+
+{ align=right }
+
+**SearXNG** is an open-source, self-hostable, metasearch engine. É um fork de [SearX](https://github.com/searx/searx) com atualizações regulares.
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ Ao usar a auto-hospedagem, é importante as outras pessoas utilizem a sua instâ
Quando estiver a utilizar uma instância do SearXNG, certifique-se de que lê a política de privacidade. Uma vez que as instâncias do SearXNG podem ser modificadas pelos seus proprietários, não é garantido que sigam a sua política de privacidade. Algumas instâncias são executadas como um serviço oculto Tor, o que pode garantir alguma privacidade, desde que as suas consultas de pesquisa não contenham informações pessoais.
-## StartPage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Ao contrário do que o nome sugere, esta funcionalidade não deve ser utilizada para garantir o anonimato. Se procura anonimato, utilize o [Browser Tor] (tor.md#tor-browser).
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-O Startpage está sediado nos Países Baixos. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. Não registam o seu endereço IP, pesquisas ou outras informações de identificação pessoal.
-
-O acionista maioritário do Startpage é a System1, uma empresa marketing tecnológico. Não acreditamos que isso constitua um problema, uma vez que têm uma [ política de privacidade](https://system1.com/terms/privacy-policy) separada. The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Critérios
**Note que não estamos associados a nenhum dos projetos que recomendamos.** Para além dos [nossos critérios padrão](about/criteria.md), temos um conjunto claro de requisitos que nos permitem fornecer recomendações objetivas. Sugerimos que se familiarize com esta lista antes de optar por um projeto e que desenvolva a sua própria investigação para garantir que se trata da escolha certa para si.
### Requisitos mínimos
-- A sua política de privacidade deve garantir que não são recolhidas informações pessoais identificáveis.
+- Must not collect PII per their privacy policy.
- Não deve ser obrigatório criar uma conta.
### Melhor caso
@@ -119,3 +129,7 @@ Os nossos melhores critérios representam o que gostaríamos de ver num projeto
- Deve basear-se em software de fonte aberta.
- Não deve bloquear os endereços IP dos nós de saída do Tor.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/pt/tools.md b/i18n/pt/tools.md
index 638fcb38..5653a4d5 100644
--- a/i18n/pt/tools.md
+++ b/i18n/pt/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
Para obter mais detalhes sobre cada projeto, o motivo pelo qual foi escolhido e dicas ou truques adicionais que recomendamos, clique na ligação "Saiba mais" em cada secção, ou clique na própria recomendação para consultar essa secção específica da página.
-## Rede Tor
+## Navegador Tor
-
+[Saiba mais :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/ru/basics/common-misconceptions.md b/i18n/ru/basics/common-misconceptions.md
index 99d993b5..26d5ab19 100644
--- a/i18n/ru/basics/common-misconceptions.md
+++ b/i18n/ru/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
Эти мифы проистекают из ряда предрассудков, однако доступность исходного кода и способ лицензирования программного обеспечения по своей сути никак не влияют на его безопасность. ==Программное обеспечение с открытым исходным кодом имеет *потенциал* быть более безопасным, чем проприетарное программное обеспечение, но нет абсолютно никаких гарантий, что это так.== Когда вы оцениваете программное обеспечение, вы должны смотреть на репутацию и безопасность каждого инструмента в отдельности.
-Программное обеспечение с открытым исходным кодом *может* проверяться третьими сторонами, и зачастую оно более прозрачно в отношении потенциальных уязвимостей, чем проприетарные аналоги. Оно также позволяет просматривать код и отключать любые подозрительные функции, которые вы обнаружите. Однако, *если вы не сделаете этого*, нет никакой гарантии того, что код когда-либо проверялся, особенно в небольших проектах. Процесс открытой разработки также иногда использовался для внесения новых уязвимостей даже в крупные проекты.[^1]
+Программное обеспечение с открытым исходным кодом *может* проверяться третьими сторонами, и зачастую оно более прозрачно в отношении потенциальных уязвимостей, чем проприетарные аналоги. Оно также позволяет просматривать код и отключать любые подозрительные функции, которые вы обнаружите. Однако, *если вы не сделаете этого*, нет никакой гарантии того, что код когда-либо проверялся, особенно в небольших проектах. The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
С другой стороны, проприетарное программное обеспечение менее прозрачно, но это не означает, что оно небезопасно. Крупные проекты по разработке проприетарного программного обеспечения могут подвергаться внутреннему аудиту и аудиту сторонних организаций, а независимые исследователи безопасности все еще могут находить уязвимости с помощью таких методов, как реверс-инжиниринг.
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/ru/basics/common-threats.md b/i18n/ru/basics/common-threats.md
index 6e027519..9f31e766 100644
--- a/i18n/ru/basics/common-threats.md
+++ b/i18n/ru/basics/common-threats.md
@@ -9,13 +9,14 @@ description: Модель угрозы уникальна для каждого,
-
:material-incognito: Анонимность - изоляция твоей деятельности в интернете от твоей настоящей личности, защита тебя от людей, пытающихся раскрыть *именно твою* личность.
-
:material-target-account: Таргетированные атаки - защита от хакеров и других злоумышленников, которые пытаются получить доступ к *именно твоим* данным и устройствам.
-
:material-bug-outline: Пассивные атаки - защита от таких вещей, как вредоносное ПО, утечка данных и других атак, которые совершаются одновременно против многих людей.
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: Поставщики услуг - защита твоих данных от поставщиков услуг (например, с помощью E2EE, которое делает твои данные нечитаемыми для сервера).
-
:material-eye-outline: Массовая слежка - защита от правительственных агентств, организаций, веб-сайтов и служб, которые совместно отслеживают твою активность.
-
:material-account-cash: Капитализм слежки - Защита от крупных рекламных сетей, таких как Google и Facebook, а также от множества других сторонних сборщиков данных.
-
:material-account-search: Публичная экспозиция - ограничение информации о вас, которая доступна онлайн поисковым системам или широкой общественности.
-
:material-close-outline: Цензура - избегание цензуры как для доступа к информации, так и для её создания онлайн.
-В зависимости от твоих конкретных ситуаций, некоторые угрозы могут быть более важные, чем другие. Например, разработчик программного обеспечения, имеющий доступ к ценным или важным данным, может быть в первую очередь заинтересован в
:material-target-account: таргетированных атаках, но, вероятно, он все же хочет защитить свои личные данные от попадания в программы
:material-eye-outline: массового наблюдения. Аналогичным образом, многие люди могут быть в первую очередь обеспокоены
:material-account-search: публичной экспозицией своих личных данных, но им все равно следует опасаться проблем, связанных с безопасностью, таких как
:material-bug-outline: пассивные атаки - например, вредоносных программ, воздействующих на их устройства.
+В зависимости от твоих конкретных ситуаций, некоторые угрозы могут быть более важные, чем другие. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Аналогичным образом, многие люди могут быть в первую очередь обеспокоены
:material-account-search: публичной экспозицией своих личных данных, но им все равно следует опасаться проблем, связанных с безопасностью, таких как
:material-bug-outline: пассивные атаки - например, вредоносных программ, воздействующих на их устройства.
## Анонимность и Конфиденциальность
@@ -57,6 +58,31 @@ description: Модель угрозы уникальна для каждого,
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). Также следует убедиться, что диск зашифрован и что операционная система использует TPM или [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) или [Secure Element](https://developers.google.com/android/security/android-ready-se) для ограничения количества попыток ввода парольной фразы шифрования. Вам следует избегать совместного использования компьютера с людьми, которым вы не доверяете, поскольку большинство настольных операционных систем не шифруют данные отдельно для каждого пользователя.
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## Конфиденциальность от поставщиков услуг
:material-server-network: Поставщики услуг
diff --git a/i18n/ru/search-engines.md b/i18n/ru/search-engines.md
index af35b654..700e230f 100644
--- a/i18n/ru/search-engines.md
+++ b/i18n/ru/search-engines.md
@@ -4,25 +4,35 @@ title: "Поисковые системы"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Используйте поисковую систему, которая не строит рекламный профиль на основе ваших запросов.
-Приведенные здесь рекомендации основаны на политиках конфиденциальности этих сервисов. Не существует **никакой гарантии** того, что эти политики конфиденциальности будут соблюдены.
+## Рекомендованные провайдеры
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. Не существует **никакой гарантии** того, что эти политики конфиденциальности будут соблюдены.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
-{ align=right }
+{ align=right }
-**Brave Search** разработана компанией Brave и предоставляет результаты в основном из своего собственного, независимого индекса. Индекс оптимизирован под Google Search и поэтому может предоставлять более контекстно точные результаты по сравнению с другими альтернативами.
+**Brave Search** is a search engine developed by Brave. Индекс оптимизирован под Google Search и поэтому может предоставлять более контекстно точные результаты по сравнению с другими альтернативами.
-Brave Search включает такие уникальные функции, как Discussions, которая выделяет результаты, ориентированные на общение, например, сообщения на форумах.
-
-Мы рекомендуем вам отключить [Анонимные метрики использования](https://search.brave.com/help/usage-metrics), поскольку они включены по умолчанию и могут быть отключены в настройках.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ Brave Search включает такие уникальные функции, к
-Компания Brave Search базируется в США. В их [политике конфиденциальности](https://search.brave.com/help/privacy-policy) говорится, что они собирают агрегированные метрики использования, которые включают используемые операционную систему и браузер, однако никакой персонально идентифицируемой информации не собирается. IP-адреса временно обрабатываются, но не сохраняются.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** - одна из наиболее распространенных приватных поисковых систем. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** - одна из наиболее распространенных приватных поисковых систем. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo является поисковой системой по умолчанию для браузера Tor и одним из немногих доступных вариантов в браузере Safari от Apple.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo является поисковой системой по умолч
-Компания DuckDuckGo базируется в США. В их [политике конфиденциальности](https://duckduckgo.com/privacy) говорится, что они **ведут логи** ваших поисковых запросов в целях улучшения качества продукции, но не записывают IP-адреса или любую другую личную информацию.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. Однако в этих версиях меньше функций. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. Однако в этих версиях меньше функций. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-
-## SearXNG
+### Startpage
-{ align=right }
+{ align=right }
+{ align=right }
-**SearXNG** - это мета-поисковая система с открытым исходным кодом и возможностью самостоятельного хостинга, агрегирующая результаты других поисковых систем и не хранящая никакой информации сама. Это активно поддерживаемый форк [SearX](https://github.com/searx/searx).
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Несмотря на название, на эту функцию не следует полагаться для обеспечения анонимности. Если вам нужна анонимность, используйте [Tor Browser](tor.md#tor-browser).
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Основным акционером Startpage является компания System1, занимающаяся рекламными технологиями. Мы не считаем это проблемой, поскольку у них есть отдельная [политика конфиденциальности](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
+
+
+
+{ align=right }
+
+**SearXNG** is an open-source, self-hostable, metasearch engine. Это активно поддерживаемый форк [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ SearXNG — это прокси между пользователями и по
Если вы используете экземпляр SearXNG, обязательно ознакомьтесь с его политикой конфиденциальности. Поскольку экземпляры SearXNG могут быть изменены их владельцами, они могут не отражать их политику конфиденциальности. Некоторые экземпляры работают как скрытая служба Tor, что может обеспечить некоторую конфиденциальность, если ваши поисковые запросы не содержат ПД.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Несмотря на название, на эту функцию не следует полагаться для обеспечения анонимности. Если вам нужна анонимность, используйте [Tor Browser](tor.md#tor-browser).
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage базируется в Нидерландах. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. Они не хранят ваш IP-адрес, поисковые запросы или другую идентифицирующую вас информацию.
-
-Основным акционером Startpage является компания System1, занимающаяся рекламными технологиями. Мы не считаем это проблемой, поскольку у них есть отдельная [политика конфиденциальности](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Критерии
**Обрати внимание, что у нас нет связей ни с одним проектом, который мы рекомендуем.** В дополнение к [нашим стандартным критериям](about/criteria.md) мы разработали четкий набор требований, позволяющий давать объективные рекомендации. Перед тем, как вы решите выбрать какой-либо проект, мы рекомендуем вам ознакомиться со списком критериев и провести собственное исследование, чтобы убедиться в правильности своего выбора.
### Минимальные требования к сервисам
-- Не должны собирать информацию, позволяющую установить личность, согласно их политике конфиденциальности.
+- Must not collect PII per their privacy policy.
- Не должны позволять пользователям создавать учетную запись у них.
### В лучшем случае
@@ -119,3 +129,7 @@ Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they
- Должны быть основаны на ПО с открытым исходным кодом.
- Не должны блокировать IP-адреса выходящих узлов Tor.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/ru/tools.md b/i18n/ru/tools.md
index 4f9fe8b7..6b21808f 100644
--- a/i18n/ru/tools.md
+++ b/i18n/ru/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
Для получения более подробной информации о каждом проекте, почему он был выбран, а также о дополнительных советах или приемах, которые мы рекомендуем, нажмите на ссылку "Узнать больше" в каждом разделе или нажмите на саму рекомендацию, чтобы перейти в этот конкретный раздел страницы.
-## Сеть Tor
+## Tor Browser
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake не повышает уровень конфиденциальности, однако он позволяет вам легко внести свой вклад в сеть Tor и помочь людям в сетях с цензурой добиться большей конфиденциальности.
-
[Узнать больше :material-arrow-right-drop-circle:](tor.md)
## Браузеры для настольных компьютеров
@@ -489,9 +486,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[Узнать больше :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/sv/basics/common-misconceptions.md b/i18n/sv/basics/common-misconceptions.md
index 8f7b767b..1f3588fb 100644
--- a/i18n/sv/basics/common-misconceptions.md
+++ b/i18n/sv/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
-Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1]
+Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/sv/basics/common-threats.md b/i18n/sv/basics/common-threats.md
index eb65b946..c84103b6 100644
--- a/i18n/sv/basics/common-threats.md
+++ b/i18n/sv/basics/common-threats.md
@@ -9,13 +9,14 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
-
:material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
-
:material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
-
:material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
-
:material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities.
-
:material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
-
:material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public.
-
:material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online.
-Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-target-account: Targeted Attacks, but they probably still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
+Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
## Anonymity vs. Privacy
@@ -57,6 +58,31 @@ I **webbläsare**, **emailklienter** och **kontorsprogram** körs vanligtvis kod
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). Du bör också se till att enheten är krypterad och att operativsystemet använder en TPM eller Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) eller [Element](https://developers.google.com/android/security/android-ready-se) för att begränsa försöken att ange krypteringsfrasen. Du bör undvika att dela din dator med personer du inte litar på, eftersom de flesta stationära operativsystem inte krypterar data separat per användare.
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## Sekretess från tjänsteleverantörer
:material-server-network: Tjänsteleverantörer
diff --git a/i18n/sv/search-engines.md b/i18n/sv/search-engines.md
index 8f10f5d6..955860b3 100644
--- a/i18n/sv/search-engines.md
+++ b/i18n/sv/search-engines.md
@@ -4,25 +4,35 @@ title: "Sökmotorer"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Use a search engine that doesn't build an advertising profile based on your searches.
-The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+## Recommended Providers
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
-Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
-DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
-
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Kriterier
**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig.
### Minimikrav
-- Must not collect personally identifiable information per their privacy policy.
+- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Bästa fall
@@ -119,3 +129,7 @@ Våra kriterier för bästa fall representerar vad vi skulle vilja se av det per
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/sv/tools.md b/i18n/sv/tools.md
index ab1565d6..94c22e81 100644
--- a/i18n/sv/tools.md
+++ b/i18n/sv/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
Om du vill ha mer information om varje projekt, varför de valdes ut och ytterligare tips och tricks som vi rekommenderar, kan du klicka på länken "Läs mer" i varje avsnitt eller klicka på själva rekommendationen för att komma till det specifika avsnittet på sidan.
-## Tor-nätverket
+## Tor Browser
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake ökar inte integriteten, men det gör det möjligt för dig att enkelt bidra till Tor-nätverket och hjälpa människor i censurerade nätverk att få bättre integritet.
-
[Läs mer :material-arrow-right-drop-circle:](tor.md)
## Webbläsare för skrivbordet
@@ -489,9 +486,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[Läs mer :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/tr/basics/common-misconceptions.md b/i18n/tr/basics/common-misconceptions.md
index 8f7b767b..1f3588fb 100644
--- a/i18n/tr/basics/common-misconceptions.md
+++ b/i18n/tr/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
-Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1]
+Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/tr/basics/common-threats.md b/i18n/tr/basics/common-threats.md
index 67bd483b..6ddfa5a1 100644
--- a/i18n/tr/basics/common-threats.md
+++ b/i18n/tr/basics/common-threats.md
@@ -9,13 +9,14 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
-
:material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
-
:material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
-
:material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
-
:material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities.
-
:material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
-
:material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public.
-
:material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online.
-Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-target-account: Targeted Attacks, but they probably still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
+Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
## Anonymity vs. Privacy
@@ -57,6 +58,31 @@ By design, **web browsers**, **email clients**, and **office applications** typi
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## Privacy From Service Providers
:material-server-network: Service Providers
diff --git a/i18n/tr/search-engines.md b/i18n/tr/search-engines.md
index 6b21affd..02f24758 100644
--- a/i18n/tr/search-engines.md
+++ b/i18n/tr/search-engines.md
@@ -4,25 +4,35 @@ title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Use a search engine that doesn't build an advertising profile based on your searches.
-The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+## Önerilen Sağlayıcılar
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
-Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
-DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
-
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
-- Must not collect personally identifiable information per their privacy policy.
+- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case
@@ -119,3 +129,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/tr/tools.md b/i18n/tr/tools.md
index 4ad4fb7a..d99122c9 100644
--- a/i18n/tr/tools.md
+++ b/i18n/tr/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
-## Tor Network
+## Tor Tarayıcı
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
-
[Learn more :material-arrow-right-drop-circle:](tor.md)
## Desktop Web Browsers
@@ -489,9 +486,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[Learn more :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/uk/basics/common-misconceptions.md b/i18n/uk/basics/common-misconceptions.md
index 7f7a4e71..fd9db990 100644
--- a/i18n/uk/basics/common-misconceptions.md
+++ b/i18n/uk/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
Ці міфи випливають з низки упереджень, але доступність вихідного коду та спосіб ліцензування програмного забезпечення жодним чином не впливають на його безпеку. == Програмне забезпечення з відкритим вихідним кодом має *потенціал* бути безпечнішим, ніж пропрієтарне програмне забезпечення, але немає жодних гарантій, що це так.== Коли ви оцінюєте програмне забезпечення, ви повинні дивитися на репутацію та безпеку кожного інструменту на індивідуальній основі.
-Програмне забезпечення з відкритим кодом *може* перевірятися третіми сторонами і часто є більш прозорим щодо потенційних вразливостей, ніж пропрієтарні аналоги. Це також дає змогу ознайомитися з кодом та вимкнути всі підозрілі функції, які ви знайдете самі. Однак, *якщо ви не зробите цього*, немає ніякої гарантії, що код коли-небудь оцінювався, особливо для невеликих проєктів. Відкритий процес розробки також іноді використовується для впровадження нових вразливостей навіть у великі проєкти.[^1]
+Програмне забезпечення з відкритим кодом *може* перевірятися третіми сторонами і часто є більш прозорим щодо потенційних вразливостей, ніж пропрієтарні аналоги. Це також дає змогу ознайомитися з кодом та вимкнути всі підозрілі функції, які ви знайдете самі. Однак, *якщо ви не зробите цього*, немає ніякої гарантії, що код коли-небудь оцінювався, особливо для невеликих проєктів. The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
З іншого боку, пропрієтарне програмне забезпечення менш прозоре, але це не означає, що воно не є безпечним. Великі проєкти пропрієтарного програмного забезпечення можуть бути перевірені як внутрішніми, так і сторонніми організаціями, а незалежні дослідники безпеки все ще можуть знайти вразливості за допомогою таких методів, як зворотна інженерія.
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/uk/basics/common-threats.md b/i18n/uk/basics/common-threats.md
index 2038dbf4..7efc3d7a 100644
--- a/i18n/uk/basics/common-threats.md
+++ b/i18n/uk/basics/common-threats.md
@@ -9,13 +9,14 @@ description: Ваша модель загроз є особистою, але ц
-
:material-incognito: Анонімність — розмежування вашої активності в Інтернеті від вашої реальної особистості, захист від людей, які намагаються розкрити саме *вашу* особистість.
-
:material-target-account: Цільові атаки — захист від хакерів та інших зловмисників, які намагаються отримати доступ саме до *ваших* даних або пристроїв.
-
:material-bug-outline: Пасивні атаки — захист від таких речей, як шкідливе програмне забезпечення, витік даних та інших атак, спрямованих проти багатьох людей одразу.
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: Постачальники послуг — захист ваших даних від постачальників послуг (наприклад, за допомогою E2EE, що робить ваші дані нечитабельними для сервера).
-
:material-eye-outline: Масове спостереження — захист від державних установ, організацій, веб-сайтів та служб, які працюють разом, щоб відстежувати вашу діяльність.
-
:material-account-cash: Капіталізм нагляду — захист від великих рекламних мереж, таких як Google і Facebook, а також безлічі інших сторонніх збирачів даних.
-
:material-account-search: Публічний розголос — обмеження інформації про вас, яка доступна в Інтернеті - пошуковим системам або широкій громадськості.
-
:material-close-outline: Цензура — уникнення цензурованого доступу до інформації або цензури під час спілкування в Інтернеті.
-Деякі з цих загроз можуть бути важливішими для вас, ніж інші, залежно від ваших конкретних проблем. Наприклад, розробник програмного забезпечення, який має доступ до цінних або критично важливих даних, може бути в першу чергу стурбований
:material-target-account: цільовими атаками, але, ймовірно, він також хоче захистити свої персональні дані від
:material-eye-outline: програм масового спостереження. Аналогічно, багато людей можуть бути в першу чергу стурбовані
:material-account-search: публічним розголошенням їхніх персональних даних, але їм все одно слід остерігатися проблем, пов'язаних з безпекою, таких як
:material-bug-outline: пасивні атаки — як-от шкідливе програмне забезпечення, що вражає їхні пристрої.
+Деякі з цих загроз можуть бути важливішими для вас, ніж інші, залежно від ваших конкретних проблем. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Аналогічно, багато людей можуть бути в першу чергу стурбовані
:material-account-search: публічним розголошенням їхніх персональних даних, але їм все одно слід остерігатися проблем, пов'язаних з безпекою, таких як
:material-bug-outline: пасивні атаки — як-от шкідливе програмне забезпечення, що вражає їхні пристрої.
## Анонімність проти Конфіденційності
@@ -57,6 +58,31 @@ description: Ваша модель загроз є особистою, але ц
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). Також слід переконатися, що ваш диск зашифровано, а операційна система використовує TPM або Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) чи [Element](https://developers.google.com/android/security/android-ready-se) для обмеження кількості спроб введення ключової фрази шифрування. Вам слід уникати спільного використання комп'ютера з людьми, яким ви не довіряєте, оскільки більшість настільних операційних систем не шифрують дані окремо для кожного користувача.
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## Конфіденційність від постачальників послуг
:material-server-network: Постачальники послуг
diff --git a/i18n/uk/search-engines.md b/i18n/uk/search-engines.md
index 6b21affd..50239302 100644
--- a/i18n/uk/search-engines.md
+++ b/i18n/uk/search-engines.md
@@ -4,25 +4,35 @@ title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Use a search engine that doesn't build an advertising profile based on your searches.
-The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+## Рекомендовані DNS-провайдери
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
-Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
-DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
-
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
-- Must not collect personally identifiable information per their privacy policy.
+- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case
@@ -119,3 +129,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/uk/tools.md b/i18n/uk/tools.md
index 479ffb68..4d91542f 100644
--- a/i18n/uk/tools.md
+++ b/i18n/uk/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
-## Tor Network
+## Tor Browser
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
-
[Learn more :material-arrow-right-drop-circle:](tor.md)
## Desktop Web Browsers
@@ -489,9 +486,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[Learn more :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/vi/basics/common-misconceptions.md b/i18n/vi/basics/common-misconceptions.md
index 8f7b767b..1f3588fb 100644
--- a/i18n/vi/basics/common-misconceptions.md
+++ b/i18n/vi/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
-Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1]
+Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering.
@@ -94,4 +94,4 @@ One of the clearest threat models is one where people *know who you are* and one
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/vi/basics/common-threats.md b/i18n/vi/basics/common-threats.md
index 67bd483b..6ddfa5a1 100644
--- a/i18n/vi/basics/common-threats.md
+++ b/i18n/vi/basics/common-threats.md
@@ -9,13 +9,14 @@ Broadly speaking, we categorize our recommendations into the [threats](threat-mo
-
:material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically.
-
:material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically.
-
:material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once.
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
-
:material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities.
-
:material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
-
:material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public.
-
:material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online.
-Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-target-account: Targeted Attacks, but they probably still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
+Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with
:material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as
:material-bug-outline: Passive Attacks—like malware affecting their devices.
## Anonymity vs. Privacy
@@ -57,6 +58,31 @@ By design, **web browsers**, **email clients**, and **office applications** typi
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## Privacy From Service Providers
:material-server-network: Service Providers
diff --git a/i18n/vi/search-engines.md b/i18n/vi/search-engines.md
index d4f1a4ee..deff5899 100644
--- a/i18n/vi/search-engines.md
+++ b/i18n/vi/search-engines.md
@@ -4,25 +4,35 @@ title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Use a search engine that doesn't build an advertising profile based on your searches.
-The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+## Recommended Providers
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
-Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
-DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
-
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Framadate
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
-- Must not collect personally identifiable information per their privacy policy.
+- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case
@@ -119,3 +129,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/vi/tools.md b/i18n/vi/tools.md
index 8517434c..cf7a06d6 100644
--- a/i18n/vi/tools.md
+++ b/i18n/vi/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
-## Tor Network
+## Tor Browser
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
-
[Learn more :material-arrow-right-drop-circle:](tor.md)
## Desktop Web Browsers
@@ -489,9 +486,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[Learn more :material-arrow-right-drop-circle:](alternative-networks.md)
+
### Device Integrity Verification
diff --git a/i18n/zh-Hant/basics/common-misconceptions.md b/i18n/zh-Hant/basics/common-misconceptions.md
index 9acea33f..0b2b4805 100644
--- a/i18n/zh-Hant/basics/common-misconceptions.md
+++ b/i18n/zh-Hant/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
這些迷思源於許多偏見,原始碼是否開放以及軟體的許可並不會以任何方式影響其安全性。 ==開源軟件 *可能* 比商業軟件更安全,但絕對不能保證這一點。==評估軟體時,您應該根據每個工具的聲譽和安全性進行評估。
-開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非您真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 開放的發展過程有時會遭利用,甚至在大型專案中被引入新的漏洞。
+開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非您真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
另一方面,專有軟件不太透明,但這並不意味著它不安全。 主要的商用軟件專案會由內部和第三方機構進行審計,獨立的安全研究人員仍然可以通過逆向工程等技術發現漏洞。
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/zh-Hant/basics/common-threats.md b/i18n/zh-Hant/basics/common-threats.md
index 916cf388..fbe65742 100644
--- a/i18n/zh-Hant/basics/common-threats.md
+++ b/i18n/zh-Hant/basics/common-threats.md
@@ -9,13 +9,14 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
-
:material-incognito: 匿名 -保護您的在線活動免受您真實身份影響,保護您防範某些企圖揭露 *您* 身份的侵害。
-
:material-target-account: 針對性的攻擊 -保護免受駭客或其他惡意行為者的攻擊,他們正試圖存取訪問 *您的* 資料或設備。
-
:material-bug-outline: 被動攻擊 -保護免受惡意軟體、數據洩露和其他同時針對多人的攻擊。
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: 服務供應商 - 保護您的資料免受服務供應商侵害(例如,使用 E2EE ,使您保存在伺服器的資料無法被他人讀取)。
-
:material-eye-outline: 大規模監控 -保護您免受政府機構、組織、網站和服務共同追蹤您的活動。
-
:material-account-cash: 監控資本主義 - 保議自己不會被 Google, Facebook 等大型網路廣告以及其它無數第三方資料收集者監控。
-
:material-account-search: 公開曝光 -限制搜尋引擎或一般大眾可在網路上找到有關您的資訊。
-
:material-close-outline: 審查 -避免資訊被封鎖或自己的網路發言時受到審查。
-其中一些威脅對您來說可能比其他威脅更嚴重,這取決於您的具體問題。 例如,有權訪問有價值或重要資料的開發人員可能主要關注
:material-target-account: 針對性攻擊,但他們仍然希望保護自己的個資免受
:material-eye-outline: 大規模監控 計劃的影響。 同樣,許多人主要關心其個人資料的
:material-account-search: 公開曝光 ,但他們仍應該警惕聚焦安全的問題,例如
:material-bug-outline: 被動攻擊-例如惡意軟件影響他們的設備。
+其中一些威脅對您來說可能比其他威脅更嚴重,這取決於您的具體問題。 For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. 同樣,許多人主要關心其個人資料的
:material-account-search: 公開曝光 ,但他們仍應該警惕聚焦安全的問題,例如
:material-bug-outline: 被動攻擊-例如惡意軟件影響他們的設備。
## 匿名 vs. 隱私
@@ -57,6 +58,31 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多
若特別擔心 **物理攻擊**,就應選用具安全驗證開機的作業系統,例如 Android, iOS, macOS, 或[Windows (帶 TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process)。 應確保您的驅動器是加密的,並且操作系統使用 TPM或 Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) 或 [Element](https://developers.google.com/android/security/android-ready-se) 來限制輸入加密密碼的嘗試率。 您應該避免與不信任的人共享您的電腦,因為大多數桌面作業系統不會單獨加密每個用戶的數據。
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## 服務供應商的隱私權
:material-server-network: 服務提供商
diff --git a/i18n/zh-Hant/search-engines.md b/i18n/zh-Hant/search-engines.md
index 6ee7de5f..83b2f4ff 100644
--- a/i18n/zh-Hant/search-engines.md
+++ b/i18n/zh-Hant/search-engines.md
@@ -4,25 +4,35 @@ title: "搜尋引擎"
icon: material/search-web
description: 這些尊重隱私的搜尋引擎不會根據用戶的搜尋建立廣告剖繪。
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
這些尊重隱私的搜尋引擎不會根據您的搜尋建立廣告剖繪。
-這裡的建議是基於每個服務的隱私政策的優點。 **不能保證**這些隱私政策都有好好落實。
+## 推薦的 DNS 提供商
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. **不能保證**這些隱私政策都有好好落實。
如果您的威脅模型需要向搜尋供應商隱藏您的IP位址,請考慮使用 [VPN](vpn.md) 或 [Tor](tor.md) 。
-## Brave Search
+| 提供商 | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** 由 Brave 開發,主要提供自己獨立索引的結果。 該索引是針對 Google 搜索進行優化,因此與其他替代方案相比,可以提供更具上下文準確性的結果。
+**Brave Search** is a search engine developed by Brave. 該索引是針對 Google 搜索進行優化,因此與其他替代方案相比,可以提供更具上下文準確性的結果。
-Brave Search 包括獨特的功能,如討論,突出了對話為中心的結果,如論壇文章。
-
-我們建議您停用 [匿名使用指標](https://search.brave.com/help/usage-metrics) ,因為它預設為啟用,可在設定中停用。
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ Brave Search 包括獨特的功能,如討論,突出了對話為中心的結
-Brave Search 總部在美國。 他們的 [隱私政策](https://search.brave.com/help/privacy-policy) 規定他們收集聚合使用指標,其中包括正在使用的作業系統和瀏覽器,但沒有收集個人識別資訊。 IP位址會暫時處理,但不會保留。
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** 最主流的隱私搜尋引擎選項之一。 著名的 DuckDuckGo 搜索功能包括 [bangs](https://duckduckgo.com/bang)和許多[即時答案](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features)。 搜尋引擎依賴商業 Bing API 來提供大多數結果,但它確實使用許多[其他來源](https://help.duckduckgo.com/results/sources/)來獲取即時答案和其他非主要結果。
+**DuckDuckGo** 最主流的隱私搜尋引擎選項之一。 Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo 是 Tor瀏覽器的預設搜尋引擎,也是 Apple Safari 瀏覽器上為數不多的可用選項之一。
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo 是 Tor瀏覽器的預設搜尋引擎,也是 Apple Safari 瀏覽器
-Brave Search 總部在美國。 他們的[隱私政策](https://duckduckgo.com/privacy)聲明他們**確實** 記錄使用者搜尋以改善其產品,但不會記錄 IP 地址或其它可識別的個人資訊。
+DuckDuckGo 提供兩種 [其它版本](https://help.duckduckgo.com/features/non-javascript) 搜尋引擎,兩者皆不需要JavaScript。 然而,這些版本缺少特色。 These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo 提供兩種 [其它版本](https://help.duckduckgo.com/features/non-javascript) 搜尋引擎,兩者皆不需要JavaScript。 然而,這些版本缺少特色。 這些版本也可以透過 [ Tor 洋蔥網址](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite)各自附件[ /lite ](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite)或[/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) 的版本。
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. Startpage 的獨特功能之一是 [匿名視圖](https://startpage.com/en/anonymous-view/) ,它努力標準化用戶活動,使其更難被突出識別。 這個功能可用來隱藏 [某些](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) 網路與瀏覽器特徵。 不像名字所暗示的,該功能不應該依賴於匿名。 如果您正在尋找匿名性,請改用 [Tor瀏覽器](tor.md#tor-browser)。
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage 大股東是System1,它是一家廣告技術公司。 我們不認為這是問題,因為他們有明顯分開的 [隱私政策](https://system1.com/terms/privacy-policy)。 The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** 是一個開源、自我託管的中繼搜索引擎,聚合其他搜索引擎的結果,而自身不儲存任何資訊。 它是一個積極維護的 [SearX](https://github.com/searx/searx) 分支。
+**SearXNG** is an open-source, self-hostable, metasearch engine. 它是一個積極維護的 [SearX](https://github.com/searx/searx) 分支。
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ SearXNG 是您和它所聚合的搜尋引擎之間的代理。 您的搜尋查
當您使用 SearXNG 實體時,請務必閱讀他們的隱私權政策。 由於 SearXNG 實體可能會被其擁有者修改,因此它們不一定反映其隱私政策。 有些實體是以 Tor 隱藏服務運行,只要您的搜尋查詢不包含 PII ,這可能會授予一些隱私。
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage**為私密搜尋引擎,提供[Google 與 Bing](https://support.startpage.com/hc/en-us/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) 的搜尋結果。 Startpage 的獨特功能之一是 [匿名視圖](https://startpage.com/en/anonymous-view/) ,它努力標準化用戶活動,使其更難被突出識別。 這個功能可用來隱藏 [某些](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) 網路與瀏覽器特徵。 不像名字所暗示的,該功能不應該依賴於匿名。 如果您正在尋找匿名性,請改用 [Tor瀏覽器](tor.md#tor-browser)。
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage位於荷蘭。 根據他們的 [隱私政策](https://startpage.com/en/privacy-policy),他們記錄細節如:作業系統、瀏覽器類型和語言。 他們不會記錄您的IP位址、搜尋查詢或其他個人識別資訊。
-
-Startpage 大股東是System1,它是一家廣告技術公司。 我們不認為這是問題,因為他們有明顯分開的 [隱私政策](https://system1.com/terms/privacy-policy)。 The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
### 最低合格要求
-- 不得根據其隱私權政策收集個人身份資訊。
+- Must not collect PII per their privacy policy.
- 不得要求使用者建立帳戶。
### 最佳案例
@@ -119,3 +129,7 @@ Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they
- 應該以開源軟體為基礎。
- 不應該封鎖 Tor退出節點的 IP位址。
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/zh-Hant/tools.md b/i18n/zh-Hant/tools.md
index 6dc04f5b..46797c8d 100644
--- a/i18n/zh-Hant/tools.md
+++ b/i18n/zh-Hant/tools.md
@@ -13,19 +13,16 @@ description: Privacy Guides 是最透明和可靠的網站,用於尋找保護
有關每個項目的詳細資訊,為什麼選擇它們,以及我們推薦的其他提示或技巧,請點擊每個部分中的“了解更多”連結,或點擊推薦本身以轉到頁面的特定部分。
-## Tor 網絡
+## Tor Browser
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake 無法提高隱私,但它可以讓您輕鬆地為 Tor網絡做出貢獻,並幫助受審查網絡中的人們實現更好的隱私。
-
[了解更多 :material-arrow-right-drop-circle:](tor.md)
## 桌面瀏覽器
@@ -489,9 +486,12 @@ description: Privacy Guides 是最透明和可靠的網站,用於尋找保護
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[了解更多 :material-arrow-right-drop-circle:](alternative-networks.md)
+
### 設備完整性驗證
diff --git a/i18n/zh/basics/common-misconceptions.md b/i18n/zh/basics/common-misconceptions.md
index 5907defb..06e69e4e 100644
--- a/i18n/zh/basics/common-misconceptions.md
+++ b/i18n/zh/basics/common-misconceptions.md
@@ -42,7 +42,7 @@ schema:
这些神话源于一些偏见,但软件产品的来源和许可并不以任何方式内在地影响其安全性。 ==开源软件 *有可能* 比专有软件更安全, 但对于这一点没有绝对保证。== 在你评估软件时,需要去逐一检查每个工具的声誉和安全性。
- 开源软件 *,可以由第三方进行审计,而且通常比专有的同类软件对潜在的漏洞更加透明。 它还允许你审查代码并禁用你自己发现的任何可疑功能。 然而, *,除非你这样做*,否则不能保证代码曾经被评估过,特别是对于较小的软件项目。 开放的开发过程有时也被利用,甚至在大型项目中引入新的漏洞。[^1]
+ 开源软件 *,可以由第三方进行审计,而且通常比专有的同类软件对潜在的漏洞更加透明。 它还允许你审查代码并禁用你自己发现的任何可疑功能。 然而, *,除非你这样做*,否则不能保证代码曾经被评估过,特别是对于较小的软件项目。 The open development process has also sometimes been exploited to introduce new vulnerabilities known as
:material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1]
从另一个角度看,专利软件的透明度较低,但这并不意味着它不安全。 主要的专利软件项目可以由内部和第三方机构进行审计,而独立的安全研究人员仍然可以通过逆向工程等技术找到漏洞。
@@ -94,4 +94,4 @@ schema:
Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.)
-[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
+[^1]: A notable supply chain attack occurred in March 2024, when a malicious maintainer added a obfuscated backdoor into `xz`, a popular compression library. The backdoor ([CVE-2024-3094](https://www.cve.org/CVERecord?id=CVE-2024-3094)) was intended to give an unknown party remote access to most Linux servers via SSH, but it was discovered before it had been widely deployed.
diff --git a/i18n/zh/basics/common-threats.md b/i18n/zh/basics/common-threats.md
index 88f3abb8..50a04c93 100644
--- a/i18n/zh/basics/common-threats.md
+++ b/i18n/zh/basics/common-threats.md
@@ -9,13 +9,14 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
-
:material-incognito: 匿名性 - 隔离你的线上活动和你的真实身份, 特别是要保护 *你的* 身份不被人揭露。
-
:material-target-account: 定向攻击 -防御专业黑客或恶意代理人获得,特别是 *你的* 数据或设备的访问权。
-
:material-bug-outline: 被动攻击 - 防御诸如恶意软件、数据泄露和其他一些同时针对许多人的攻击。
+-
:material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party.
-
:material-server-network: 服务供应商 - 保护您的数据不受服务供应商的影响,例如,通过端到端加密使您的数据无法被服务器读取。
-
:material-eye-outline: 大规模监控 - 防止政府机构、组织、网站和服务联合起来共同追踪你的活动。
-
:material-account-cash: 监视资本主义 - 保护自己不受谷歌和Facebook等大型广告网络以及其他无数第三方数据收集者的影响
-
:material-account-search: 公开曝光 - 限制搜索引擎或一般公众在线访问到关于你的信息的能力。
-
:material-close-outline: 审查 - 避免信息的获取受到审查或者在网上的发言被审查。
-其中一些威胁可能比其他威胁更重要,具体取决于您的关注点。 例如,一个能接触到有价值或关键数据的软件开发者可能主要关注
:material-target-account: 定向攻击,但除此之外,他们可能仍然希望保护自己的个人数据不被卷进
:material-eye-outline: 大规模监控 计划。 同样,"普通人 "可能主要关心他们的个人数据的
:material-account-search: ,公开曝光 ,但他们仍应警惕那些侧重于安全的问题,比如
:material-bug-outline: ,被动攻击,就像那些会影响到设备的恶意软件 。
+其中一些威胁可能比其他威胁更重要,具体取决于您的关注点。 For example, a software developer with access to valuable or critical data may be primarily concerned with
:material-package-variant-closed-remove: Supply Chain Attacks and
:material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in
:material-eye-outline: Mass Surveillance programs. 同样,"普通人 "可能主要关心他们的个人数据的
:material-account-search: ,公开曝光 ,但他们仍应警惕那些侧重于安全的问题,比如
:material-bug-outline: ,被动攻击,就像那些会影响到设备的恶意软件 。
## 匿名与隐私
@@ -57,6 +58,31 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://learn.microsoft.com/windows/security/information-protection/secure-the-windows-10-boot-process). 你还应该确保你的驱动器是加密的,并且操作系统使用TPM或安全 [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) 或 [Element](https://developers.google.com/android/security/android-ready-se) ,以限制输入加密口令的重试速率。 你应该避免与你不信任的人分享你的电脑,因为大多数桌面操作系统没有按用户单独加密数据。
+
:material-package-variant-closed-remove: Supply Chain Attacks
+
+Supply chain attacks are frequently a form of
:material-target-account: Targeted Attack towards businesses, governments, and activists, although they can end up compromising the public at large as well.
+
+
+
Example
+
+A notable example of this occurred in 2017 when M.E.Doc, a popular accounting software in Ukraine, was infected with the *NotPetya* virus, subsequently infecting people who downloaded that software with ransomware. NotPetya itself was a ransomware attack which impacted 2000+ companies in various countries, and was based on the *EternalBlue* exploit developed by the NSA to attack Windows computers over the network.
+
+
+
+There are few ways in which this type of attack might be carried out:
+
+1. A contributor or employee might work their way into a position of power within a project or organization, then abuse that position by adding malicious code.
+2. A developer may be coerced by an outside party to add malicious code.
+3. An individual or group might identify a third party software dependency (also known as a library) and work to infiltrate it with the above two methods, knowing that it will be used by "downstream" software developers.
+
+These sorts of attacks can require a lot of time and preparation to perform and are risky because they can be detected, particularly in open source projects if they are popular and have outside interest. Unfortunately they're also one of the most dangerous as they are very hard to mitigate entirely. We would encourage readers only use software which has a good reputation and makes an effort to reduce risk by:
+
+1. Only adopting popular software that has been around for a while. The more interest in a project the greater likelihood that external parties will notice malicious changes. A malicious actor will also need to spend more time gaining community trust with meaningful contributions.
+2. Finding software which releases binaries with widely-used, trusted build infrastructure platforms, as opposed to developer workstations or self-hosted servers. Some systems like GitHub Actions let you inspect the build script that runs publicly for extra confidence. This lessens the likelihood that malware on a developer's machine could infect their packages, and gives confidence that the binaries produced are in fact produced correctly.
+3. Looking for code signing on individual source code commits and releases, which creates an auditable trail of who did what. For example: Was the malicious code in the software repository? Which developer added it? Was it added during the build process?
+4. Checking whether the source code has meaningful commit messages (such as [conventional commits](https://conventionalcommits.org)) which explain what the change is supposed to accomplish. Clear messages can make it easier for outsiders to the project to verify, audit, and find bugs.
+5. Noting the number of contributors or maintainers a program has. A lone developer may be more susceptible to being coerced into adding malicious code by an external party, or to negligently enable undesirable behavior. This may very well mean software developed by "Big Tech" has more scrutiny than a lone developer who doesn't answer to anyone.
+
## 来自服务提供商的隐私
:material-server-network: 服务提供商
diff --git a/i18n/zh/search-engines.md b/i18n/zh/search-engines.md
index 6b21affd..cd655041 100644
--- a/i18n/zh/search-engines.md
+++ b/i18n/zh/search-engines.md
@@ -4,25 +4,35 @@ title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
cover: search-engines.webp
+global:
+ -
+ - randomize-element
+ - "table tbody"
---
Use a search engine that doesn't build an advertising profile based on your searches.
-The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
+## 推荐的供应商
+
+The recommendations here do not collect personally identifying information (PII) based on each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](tor.md) if your threat model requires hiding your IP address from the search provider.
-## Brave Search
+| Provider | Search Index | Tor Hidden Service | Logging / Privacy Policy | Country of Operation |
+| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | ------------------------ | -------------------- |
+| [Brave Search](#brave-search) | [Independent](https://brave.com/search-independence/) | :material-check:{ .pg-green } | Anonymized[^1] | United States |
+| [DuckDuckGo](#duckduckgo) | [Bing](https://help.duckduckgo.com/results/sources) | :material-check:{ .pg-green } | Anonymized[^2] | United States |
+| [Startpage](#startpage) | [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) | :material-check:{ .pg-green } | Anonymized[^3] | Netherlands |
+
+### Brave Search
{ align=right }
-**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
+**Brave Search** is a search engine developed by Brave. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
-Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
-
-We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
+Brave Search includes unique features such as [Discussions](https://search.brave.com/help/discussions), which highlights conversation-focused results—such as forum posts.
[:octicons-home-16: Homepage](https://search.brave.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
@@ -33,17 +43,17 @@ We recommend you disable [Anonymous usage metrics](https://search.brave.com/help
-Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
+We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
-## DuckDuckGo
+### DuckDuckGo
{ align=right }
-**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources) for instant answers and other non-primary results.
+**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and a variety of [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features). The search engine uses numerous [sources](https://help.duckduckgo.com/results/sources) other than Bing for instant answers and other non-primary results.
-DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser.
+DuckDuckGo is the default search engine for the [Tor Browser](tor.md#tor-browser) and is one of the few available options on Apple’s [Safari](mobile-browsers.md#safari) browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
@@ -54,17 +64,41 @@ DuckDuckGo is the default search engine for the Tor Browser and is one of the fe
-DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
+DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their Tor hidden address by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
-DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
+### Startpage
-## SearXNG
+
+
+{ align=right }
+{ align=right }
+
+**Startpage** is a private search engine. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
+
+[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
+[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
+[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
+[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
+
+
+
+
+
+Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
+
+Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
+
+## Metasearch Engines
+
+A [metasearch engine](https://en.wikipedia.org/wiki/Metasearch_engine) allows you to aggregate the results of other search engines, such as the ones recommended above, while not storing any information itself.
+
+### SearXNG
{ align=right }
-**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
+**SearXNG** is an open-source, self-hostable, metasearch engine. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space){ .card-link title="Public Instances"}
@@ -80,37 +114,13 @@ When self-hosting, it is important that you have other people using your instanc
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
-## Startpage
-
-
-
-{ align=right }
-{ align=right }
-
-**Startpage** is a private search engine known for serving [Google and Bing](https://support.startpage.com/hc/articles/4522435533844-What-is-the-relationship-between-Startpage-and-your-search-partners-like-Google-and-Microsoft-Bing) search results. One of Startpage's unique features is the [Anonymous View](https://startpage.com/en/anonymous-view), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
-
-[:octicons-home-16: Homepage](https://startpage.com){ .md-button .md-button--primary }
-[:simple-torbrowser:](http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion){ .card-link title="Onion Service" }
-[:octicons-eye-16:](https://startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
-[:octicons-info-16:](https://support.startpage.com/hc/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
-
-
-
-
-
-Startpage is based in the Netherlands. According to their [privacy policy](https://startpage.com/en/privacy-policy), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
-
-Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://blog.privacyguides.org/2020/05/03/relisting-startpage) to clear up any concerns with System1's sizeable investment into the service, and we were satisfied with the answers we received.
-
-Startpage previously placed limitations on VPN and [Tor](tor.md) users, but they recently created an [official](https://support.startpage.com/hc/en-us/articles/24786602537364-Startpage-s-Tor-onion-service) Tor hidden service, and as of April 2024 we have no longer noticed extra roadblocks for Tor or [VPN](vpn.md) users.
-
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
-- Must not collect personally identifiable information per their privacy policy.
+- Must not collect PII per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case
@@ -119,3 +129,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.
+
+[^1]: Brave Search collects aggregated usage metrics, which includes the OS and the user agent. However, they do not collect PII. To serve [anonymous local results](https://search.brave.com/help/anonymous-local-results), IP addresses are temporarily processed, but are not retained. [https://search.brave.com/help/privacy-policy](https://search.brave.com/help/privacy-policy)
+[^2]: DuckDuckGo **does** log your searches for product improvement purposes, but not your IP address or any other PII. [https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)
+[^3]: Startpage logs details such as operating system, user agent, and language. They do not log your IP address, search queries, or other PII. [https://startpage.com/en/privacy-policy](https://startpage.com/en/privacy-policy)
diff --git a/i18n/zh/tools.md b/i18n/zh/tools.md
index 7f961e2c..cae03f51 100644
--- a/i18n/zh/tools.md
+++ b/i18n/zh/tools.md
@@ -13,19 +13,16 @@ If you want assistance figuring out the best privacy tools and alternative progr
关于每个项目的更多相关细节, 为什么选择它们以及我们提议的一些额外的使用提示或技巧,请点击每个部分的 "了解详情" 链接, 或者也可以点击推荐项本身来转到具体的页面部分。
-## 桌面端浏览器
+## Tor浏览器
-
+
- { .twemoji } [Tor Browser](tor.md#tor-browser)
- { .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- { .twemoji } [Onion Browser (Tor for iOS)](tor.md#onion-browser)
-- { .twemoji }{ .twemoji } [Snowflake](tor.md#snowflake) (1)
-1. Snowflake 不能够增进你的隐私,但它能够让你轻松地为Tor网络做出贡献,并帮助那些受网络审查的人获得更好的隐私。
-
[了解更多 :hero-arrow-circle-right-fill:](tor.md)
## 移动端浏览器
@@ -497,9 +494,12 @@ These tools may provide utility for certain individuals. They provide functional
- { .twemoji } { .twemoji } [I2P](alternative-networks.md#i2p-the-invisible-internet-project)
- { .twemoji } [Tor](alternative-networks.md#tor)
+- { .twemoji }{ .twemoji } [Snowflake](alternative-networks.md#snowflake)
+[了解更多 :hero-arrow-circle-right-fill:](alternative-networks.md)
+
### Device Integrity Verification