/android/distributions.md +++ b/i18n/pt-BR/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "Os melhores sistemas operacionais Android - Privacy Guides" -title: "Distribuições alternativas" +title: Distribuições alternativas description: Você pode substituir o sistema operacional do seu telefone Android por essas alternativas seguras e que respeitam a privacidade. schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ Recomendamos que você instale o GrapheneOS se tiver um Google Pixel, pois ele o O GrapheneOS oferece melhorias adicionais de [reforço de segurança](https://en.wikipedia.org/wiki/Hardening_\(computing\)) e privacidade. Tem um [alocador de memória endurecido](https://github.com/GrapheneOS/hardened_malloc), rede e permissões de sensor e vários outros [recursos de segurança](https://grapheneos.org/features). O GrapheneOS também vem com atualizações completas de firmware e compilações assinadas, então a inicialização verificada é totalmente suportada. -[:octicons-home-16: Página Inicial](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de Privacidade" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentação} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código Fonte" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS suporta [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), que executa o Google Play Services com sandbox total como qualquer outro aplicativo regular. Isso significa que você pode aproveitar a maioria dos serviços do Google Play, como as notificações por push, ao mesmo tempo em que lhe dá controle total sobre as permissões e o acesso a eles e os restringe a um [perfil de trabalho](../os/android-overview.md#work-profile) ou [perfil de usuário](../os/android-overview.md#user-profiles) específico de sua escolha. -Os [telefones Google Pixel](../mobile-phones.md#google-pixel) são os únicos dispositivos que atualmente atendem aos [requisitos de segurança de hardware] do GrapheneOS(https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks Por padrão, o Android faz muitas conexões de rede com o Google para realizar verificações de conectividade DNS, para sincronizar com a hora atual da rede, para verificar sua conectividade de rede e para muitas outras tarefas em segundo plano. A GrapheneOS os substitui por conexões com servidores operados pela GrapheneOS e sujeitos à sua política de privacidade. Isso oculta informações como seu endereço IP [do Google](../basics/common-threats.md#privacy-from-service-providers), mas significa que é trivial para um administrador da sua rede ou ISP ver que você está fazendo conexões com `grapheneos.network`, `grapheneos.org`, etc. e deduzir qual sistema operacional você está usando. diff --git a/i18n/pt-BR/mobile-phones.md b/i18n/pt-BR/mobile-phones.md index 18becf8f..0000ec4a 100644 --- a/i18n/pt-BR/mobile-phones.md +++ b/i18n/pt-BR/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md index 7fa0f8ce..335bca5c 100644 --- a/i18n/pt-BR/os/android-overview.md +++ b/i18n/pt-BR/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/pt/android/distributions.md b/i18n/pt/android/distributions.md index 2e47e310..9627090a 100644 --- a/i18n/pt/android/distributions.md +++ b/i18n/pt/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/pt/mobile-phones.md b/i18n/pt/mobile-phones.md index 3a19be08..3517e47c 100644 --- a/i18n/pt/mobile-phones.md +++ b/i18n/pt/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Framadate **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md index 23e9da85..9c59dc10 100644 --- a/i18n/pt/os/android-overview.md +++ b/i18n/pt/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/ru/android/distributions.md b/i18n/ru/android/distributions.md index 50e38886..ca23f753 100644 --- a/i18n/ru/android/distributions.md +++ b/i18n/ru/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ We recommend installing GrapheneOS if you have a Google Pixel as it provides imp GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_\(computing\)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported. -[:octicons-home-16: Домашняя страница](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Политика конфиденциальности" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Документация} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Исходный код" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Поддержать } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/ru/mobile-phones.md b/i18n/ru/mobile-phones.md index 1f83cd17..7c64e224 100644 --- a/i18n/ru/mobile-phones.md +++ b/i18n/ru/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Критерии **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора. diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md index 1c6433eb..278c4bf8 100644 --- a/i18n/ru/os/android-overview.md +++ b/i18n/ru/os/android-overview.md @@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Предупреждение о непроверенных приложениях +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Обновление Google Play diff --git a/i18n/sv/android/distributions.md b/i18n/sv/android/distributions.md index cd62e243..c4d22ebf 100644 --- a/i18n/sv/android/distributions.md +++ b/i18n/sv/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/sv/mobile-phones.md b/i18n/sv/mobile-phones.md index 959bd491..e68a83c2 100644 --- a/i18n/sv/mobile-phones.md +++ b/i18n/sv/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Kriterier **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md index 86123280..c3feff6e 100644 --- a/i18n/sv/os/android-overview.md +++ b/i18n/sv/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/tr/android/distributions.md b/i18n/tr/android/distributions.md index 664a91e2..cfd2972c 100644 --- a/i18n/tr/android/distributions.md +++ b/i18n/tr/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/tr/mobile-phones.md b/i18n/tr/mobile-phones.md index 0c7a58c3..be633fef 100644 --- a/i18n/tr/mobile-phones.md +++ b/i18n/tr/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Cep telefonları" +title: Cep telefonları icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Kriter **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz. diff --git a/i18n/tr/os/android-overview.md b/i18n/tr/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/tr/os/android-overview.md +++ b/i18n/tr/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/uk/android/distributions.md b/i18n/uk/android/distributions.md index 3b96a33f..9b2f32f2 100644 --- a/i18n/uk/android/distributions.md +++ b/i18n/uk/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/uk/mobile-phones.md b/i18n/uk/mobile-phones.md index 2419e679..38f15396 100644 --- a/i18n/uk/mobile-phones.md +++ b/i18n/uk/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/uk/os/android-overview.md b/i18n/uk/os/android-overview.md index 424f280d..7854a91b 100644 --- a/i18n/uk/os/android-overview.md +++ b/i18n/uk/os/android-overview.md @@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Попередження про неперевірені додатки +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Оновлення системи Google Play diff --git a/i18n/vi/android/distributions.md b/i18n/vi/android/distributions.md index 64a64a41..e7801a31 100644 --- a/i18n/vi/android/distributions.md +++ b/i18n/vi/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/vi/mobile-phones.md b/i18n/vi/mobile-phones.md index 3a19be08..3517e47c 100644 --- a/i18n/vi/mobile-phones.md +++ b/i18n/vi/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
-Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Framadate **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/vi/os/android-overview.md b/i18n/vi/os/android-overview.md index 4ff9761a..f3eaa048 100644 --- a/i18n/vi/os/android-overview.md +++ b/i18n/vi/os/android-overview.md @@ -143,6 +143,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - Warning you about unverified applications +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play System Updates diff --git a/i18n/zh-Hant/android/distributions.md b/i18n/zh-Hant/android/distributions.md index d6382caa..b2de58cd 100644 --- a/i18n/zh-Hant/android/distributions.md +++ b/i18n/zh-Hant/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "最佳 Android 作業系統 - Privacy Guides" -title: "替代作業系統" +title: 替代作業系統 description: 您可以使用這些安全且尊重隱私的替代方案來取代 Android 手機上的作業系統。 schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ robots: nofollow, max-snippet:-1, max-image-preview:large GrapheneOS 提供了額外的 [安全強化](https://zh.m.wikipedia.org/wiki/%E5%AE%89%E5%85%A8%E5%BC%B7%E5%8C%96) 和 隱私改進。 它有 [加固的記憶體分配器](https://github.com/GrapheneOS/hardened_malloc),網路、傳感器權限與各式[安全改進](https://grapheneos.org/features). GrapheneOS 還帶有完整的軔體更新與已簽名的構建版本,因此完全支援 Verified Boot 。 -[:octicons-home-16: 首頁](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="隱私權政策" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文檔} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="原始碼" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=捐款 } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS 支援 [沙盒化 Google Play](https://grapheneos.org/usage#sandboxed-google-play) ,他將 Google Play 服務 完全沙盒化,使其如同其他常規應用程式一樣運行。 這意味著可正常使用大多數 Google Play 服務 所提供的功能,像是 推送通知 ,同時讓您完全控制其存取能力和權限,並將其包含在所選的特定 [工作設定檔](../os/android-overview.md#work-profile) 或 [使用者設定檔](../os/android-overview.md#user-profiles) 。 -[Google Pixel系列](../mobile-phones.md#google-pixel) 是目前唯一符合 GrapheneOS [硬體安全要求](https://grapheneos.org/faq#future-devices) 的裝置。 +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks 預設情況下,Android 會與 Google 進行許多網路連線,以執行 DNS 連線檢查、同步目前的網路時間、檢查您的網路連線,以及其他許多背景工作。 GrapheneOS 不這麼做,他們通過讓作業系統與由其團隊所擁有的伺服器通訊來完成上述工作,這些伺服器遵守他們的隱私權政策 這能向 [Google](../basics/common-threats.md#privacy-from-service-providers) 隱藏您的資訊(例如:IP位置),但這意味著您的網路管理員或 ISP 的很容易看到您正在連線到 `grapheneos.network`、`grapheneos.org` 等,並推斷出您使用的作業系統。 diff --git a/i18n/zh-Hant/mobile-phones.md b/i18n/zh-Hant/mobile-phones.md index 26675caa..f4eb5390 100644 --- a/i18n/zh-Hant/mobile-phones.md +++ b/i18n/zh-Hant/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "手機" +title: 手機 icon: material/cellphone-check description: 這些行動裝置為客製化 Android 作業系統提供最佳的硬體安全支援。 cover: android.webp @@ -42,7 +42,7 @@ robots: nofollow, max-snippet:-1, max-image-preview:large
-## 採購建議 +## General Purchasing Advice 購買裝置時,我們建議盡可能購買全新的裝置。 行動裝置的軟體和韌體只能支援一段有限的時間,因此購買新裝置可以儘可能延長使用期限。 @@ -72,11 +72,15 @@ Google Pixel 手機是我們**唯一**推薦購買的裝置。 Pixel 手機擁
-Titan M2 之類的安全元件比其他大多數手機所使用的處理器可信執行環境更為有限,因為它們僅用於機密儲存、硬體驗證和速率限制,而非執行「可信賴」的程式。 沒有安全元件的手機必須使用 TEE 來執行**所有**這些功能,因此會產生較大的攻擊面。 +### 硬體安全 + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. 沒有安全元件的手機必須使用 TEE 來執行**所有**這些功能,因此會產生較大的攻擊面。 Google Pixel 手機使用的 TEE OS 名為 Trusty,與許多其他手機不同,它是[開放原始碼](https://source.android.com/security/trusty#whyTrusty)的。 -使用他們的 [線上安裝程式](https://grapheneos.org/install/web),在 Pixel 手機上安裝 GrapheneOS 非常簡單。 如果您不習慣自己動手,又願意多花一點錢,可以看看 [NitroPhone](https://shop.nitrokey.com/shop),因為它們預載了來自聲譽良好的 [Nitrokey](https://nitrokey.com/about) 公司的 GrapheneOS。 +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel 還有一些購買 Google Pixel 的小提醒: @@ -87,6 +91,8 @@ Google Pixel 手機使用的 TEE OS 名為 Trusty,與許多其他手機不同 這表示裝置使用時間越長,每天的成本就越低。 - 如果您所在的地區沒有 Pixel,[NitroPhone](https://shop.nitrokey.com/shop) 可以全球配送。 +使用他們的 [線上安裝程式](https://grapheneos.org/install/web),在 Pixel 手機上安裝 GrapheneOS 非常簡單。 如果您不習慣自己動手,又願意多花一點錢,可以看看 [NitroPhone](https://shop.nitrokey.com/shop),因為它們預載了來自聲譽良好的 [Nitrokey](https://nitrokey.com/about) 公司的 GrapheneOS。 + ## 標準 \*\*請注意,我們與推薦的任何項目均無關。\*\*除了[我們的通用標準](about/criteria.md)外,我們還制定了一套明確的要求,以便我們能夠提供客觀的建議。 我們建議您在選擇使用專案前先熟悉此清單,並自行研究,以確保它是適合您的選擇。 diff --git a/i18n/zh-Hant/os/android-overview.md b/i18n/zh-Hant/os/android-overview.md index 5d9dcd93..73f41446 100644 --- a/i18n/zh-Hant/os/android-overview.md +++ b/i18n/zh-Hant/os/android-overview.md @@ -143,6 +143,7 @@ Android 7 及以上版本支援 VPN kill switch,無需安裝第三方應用程 - 僅允許從 Google Play 商店、作業系統供應商的應用程式商店安裝應用程式(即便是 [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) 安裝 也不被允許) - 使用 [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) 強制自動設備掃描 - 針對未經驗證的應用程式向您發出警告 +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play 系统更新 diff --git a/i18n/zh-TW/android/distributions.md b/i18n/zh-TW/android/distributions.md index d6382caa..b2de58cd 100644 --- a/i18n/zh-TW/android/distributions.md +++ b/i18n/zh-TW/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "最佳 Android 作業系統 - Privacy Guides" -title: "替代作業系統" +title: 替代作業系統 description: 您可以使用這些安全且尊重隱私的替代方案來取代 Android 手機上的作業系統。 schema: - "@context": http://schema.org @@ -44,17 +44,21 @@ robots: nofollow, max-snippet:-1, max-image-preview:large GrapheneOS 提供了額外的 [安全強化](https://zh.m.wikipedia.org/wiki/%E5%AE%89%E5%85%A8%E5%BC%B7%E5%8C%96) 和 隱私改進。 它有 [加固的記憶體分配器](https://github.com/GrapheneOS/hardened_malloc),網路、傳感器權限與各式[安全改進](https://grapheneos.org/features). GrapheneOS 還帶有完整的軔體更新與已簽名的構建版本,因此完全支援 Verified Boot 。 -[:octicons-home-16: 首頁](https://grapheneos.org){ .md-button .md-button--primary } -[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="隱私權政策" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文檔} -[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="原始碼" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=捐款 } +[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } +[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } +[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS 支援 [沙盒化 Google Play](https://grapheneos.org/usage#sandboxed-google-play) ,他將 Google Play 服務 完全沙盒化,使其如同其他常規應用程式一樣運行。 這意味著可正常使用大多數 Google Play 服務 所提供的功能,像是 推送通知 ,同時讓您完全控制其存取能力和權限,並將其包含在所選的特定 [工作設定檔](../os/android-overview.md#work-profile) 或 [使用者設定檔](../os/android-overview.md#user-profiles) 。 -[Google Pixel系列](../mobile-phones.md#google-pixel) 是目前唯一符合 GrapheneOS [硬體安全要求](https://grapheneos.org/faq#future-devices) 的裝置。 +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks 預設情況下,Android 會與 Google 進行許多網路連線,以執行 DNS 連線檢查、同步目前的網路時間、檢查您的網路連線,以及其他許多背景工作。 GrapheneOS 不這麼做,他們通過讓作業系統與由其團隊所擁有的伺服器通訊來完成上述工作,這些伺服器遵守他們的隱私權政策 這能向 [Google](../basics/common-threats.md#privacy-from-service-providers) 隱藏您的資訊(例如:IP位置),但這意味著您的網路管理員或 ISP 的很容易看到您正在連線到 `grapheneos.network`、`grapheneos.org` 等,並推斷出您使用的作業系統。 diff --git a/i18n/zh-TW/mobile-phones.md b/i18n/zh-TW/mobile-phones.md index 26675caa..f4eb5390 100644 --- a/i18n/zh-TW/mobile-phones.md +++ b/i18n/zh-TW/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "手機" +title: 手機 icon: material/cellphone-check description: 這些行動裝置為客製化 Android 作業系統提供最佳的硬體安全支援。 cover: android.webp @@ -42,7 +42,7 @@ robots: nofollow, max-snippet:-1, max-image-preview:large
-## 採購建議 +## General Purchasing Advice 購買裝置時,我們建議盡可能購買全新的裝置。 行動裝置的軟體和韌體只能支援一段有限的時間,因此購買新裝置可以儘可能延長使用期限。 @@ -72,11 +72,15 @@ Google Pixel 手機是我們**唯一**推薦購買的裝置。 Pixel 手機擁
-Titan M2 之類的安全元件比其他大多數手機所使用的處理器可信執行環境更為有限,因為它們僅用於機密儲存、硬體驗證和速率限制,而非執行「可信賴」的程式。 沒有安全元件的手機必須使用 TEE 來執行**所有**這些功能,因此會產生較大的攻擊面。 +### 硬體安全 + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. 沒有安全元件的手機必須使用 TEE 來執行**所有**這些功能,因此會產生較大的攻擊面。 Google Pixel 手機使用的 TEE OS 名為 Trusty,與許多其他手機不同,它是[開放原始碼](https://source.android.com/security/trusty#whyTrusty)的。 -使用他們的 [線上安裝程式](https://grapheneos.org/install/web),在 Pixel 手機上安裝 GrapheneOS 非常簡單。 如果您不習慣自己動手,又願意多花一點錢,可以看看 [NitroPhone](https://shop.nitrokey.com/shop),因為它們預載了來自聲譽良好的 [Nitrokey](https://nitrokey.com/about) 公司的 GrapheneOS。 +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel 還有一些購買 Google Pixel 的小提醒: @@ -87,6 +91,8 @@ Google Pixel 手機使用的 TEE OS 名為 Trusty,與許多其他手機不同 這表示裝置使用時間越長,每天的成本就越低。 - 如果您所在的地區沒有 Pixel,[NitroPhone](https://shop.nitrokey.com/shop) 可以全球配送。 +使用他們的 [線上安裝程式](https://grapheneos.org/install/web),在 Pixel 手機上安裝 GrapheneOS 非常簡單。 如果您不習慣自己動手,又願意多花一點錢,可以看看 [NitroPhone](https://shop.nitrokey.com/shop),因為它們預載了來自聲譽良好的 [Nitrokey](https://nitrokey.com/about) 公司的 GrapheneOS。 + ## 標準 \*\*請注意,我們與推薦的任何項目均無關。\*\*除了[我們的通用標準](about/criteria.md)外,我們還制定了一套明確的要求,以便我們能夠提供客觀的建議。 我們建議您在選擇使用專案前先熟悉此清單,並自行研究,以確保它是適合您的選擇。 diff --git a/i18n/zh-TW/os/android-overview.md b/i18n/zh-TW/os/android-overview.md index 6c4a4772..f431fc29 100644 --- a/i18n/zh-TW/os/android-overview.md +++ b/i18n/zh-TW/os/android-overview.md @@ -143,6 +143,7 @@ Android 7 及以上版本支援 VPN kill switch,無需安裝第三方應用程 - 僅允許從 Google Play 商店、作業系統供應商的應用程式商店安裝應用程式(即便是 [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) 安裝 也不被允許) - 使用 [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) 強制自動設備掃描 - 針對未經驗證的應用程式向您發出警告 +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play 系统更新 diff --git a/i18n/zh/android/distributions.md b/i18n/zh/android/distributions.md index 63f4ba1a..fe8aa391 100644 --- a/i18n/zh/android/distributions.md +++ b/i18n/zh/android/distributions.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Android Operating Systems - Privacy Guides" -title: "Alternative Distributions" +title: Alternative Distributions description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. schema: - "@context": http://schema.org @@ -46,15 +46,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik [:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} +[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" } [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } -[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } +[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice. -[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). +[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView. + +GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues. + +### Connectivity Checks By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using. diff --git a/i18n/zh/mobile-phones.md b/i18n/zh/mobile-phones.md index 1eb04e23..e8cf93f2 100644 --- a/i18n/zh/mobile-phones.md +++ b/i18n/zh/mobile-phones.md @@ -1,5 +1,5 @@ --- -title: "Mobile Phones" +title: Mobile Phones icon: material/cellphone-check description: These mobile devices provide the best hardware security support for custom Android operating systems. cover: android.webp @@ -42,7 +42,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
-## Purchasing Advice +## General Purchasing Advice When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -72,11 +72,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of -Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. +### Hardware Security + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for _all_ of those functions, resulting in a larger attack surface. Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. +The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature. + +### Buying a Google Pixel A few more tips for purchasing a Google Pixel: @@ -87,6 +91,8 @@ A few more tips for purchasing a Google Pixel: , meaning that the longer use of the device the lower cost per day. - If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company. + ## Criteria **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. diff --git a/i18n/zh/os/android-overview.md b/i18n/zh/os/android-overview.md index 32315986..67e04d1e 100644 --- a/i18n/zh/os/android-overview.md +++ b/i18n/zh/os/android-overview.md @@ -143,6 +143,7 @@ If you have a Google account we suggest enrolling in the [Advanced Protection Pr - Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) - Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) - 警告你有未经验证的应用程序 +- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs ### Google Play 系统更新