mirror of
https://github.com/privacyguides/i18n.git
synced 2025-08-24 07:09:15 +00:00
New Crowdin translations by GitHub Action
This commit is contained in:
Crowdin Bot
@@ -45,11 +45,14 @@ These tend to be good options for recurring/subscription payments online, while
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
|
||||
!!! 危险
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
|
||||
|
||||
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
|
||||
|
||||
</div>
|
||||
|
||||
### Privacy Coins
|
||||
|
||||
|
||||
@@ -45,13 +45,16 @@ Setting up bad configurations like these is difficult to do accidentally, becaus
|
||||
|
||||
---
|
||||
|
||||
!!! info "VPN/SSH Fingerprinting"
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">VPN/SSH Fingerprinting</p>
|
||||
|
||||
The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
|
||||
|
||||
Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
|
||||
|
||||
If you still believe that pluggable transports (bridges) provide additional protection against website traffic fingerprinting that a VPN does not, you always have the option to use a bridge **and** a VPN in conjunction.
|
||||
The Tor Project [notes](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN#vpnssh-fingerprinting) that *theoretically* using a VPN to hide Tor activities from your ISP may not be foolproof. VPNs have been found to be vulnerable to website traffic fingerprinting, where an adversary can still guess what website is being visited, because all websites have specific traffic patterns.
|
||||
|
||||
Therefore, it's not unreasonable to believe that encrypted Tor traffic hidden by a VPN could also be detected via similar methods. There are no research papers on this subject, and we still consider the benefits of using a VPN to far outweigh these risks, but it is something to keep in mind.
|
||||
|
||||
If you still believe that pluggable transports (bridges) provide additional protection against website traffic fingerprinting that a VPN does not, you always have the option to use a bridge **and** a VPN in conjunction.
|
||||
|
||||
</div>
|
||||
|
||||
Determining whether you should first use a VPN to connect to the Tor network will require some common sense and knowledge of your own government's and ISP's policies relating to what you're connecting to. However, again in most cases you will be better off being seen as connecting to a commercial VPN network than directly to the Tor network. If VPN providers are censored in your area, then you can also consider using Tor pluggable transports (e.g. Snowflake or meek bridges) as an alternative, but using these bridges may arouse more suspicion than standard WireGuard/OpenVPN tunnels.
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
---
|
||||
meta_title: "如何私密地创建互联网账户 - 隐私指南"
|
||||
title: "账户创建"
|
||||
meta_title: "How to Create Internet Accounts Privately - Privacy Guides"
|
||||
title: "Account Creation"
|
||||
icon: 'material/account-plus'
|
||||
description: 在网上创建账户几乎是网络生活的必需,采取这些步骤确保你的隐私安全。
|
||||
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
|
||||
---
|
||||
|
||||
人们经常不假思索地注册服务。 也许它是一个流媒体服务,这样你就可以看到每个人都在谈论的新节目,或者一个为你最喜欢的快餐店提供折扣的账户。 无论情况如何,你应该考虑现在和以后对你的数据的影响。
|
||||
@@ -29,9 +29,12 @@ description: 在网上创建账户几乎是网络生活的必需,采取这些
|
||||
|
||||
创建新账户最常见的方式是通过电子邮件地址和密码。 当使用这种方法时,你应该使用一个密码管理器,并遵循 [有关密码的最佳实践](passwords-overview.md)。
|
||||
|
||||
!!! 提示
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
你还可以使用密码管理器来组织其他验证方法! 只需添加新条目并填写相应字段,你可以为诸如安全问题或备用密钥之类的事物添加注释。
|
||||
你还可以使用密码管理器来组织其他验证方法! 只需添加新条目并填写相应字段,你可以为诸如安全问题或备用密钥之类的事物添加注释。
|
||||
|
||||
</div>
|
||||
|
||||
你将负责管理你的登录凭证。 为了增加安全性,你可以在你的账户上设置 [MFA](multi-factor-authentication.md)。
|
||||
|
||||
|
||||
@@ -75,20 +75,23 @@ schema:
|
||||
|
||||
最清晰的威胁模型之一是,部分人*,知道你是谁* ,而另一部分人不知道。 总有一些情况下你必须申报你的合法姓名,也有一些情况下你不需要这样做。
|
||||
|
||||
1. **已知身份** - 已知身份是用于必须申报姓名的事情。 有许多法律文件和合同都需要合法身份。 这可能包括开设银行账户、签署房产租赁合同、获得护照、进口物品时的海关申报,或以其他方式与你的政府打交道。 这些东西通常会导致信用卡、信用等级检查、账户号码,以及可能的实际地址等凭证。
|
||||
1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses.
|
||||
|
||||
我们不建议使用VPN或Tor来做这些事情,因为你的身份已经通过其他方式被了解。
|
||||
We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means.
|
||||
|
||||
!!! tip
|
||||
|
||||
网购时,使用[快递柜](https://en.wikipedia.org/wiki/Parcel_locker)可以帮助你保持实际住址的隐私。
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
网购时,使用[快递柜](https://en.wikipedia.org/wiki/Parcel_locker)可以帮助你保持实际住址的隐私。
|
||||
|
||||
</div>
|
||||
|
||||
2. **未知身份** -未知身份可能是您经常使用的稳定化名。 它不是匿名的,因为它没有变化。 如果你是一个网络社区的一部分,你可能希望保留一个别人知道的角色。 这个化名不是匿名的,因为如果监测的时间足够长,关于主人的细节可以揭示进一步的信息,如他们的写作方式,他们对感兴趣的话题的一般知识,等等。
|
||||
|
||||
你可能希望为此使用VPN,以掩盖你的IP地址。 金融交易更难掩盖。你可以考虑使用匿名的加密货币,如 [Monero](https://www.getmonero.org/)。 采用altcoin转移也可能有助于掩盖你的货币来源。 通常情况下,交易所需要完成KYC(了解你的客户),然后才允许你将法币兑换成任何种类的加密货币。 当地见面会选项也可能是一种解决方案;然而,这些往往更昂贵,有时也需要KYC。
|
||||
你可能希望为此使用VPN,以掩盖你的IP地址。 金融交易更难掩盖。你可以考虑使用匿名的加密货币,如 [Monero](https://www.getmonero.org/)。 采用altcoin转移也可能有助于掩盖你的货币来源。 通常情况下,交易所需要完成KYC(了解你的客户),然后才允许你将法币兑换成任何种类的加密货币。 当地见面会选项也可能是一种解决方案;然而,这些往往更昂贵,有时也需要KYC。
|
||||
|
||||
3. **匿名身份** - 即使有经验,匿名身份也很难长期维持。 它们应该是短期和短命的身份,定期轮换。
|
||||
|
||||
使用Tor可以帮助解决这个问题。 还值得注意的是,通过异步通信可以实现更大的匿名性。实时通信容易受到打字模式的分析(即超过一段文字,在论坛上分发,通过电子邮件等)。
|
||||
使用Tor可以帮助解决这个问题。 还值得注意的是,通过异步通信可以实现更大的匿名性。实时通信容易受到打字模式的分析(即超过一段文字,在论坛上分发,通过电子邮件等)。
|
||||
|
||||
[^1]: 其中一个明显的例子是 [2021年明尼苏达大学的研究人员将三个漏洞引入了Linux内核开发项目的事件](https://cse.umn.edu/cs/linux-incident)。
|
||||
|
||||
@@ -35,19 +35,25 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
|
||||
|
||||
为了最大限度地减少恶意软件可能造成的损害,您应该采用隔离方式进行安全防护。 这可以是使用不同的计算机进行不同的工作,使用虚拟机来分离不同的相关应用程序组,或者使用一个安全的操作系统,重点是要有应用程序沙盒和强制性的访问控制。
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
在应用程序沙盒方面,移动操作系统通常比桌面操作系统更安全。
|
||||
|
||||
应用程序无法获得根访问权限,只能访问您授予它们访问权限的系统资源。 桌面操作系统在成熟的沙箱方面通常比较落后。 ChromeOS具有与安卓类似的沙盒属性,而macOS具有完整的系统权限控制和(针对开发者)可选的应用程序沙盒,然而这些操作系统的确会将识别信息传输给各自的OEM。 Linux倾向于不向系统供应商提交信息,但它对漏洞和恶意应用程序的保护很差。 This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
在应用程序沙盒方面,移动操作系统通常比桌面操作系统更安全。
|
||||
|
||||
应用程序无法获得根访问权限,只能访问您授予它们访问权限的系统资源。 桌面操作系统在成熟的沙箱方面通常比较落后。 ChromeOS具有与安卓类似的沙盒属性,而macOS具有完整的系统权限控制和(针对开发者)可选的应用程序沙盒,然而这些操作系统的确会将识别信息传输给各自的OEM。 Linux倾向于不向系统供应商提交信息,但它对漏洞和恶意应用程序的保护很差。 This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../desktop.md#qubes-os).
|
||||
|
||||
</div>
|
||||
|
||||
<span class="pg-red">:material-target-account: 定向攻击</span>
|
||||
|
||||
针对特定用户的有针对性的攻击更加难以处理。 常见的攻击途径包括通过电子邮件发送恶意文件,利用浏览器和操作系统的漏洞,以及物理攻击。 如果您担心这一点,则可能需要采用更高级的威胁缓解策略。
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
**网络浏览器**、**电子邮件客户端**和**办公应用程序**在设计上通常都运行源自第三方的不可信代码。 运行多个虚拟机来将此类应用程序从主机系统中分离出来,以及彼此分离,是您可以使用的一种技术,以避免这些应用程序中的漏洞被利用,危及系统的其余部分。 例如,Qubes OS或Windows上的Microsoft Defender Application Guard等技术提供了无缝执行此操作的便捷方法。
|
||||
**网络浏览器**、**电子邮件客户端**和**办公应用程序**在设计上通常都运行源自第三方的不可信代码。 运行多个虚拟机来将此类应用程序从主机系统中分离出来,以及彼此分离,是您可以使用的一种技术,以避免这些应用程序中的漏洞被利用,危及系统的其余部分。 例如,Qubes OS或Windows上的Microsoft Defender Application Guard等技术提供了无缝执行此操作的便捷方法。
|
||||
|
||||
</div>
|
||||
|
||||
如果你担心 **物理攻击** ,你应该使用具有安全验证启动实现的操作系统,如Android、iOS、macOS、 [Windows(带TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process)。 你还应该确保你的驱动器是加密的,并且操作系统使用TPM或安全 [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) 或 [Element](https://developers.google.com/android/security/android-ready-se) ,以限制输入加密口令的重试速率。 你应该避免与你不信任的人分享你的电脑,因为大多数桌面操作系统没有按用户单独加密数据。
|
||||
|
||||
@@ -61,13 +67,16 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
|
||||
|
||||
值得庆幸的是,可以通过在发送到服务器之前就对您与收件人之间的通信进行端到端加密来缓解此问题。 只要服务提供者不能获得任何一方的私钥,就能保证你的信息的保密性。
|
||||
|
||||
!!! 注释“关于基于web的加密的说明”
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note on Web-based Encryption</p>
|
||||
|
||||
在实践中,不同的端到端加密实现的有效性各不相同。 [Signal](../real-time-communication.md#signal)这类应用程序在您的设备本地运行,并且应用程序副本在不同的安装下保持相同。 如果服务提供商在他们的应用程序中设置后门,试图窃取你的私钥,这可以在未来通过逆向工程检测出来。
|
||||
|
||||
另一方面,基于Web的端到端加密实现(如Proton Mail的webmail或Bitwarden的web vault)依赖于服务器动态地向浏览器提供JavaScript代码来处理加密操作。 一个恶意的服务器可以针对一个特定的用户,向他们发送恶意的JavaScript代码来窃取他们的加密密钥,而用户是很难注意到这样的事情的。 即使用户注意到有人试图窃取他们的密钥,也很难证明是提供商试图这样做,因为服务器可以选择向不同的用户提供不同的网络客户端。
|
||||
|
||||
因此,当依赖端到端加密时,你应该尽可能选择使用本地应用程序而不是网络客户端。
|
||||
在实践中,不同的端到端加密实现的有效性各不相同。 [Signal](../real-time-communication.md#signal)这类应用程序在您的设备本地运行,并且应用程序副本在不同的安装下保持相同。 如果服务提供商在他们的应用程序中设置后门,试图窃取你的私钥,这可以在未来通过逆向工程检测出来。
|
||||
|
||||
另一方面,基于Web的端到端加密实现(如Proton Mail的webmail或Bitwarden的web vault)依赖于服务器动态地向浏览器提供JavaScript代码来处理加密操作。 一个恶意的服务器可以针对一个特定的用户,向他们发送恶意的JavaScript代码来窃取他们的加密密钥,而用户是很难注意到这样的事情的。 即使用户注意到有人试图窃取他们的密钥,也很难证明是提供商试图这样做,因为服务器可以选择向不同的用户提供不同的网络客户端。
|
||||
|
||||
因此,当依赖端到端加密时,你应该尽可能选择使用本地应用程序而不是网络客户端。
|
||||
|
||||
</div>
|
||||
|
||||
即使有端对端加密,服务提供商仍然可以根据 **元数据**,对你进行剖析,而这些元数据通常不受保护。 虽然服务提供商无法阅读您的消息以查看您所说的内容,但他们仍然可以观察到您正在与谁通话、您给他们发送消息的频率以及您通常活跃的时间等情况。 对元数据的保护是相当不常见的,如果你关心这一点,应该密切关注你所使用的软件的技术文档,看看是否有任何元数据最小化或保护。
|
||||
|
||||
@@ -77,17 +86,23 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
|
||||
|
||||
大规模监控是指对许多或所有特定人群进行监控的工作。 它通常是指像[Edward Snowden在2013披露](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))的那一类政府项目。
|
||||
|
||||
!!! 摘要“监测地图”
|
||||
<div class="admonition abstract" markdown>
|
||||
<p class="admonition-title">Atlas of Surveillance</p>
|
||||
|
||||
如果你想了解更多关于监视方法以及它们在你的城市是如何实施的,你也可以看看[电子前沿基金会](https://atlasofsurveillance.org/)的[监视地图]。
|
||||
|
||||
在法国,你可以看看由非营利协会 La Quadrature du Net 维护的[Technolopolice 网站](https://technopolice.fr/villes/)。
|
||||
如果你想了解更多关于监视方法以及它们在你的城市是如何实施的,你也可以看看[电子前沿基金会](https://atlasofsurveillance.org/)的[监视地图]。
|
||||
|
||||
In France you can take a look at the [Technopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
|
||||
|
||||
</div>
|
||||
|
||||
政府经常为大规模监控项目辩护,认为这是打击恐怖主义和防止犯罪的必要手段。 然而,它侵犯人权,最常被用来不成比例地针对少数群体和持不同政见者等。
|
||||
|
||||
!!! 引用 "美国公民自由联盟。 [*9/11的隐私教训。大规模监控不是前进的方向*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
|
||||
<div class="admonition quote" markdown>
|
||||
<p class="admonition-title">ACLU: <em><a href="https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward">The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward</a></em></p>
|
||||
|
||||
面对[爱德华-斯诺登披露的政府项目,如 [PRISM](https://en.wikipedia.org/wiki/PRISM)和 [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)],情报官员也承认,国家安全局多年来一直在秘密收集几乎每个美国人的电话记录--谁在给谁打电话,这些电话是什么时候打的,以及它们持续多长时间。 你应该考虑你的对手能观察到网络的哪些方面,以及你的行动是否有合理的可否认性。
|
||||
面对[爱德华-斯诺登披露的政府项目,如 [PRISM](https://en.wikipedia.org/wiki/PRISM)和 [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)],情报官员也承认,国家安全局多年来一直在秘密收集几乎每个美国人的电话记录--谁在给谁打电话,这些电话是什么时候打的,以及它们持续多长时间。 你应该考虑你的对手能观察到网络的哪些方面,以及你的行动是否有合理的可否认性。
|
||||
|
||||
</div>
|
||||
|
||||
尽管美国的大规模监控越来越多,但政府发现,像第215条这样的大规模监控计划在阻止实际犯罪或恐怖主义阴谋方面 "没有什么独特的价值",其努力主要是重复联邦调查局自己的目标监控计划。[^2]
|
||||
|
||||
@@ -133,11 +148,14 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
|
||||
|
||||
关注审查制度威胁的人可以使用像 [Tor](../advanced/tor-overview.md) 这样的技术来规避审查制度,并支持像 [Matrix](../real-time-communication.md#element)这样的抗审查通信平台,该平台没有一个可以任意关闭账户的集中式账户管理机构。
|
||||
|
||||
!!! tip
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Tip</p>
|
||||
|
||||
虽然逃避审查本身很容易,但隐藏你正在做的事实可能非常有问题。
|
||||
|
||||
你应该考虑你的对手可以观察到网络的哪些方面,以及你的行动是否有合理的可否认性。 例如,使用[加密DNS](.../advanced/dns-overview.md#what-is-encrypted-dns)可以帮助你绕过初级的、基于DNS的审查系统,但它不能真正向ISP隐藏你正在访问的内容。 VPN或Tor可以帮助向网络管理员隐藏你正在访问的内容,但不能隐藏你首先在使用这些网络。 可插拔的传输工具(如Obfs4proxy、Meek或Shadowsocks)可以帮助你逃避阻挡普通VPN协议或Tor的防火墙,但你的规避尝试仍然可以被探测或[深度包检查](https://en.wikipedia.org/wiki/Deep_packet_inspection)等方法发现。
|
||||
虽然逃避审查本身很容易,但隐藏你正在做的事实可能非常有问题。
|
||||
|
||||
你应该考虑你的对手可以观察到网络的哪些方面,以及你的行动是否有合理的可否认性。 例如,使用[加密DNS](.../advanced/dns-overview.md#what-is-encrypted-dns)可以帮助你绕过初级的、基于DNS的审查系统,但它不能真正向ISP隐藏你正在访问的内容。 VPN或Tor可以帮助向网络管理员隐藏你正在访问的内容,但不能隐藏你首先在使用这些网络。 可插拔的传输工具(如Obfs4proxy、Meek或Shadowsocks)可以帮助你逃避阻挡普通VPN协议或Tor的防火墙,但你的规避尝试仍然可以被探测或[深度包检查](https://en.wikipedia.org/wiki/Deep_packet_inspection)等方法发现。
|
||||
|
||||
</div>
|
||||
|
||||
你必须始终考虑试图绕过审查制度的风险,潜在的后果,以及你的对手可能有多复杂。 你应该谨慎地选择软件,并有一个备份计划,以防被发现。
|
||||
|
||||
|
||||
@@ -140,9 +140,12 @@ sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLog
|
||||
|
||||
### Linux系统
|
||||
|
||||
!!! 推荐
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">警告</p>
|
||||
|
||||
如果你的系统的主机名改变了(如由于DHCP的原因),你将无法登录。 在遵循本指南之前,为您的计算机设置正确的主机名至关重要。
|
||||
如果你的系统的主机名改变了(如由于DHCP的原因),你将无法登录。 在遵循本指南之前,为您的计算机设置正确的主机名至关重要。
|
||||
|
||||
</div>
|
||||
|
||||
Linux上的 `pam_u2f` 模块可以在大多数流行的Linux发行版上为登录提供双因素认证。 如果你有一个支持U2F的硬件安全密钥,你可以为你的登录设置MFA认证。 Yubico有一个指南 [Ubuntu Linux登录指南 - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) ,它应该适用于任何发行版。 然而,软件包管理器的命令--如 `apt-get`--和软件包名称可能不同。 本指南 **不** 适用于Qubes OS。
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: "密码简介"
|
||||
title: "Introduction to Passwords"
|
||||
icon: 'material/form-textbox-password'
|
||||
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
|
||||
---
|
||||
@@ -26,9 +26,12 @@ description: These are some tips and tricks on how to create the strongest passw
|
||||
|
||||
而那些你不需要记住的密码(如存储在密码管理器内的密码),如果你的 [威胁模型](threat-modeling.md) 有需求,我们建议每隔几个月对重要账户(尤其是不使用多因认证的账户)进行检查并更改其密码,以防它们在尚未公开的数据泄露事件中被泄露。 大多数密码管理器允许你为你的密码设置一个到期日,使之更容易管理。
|
||||
|
||||
!!! 提示 "检查数据泄露情况"
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Checking for data breaches</p>
|
||||
|
||||
如果你的密码管理器允许你检查被泄露的密码,请确保这样做,并及时更改任何可能在数据泄露中被泄露的密码。 你还可以在[新闻聚合器](.../news-aggregators.md)的帮助下关注[Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches)。
|
||||
如果你的密码管理器允许你检查被泄露的密码,请确保这样做,并及时更改任何可能在数据泄露中被泄露的密码。 你还可以在[新闻聚合器](.../news-aggregators.md)的帮助下关注[Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches)。
|
||||
|
||||
</div>
|
||||
|
||||
## 创建强密码
|
||||
|
||||
@@ -48,9 +51,12 @@ Diceware是一种创建密码的方法,这种密码容易记忆,但很难猜
|
||||
|
||||
要使用真正的骰子生成一个diceware口令,请遵循以下步骤。
|
||||
|
||||
!!! note
|
||||
<div class="admonition Note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
这里的说明步骤假定你使用[EFF的大型词汇表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)来生成口令,每个词需要掷五个骰子。 其他词表可能需要更多或更少的回合,也可能需要不同数量的词来实现相同的熵值。
|
||||
这里的说明步骤假定你使用[EFF的大型词汇表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)来生成口令,每个词需要掷五个骰子。 其他词表可能需要更多或更少的回合,也可能需要不同数量的词来实现相同的熵值。
|
||||
|
||||
</div>
|
||||
|
||||
1. 掷一个六面体的骰子五次,每次掷完都记下数字。
|
||||
|
||||
@@ -60,31 +66,37 @@ Diceware是一种创建密码的方法,这种密码容易记忆,但很难猜
|
||||
|
||||
4. 重复这个过程,直到你的口令有你所需要的字数,你应该用空格来分隔每个词。
|
||||
|
||||
!!! 警告 “重要”
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Important</p>
|
||||
|
||||
你**不**应该重新生成单词,来得到一个吸引你的单词组合。 这个过程应该是完全随机的。
|
||||
你**不**应该重新生成单词,来得到一个吸引你的单词组合。 这个过程应该是完全随机的。
|
||||
|
||||
</div>
|
||||
|
||||
如果你没有或者不愿意使用真正的骰子,你可以使用你的密码管理器的内置密码生成器,因为除了常规密码之外,大多数密码管理器都有生成骰子密码的选项。
|
||||
|
||||
我们建议使用 [EFF的大型词表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) ,以生成你的二维码密码,因为它提供了与原始列表完全相同的安全性,同时包含更容易记忆的单词。 There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
|
||||
|
||||
??? 注:"解释熵和二维码密码的强度"
|
||||
<details class="note" markdown>
|
||||
<summary>Explanation of entropy and strength of diceware passphrases</summary>
|
||||
|
||||
为了演示diceware密码短语有多强,我们将使用前面提到的七个单词密码短语`'viewable fastness,squishy seventeen showed pencil'`和[EFF的大单词列表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)为例。
|
||||
|
||||
确定双关口令强度的一个指标是它的熵值有多少。 双关口令中每个字的熵计算为$\text{log}_2(\text{WordsInList})$,口令的整体熵计算为$\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$。
|
||||
|
||||
因此,上述列表中的每个词都会产生~12.9比特的熵($\text{log}_2(7776)$),而由它衍生出的七个词的口令有~90.47比特的熵($\text{log}_2(7776^7)$)。
|
||||
|
||||
[EFF的大词表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)包含7776个独特的词。 要计算可能的口令数量,我们所要做的就是$\text{WordsInList}^\text{WordsInPhrase}$,或者在我们的例子中,$7776^7$。
|
||||
|
||||
让我们换一个角度来看:使用[EFF 's large wordlist] ( https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt )的七个单词密码是~ 1,719,070,799,748,422,500,000,000,000个可能的密码之一。
|
||||
|
||||
平均而言,需要尝试所有可能的组合中的50%来猜测你的短语。 考虑到这一点,即使你的对手每秒能够猜出1,000,000,000,000次,他们仍然需要27,255,689年才能猜出你的口令。 即使以下情况属实,情况也是如此:
|
||||
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
|
||||
|
||||
- 你的对手知道你使用了diceware方法。
|
||||
- 你的对手知道你使用的具体词表。
|
||||
- 你的对手知道你的口令包含多少个字。
|
||||
确定双关口令强度的一个指标是它的熵值有多少。 双关口令中每个字的熵计算为$\text{log}_2(\text{WordsInList})$,口令的整体熵计算为$\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$。
|
||||
|
||||
因此,上述列表中的每个词都会产生~12.9比特的熵($\text{log}_2(7776)$),而由它衍生出的七个词的口令有~90.47比特的熵($\text{log}_2(7776^7)$)。
|
||||
|
||||
The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. 要计算可能的口令数量,我们所要做的就是$\text{WordsInList}^\text{WordsInPhrase}$,或者在我们的例子中,$7776^7$。
|
||||
|
||||
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
|
||||
|
||||
平均而言,需要尝试所有可能的组合中的50%来猜测你的短语。 考虑到这一点,即使你的对手每秒能够猜出1,000,000,000,000次,他们仍然需要27,255,689年才能猜出你的口令。 即使以下情况属实,情况也是如此:
|
||||
|
||||
- 你的对手知道你使用了diceware方法。
|
||||
- 你的对手知道你使用的具体词表。
|
||||
- 你的对手知道你的口令包含多少个字。
|
||||
|
||||
</details>
|
||||
|
||||
总而言之,当你需要一些既容易记住 *,又特别强大的* ,Diceware密码是你最好的选择。
|
||||
|
||||
@@ -98,13 +110,16 @@ Diceware是一种创建密码的方法,这种密码容易记忆,但很难猜
|
||||
|
||||
[推荐的密码管理器列表](../passwords.md ""){.md-button}
|
||||
|
||||
!!! 警告 "不要把你的密码和TOTP令牌放在同一个密码管理器中"
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>
|
||||
|
||||
如果您将TOTP用作任何帐户的 [多因素身份验证](../multi-factor-authentication.md) 方法,请勿在密码管理器中存储这些令牌、它们的任何备份代码或TOTP秘密本身,那样会抵消掉多因认证的益处。
|
||||
|
||||
你应该使用专门的[TOTP应用程序](.../multi-factor-authentication.md/#authenticator-apps)来代替。
|
||||
|
||||
此外,我们不建议在您的密码管理器中存储用于一次性恢复的代码。 它们应当单独存储在,例如离线存储设备上的加密容器中。
|
||||
如果您将TOTP用作任何帐户的 [多因素身份验证](../multi-factor-authentication.md) 方法,请勿在密码管理器中存储这些令牌、它们的任何备份代码或TOTP秘密本身,那样会抵消掉多因认证的益处。
|
||||
|
||||
你应该使用专门的[TOTP应用程序](.../multi-factor-authentication.md/#authenticator-apps)来代替。
|
||||
|
||||
此外,我们不建议在您的密码管理器中存储用于一次性恢复的代码。 它们应当单独存储在,例如离线存储设备上的加密容器中。
|
||||
|
||||
</div>
|
||||
|
||||
### 备份
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
meta_title: "How Do VPNs Protect Your Privacy? Our VPN Overview - Privacy Guides"
|
||||
title: VPN概述
|
||||
icon: 资料/vpn
|
||||
title: VPN Overview
|
||||
icon: material/vpn
|
||||
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
|
||||
---
|
||||
|
||||
@@ -11,9 +11,12 @@ Normally, an ISP can see the flow of internet traffic entering and exiting your
|
||||
|
||||
Using a VPN hides even this information from your ISP, by shifting the trust you place in your network to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing through it.
|
||||
|
||||
!!! note
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../vpn.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.
|
||||
When we refer to "Virtual Private Networks" on this website, we are usually referring to **commercial** [VPN providers](../vpn.md), who you pay a monthly fee to in exchange for routing your internet traffic securely through their public servers. There are many other forms of VPN, such as ones you host yourself or ones operated by workplaces which allow you to securely connect to internal/employee network resources, however, these VPNs are usually designed for accessing remote networks securely, rather than protecting the privacy of your internet connection.
|
||||
|
||||
</div>
|
||||
|
||||
## How does a VPN work?
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Android概述
|
||||
title: Android Overview
|
||||
icon: simple/android
|
||||
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
|
||||
---
|
||||
@@ -99,13 +99,19 @@ An app may request a permission for a specific feature it has. For example, any
|
||||
|
||||
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
|
||||
|
||||
!!! 推荐
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">警告</p>
|
||||
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
|
||||
|
||||
!!! note
|
||||
</div>
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">Note</p>
|
||||
|
||||
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
|
||||
|
||||
</div>
|
||||
|
||||
## Privacy Features
|
||||
|
||||
|
||||
@@ -146,9 +146,12 @@ After enabling stolen data protection, [certain actions](https://support.apple.c
|
||||
|
||||
iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts.
|
||||
|
||||
!!! 推荐
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">警告</p>
|
||||
|
||||
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it.
|
||||
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it.
|
||||
|
||||
</div>
|
||||
|
||||
- [x] Turn on **Erase Data**
|
||||
|
||||
|
||||
@@ -156,9 +156,12 @@ macOS employs defense in depth by relying on multiple layers of software and har
|
||||
|
||||
### Software Security
|
||||
|
||||
!!! 推荐
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">警告</p>
|
||||
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
|
||||
</div>
|
||||
|
||||
#### Signed System Volume
|
||||
|
||||
@@ -178,9 +181,12 @@ System Integrity Protection makes critical file locations read-only to protect a
|
||||
|
||||
macOS apps downloaded from the App Store are required to be sandboxed usng the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox).
|
||||
|
||||
!!! 推荐
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">警告</p>
|
||||
|
||||
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
|
||||
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible.
|
||||
|
||||
</div>
|
||||
|
||||
##### Antivirus
|
||||
|
||||
|
||||
@@ -10,9 +10,12 @@ description: Qubes is an operating system built around isolating apps within *qu
|
||||
|
||||
Qubes使用 [分区](https://www.qubes-os.org/intro/) ,以保持系统的安全性。 Qubes是由模板创建的,默认的是Fedora、Debian和 [Whonix](../desktop.md#whonix)。 Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) *qubes*.
|
||||
|
||||
??? "The term *qubes* is gradually being updated to avoid referring to them as "virtual machines"."
|
||||
<details class="note" markdown>
|
||||
<summary>The term <em>qubes</em> is gradually being updated to avoid referring to them as "virtual machines".</summary>
|
||||
|
||||
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
|
||||
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
<figcaption>Qubes架构,信用:什么是Qubes操作系统介绍</figcaption>
|
||||
@@ -41,9 +44,12 @@ Qubes OS utilizes [dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM for contr
|
||||
|
||||
To copy and paste files and directories (folders) from one *qube* to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. 不同的是, **Move** 选项将删除原始文件。 Either option will protect your clipboard from being leaked to any other *qubes*. This is more secure than air-gapped file transfer. An air-gapped computer will still be forced to parse partitions or file systems. 这一点在跨区拷贝系统中是不需要的。
|
||||
|
||||
??? "Qubes do not have their own filesystems."
|
||||
<details class="note" markdown>
|
||||
<summary>Qubes do not have their own filesystems.</summary>
|
||||
|
||||
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. 当这样做的时候,改变并不是立即进行的,而且在发生事故的情况下可以很容易地撤消。 When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
|
||||
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. 当这样做的时候,改变并不是立即进行的,而且在发生事故的情况下可以很容易地撤消。 When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
|
||||
|
||||
</details>
|
||||
|
||||
### 虚拟机之间的相互作用
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
|
||||
title: "VPN Services"
|
||||
icon: 资料/vpn
|
||||
icon: material/vpn
|
||||
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you.
|
||||
cover: vpn.webp
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user