mirror of
https://github.com/privacyguides/i18n.git
synced 2025-09-06 21:38:47 +00:00
New Crowdin translations by GitHub Action
This commit is contained in:
Crowdin Bot
@@ -35,19 +35,25 @@ Quando se trata de segurança de aplicativos, geralmente não sabemos (e às vez
|
||||
|
||||
Para minimizar os danos que um aplicativo malicioso *pode* causar, você deve usar a segurança por compartimentalização. Por exemplo, isso pode ser feito usando computadores diferentes para trabalhos diferentes, usando máquinas virtuais para separar grupos diferentes de aplicativos relacionados ou usando um sistema operacional seguro com um forte foco em isolamento (sandboxing) de aplicativos e controle de acesso obrigatório.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
Sistemas operacionais móveis geralmente têm um isolamento (sandboxing) de aplicativos melhor do que os sistemas operacionais de mesa (desktop): Aplicativos não podem obter acesso à raiz e precisam de permissão para acessar os recursos do sistema.
|
||||
|
||||
Sistemas operacionais de mesa geralmente ficam para trás em termos de isolamento adequado. ChromeOS tem recursos de isolamento semelhantes aos do Android, e o macOS tem controle total de permissões do sistema (e os desenvolvedores podem optar pelo isolamento para aplicativos). No entanto, esses sistemas operacionais transmitem informações de identificação para seus respectivos OEMs. Linux tende a não enviar informações aos fornecedores de sistemas, mas tem pouca proteção contra explorações e aplicativos mal-intencionados. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
Sistemas operacionais móveis geralmente têm um isolamento (sandboxing) de aplicativos melhor do que os sistemas operacionais de mesa (desktop): Aplicativos não podem obter acesso à raiz e precisam de permissão para acessar os recursos do sistema.
|
||||
|
||||
Sistemas operacionais de mesa geralmente ficam para trás em termos de isolamento adequado. ChromeOS tem recursos de isolamento semelhantes aos do Android, e o macOS tem controle total de permissões do sistema (e os desenvolvedores podem optar pelo isolamento para aplicativos). No entanto, esses sistemas operacionais transmitem informações de identificação para seus respectivos OEMs. Linux tende a não enviar informações aos fornecedores de sistemas, mas tem pouca proteção contra explorações e aplicativos mal-intencionados. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
|
||||
</div>
|
||||
|
||||
<span class="pg-red">:material-target-account: Ataques Direcionados</span>
|
||||
|
||||
Ataques direcionados contra uma pessoa específica são mais problemáticos de lidar. Os ataques comuns incluem o envio de documentos maliciosos por e-mail, a exploração de vulnerabilidades (por exemplo, em navegadores e sistemas operacionais) e ataques físicos. Se isso for uma preocupação para você, deverá empregar estratégias mais avançadas de atenuação de ameaças.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
Por padrão, **navegadores da Internet**, **clientes de e-mail** e **aplicativos de escritório** normalmente executam códigos não confiáveis, enviados a você por terceiros. A execução de várias máquinas virtuais — para separar aplicativos como esses do sistema host, bem como uns dos outros — é uma técnica que pode ser usada para reduzir a chance de uma exploração nesses aplicativos comprometer o restante do sistema. Por exemplo, tecnologias como o Qubes OS ou o Microsoft Defender Application Guard no Windows oferecem métodos confortáveis para fazer isso.
|
||||
Por padrão, **navegadores da Internet**, **clientes de e-mail** e **aplicativos de escritório** normalmente executam códigos não confiáveis, enviados a você por terceiros. A execução de várias máquinas virtuais — para separar aplicativos como esses do sistema host, bem como uns dos outros — é uma técnica que pode ser usada para reduzir a chance de uma exploração nesses aplicativos comprometer o restante do sistema. Por exemplo, tecnologias como o Qubes OS ou o Microsoft Defender Application Guard no Windows oferecem métodos confortáveis para fazer isso.
|
||||
|
||||
</div>
|
||||
|
||||
Se você está preocupado com **ataques físicos**, você deve usar um sistema operacional com uma implementação de inicialização verificada segura, tais como Android, iOS, macOS ou [Windows (com TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
|
||||
|
||||
@@ -61,13 +67,16 @@ The obvious problem with this is that the service provider (or a hacker who has
|
||||
|
||||
Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party.
|
||||
|
||||
!!! note "Note on Web-based Encryption"
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note on Web-based Encryption</p>
|
||||
|
||||
In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
|
||||
|
||||
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.
|
||||
|
||||
Therefore, you should use native applications over web clients whenever possible.
|
||||
In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
|
||||
|
||||
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.
|
||||
|
||||
Therefore, you should use native applications over web clients whenever possible.
|
||||
|
||||
</div>
|
||||
|
||||
Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
|
||||
|
||||
@@ -77,17 +86,23 @@ Even with E2EE, service providers can still profile you based on **metadata**, w
|
||||
|
||||
Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative.
|
||||
|
||||
!!! abstract "Atlas of Surveillance"
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Atlas of Surveillance</p>
|
||||
|
||||
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/).
|
||||
|
||||
Na França, você pode dar uma olhada no [site da Technopolicy](https://technopolice.fr/villes/) mantido pela associação sem fins lucrativos La Quadrature du Net.
|
||||
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/).
|
||||
|
||||
In France you can take a look at the [Technopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
|
||||
|
||||
</div>
|
||||
|
||||
Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others.
|
||||
|
||||
!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
|
||||
<div class="admonition quote" markdown>
|
||||
<p class="admonition-title">ACLU: <em><a href="https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward">The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward</a></em></p>
|
||||
|
||||
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
|
||||
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
|
||||
|
||||
</div>
|
||||
|
||||
Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2]
|
||||
|
||||
@@ -133,11 +148,14 @@ Censorship on corporate platforms is increasingly common, as platforms like Twit
|
||||
|
||||
People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
|
||||
|
||||
You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
|
||||
While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
|
||||
|
||||
You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
|
||||
|
||||
</div>
|
||||
|
||||
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user