ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/ar/desktop.md b/i18n/ar/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/ar/desktop.md +++ b/i18n/ar/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/ar/os/linux-overview.md b/i18n/ar/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/ar/os/linux-overview.md +++ b/i18n/ar/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/ar/os/windows/index.md b/i18n/ar/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/ar/os/windows/index.md +++ b/i18n/ar/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/bn-IN/basics/common-misconceptions.md b/i18n/bn-IN/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/bn-IN/basics/common-misconceptions.md +++ b/i18n/bn-IN/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/bn-IN/basics/common-threats.md b/i18n/bn-IN/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/bn-IN/basics/common-threats.md +++ b/i18n/bn-IN/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/bn-IN/desktop.md b/i18n/bn-IN/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/bn-IN/desktop.md +++ b/i18n/bn-IN/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/bn-IN/os/linux-overview.md b/i18n/bn-IN/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/bn-IN/os/linux-overview.md +++ b/i18n/bn-IN/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/bn-IN/os/windows/index.md b/i18n/bn-IN/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/bn-IN/os/windows/index.md +++ b/i18n/bn-IN/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/bn/basics/common-misconceptions.md b/i18n/bn/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/bn/basics/common-misconceptions.md +++ b/i18n/bn/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/bn/basics/common-threats.md b/i18n/bn/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/bn/basics/common-threats.md +++ b/i18n/bn/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/bn/desktop.md b/i18n/bn/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/bn/desktop.md +++ b/i18n/bn/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/bn/os/linux-overview.md b/i18n/bn/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/bn/os/linux-overview.md +++ b/i18n/bn/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/bn/os/windows/index.md b/i18n/bn/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/bn/os/windows/index.md +++ b/i18n/bn/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/cs/basics/common-misconceptions.md b/i18n/cs/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/cs/basics/common-misconceptions.md +++ b/i18n/cs/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/cs/basics/common-threats.md b/i18n/cs/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/cs/basics/common-threats.md +++ b/i18n/cs/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/cs/desktop.md b/i18n/cs/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/cs/desktop.md +++ b/i18n/cs/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/cs/os/linux-overview.md b/i18n/cs/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/cs/os/linux-overview.md +++ b/i18n/cs/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/cs/os/windows/index.md b/i18n/cs/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/cs/os/windows/index.md +++ b/i18n/cs/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/de/basics/common-misconceptions.md b/i18n/de/basics/common-misconceptions.md index 5ab20f4f..a4ead810 100644 --- a/i18n/de/basics/common-misconceptions.md +++ b/i18n/de/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/de/basics/common-threats.md b/i18n/de/basics/common-threats.md index 8407b76c..e6751895 100644 --- a/i18n/de/basics/common-threats.md +++ b/i18n/de/basics/common-threats.md @@ -6,15 +6,50 @@ description: Deine persönliche Bedrohungsanalyse kannst nur du selber durchfüh Wir ordnen unsere Empfehlungen nach [Bedrohungen](threat-modeling.md) beziehungsweise Zielen, die für die meisten Menschen gelten. ==Dich können keine, eine, einige oder alle dieser Themen betreffen==, und du solltest die von dir eingesetzten Werkzeuge und Dienste von deinen Zielen abhängig machen. Du kannst auch spezifische Bedrohungen außerhalb dieser Kategorien haben, das ist völlig in Ordnung! Wichtig ist, dass du die Vorteile und Schwächen der von dir gewählten Werkzeuge kennst, denn praktisch keines davon schützt dich vor jeder Bedrohung. -- :material-incognito: Anonymität - Trennen deiner Online-Aktivitäten von deiner realen Identität, um dich vor Personen zu schützen, die gezielt versuchen *deine* Identität aufzudecken. -- :material-target-account: Gezielte Angriffe - Schutz vor Hackern oder anderen böswilligen Akteuren, die versuchen, sich Zugang zu *deinen* Daten oder Geräten zu verschaffen. -- :material-bug-outline: Passive Angriffe - Schutz vor Malware, Datenleaks und anderen Angriffen, die sich gegen viele Menschen gleichzeitig richten. -- :material-package-variant-closed-remove: Supply Chain-Angriffe - Eine Schwachstelle oder ein Exploit, die, bzw. der entweder direkt oder über eine Abhängigkeit aus einer weiteren Quelle in ansonsten gute Software eingeschleust wird. -- :material-server-network: Diensteanbieter - Schutz deiner Daten vor Dienstleistern (z. B. mit E2EE, welche deine Daten für den Server unlesbar macht). -- :material-eye-outline: Massenüberwachung - Schutz vor Regierungsbehörden, Organisationen, Webseiten und Diensten, die zusammenarbeiten, um deine Aktivitäten zu verfolgen. -- :material-account-cash: Überwachungskapitalismus - Schütz dich vor großen Werbenetzwerken wie Google und Facebook sowie vor einer Vielzahl anderer Datensammler. -- :material-account-search: Öffentliche Bloßstellung - Begrenzung der Informationen über dich online—für Suchmaschinen oder die allgemeine Öffentlichkeit. -- :material-close-outline: Zensur - Umgehen von beschränktem Zugang zu Informationen oder vermeiden selbst zensiert zu werden. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Einige dieser Bedrohungen können für dich wichtiger sein als andere, je nach deinen spezifischen Anliegen. Ein Softwareentwickler, der Zugang zu wertvollen oder kritischen Daten hat, könnte sich beispielsweise in erster Linie über :material-package-variant-closed-remove: Supply Chain-Angriffe und :material-target-account: Targeted Attacks Sorgen machen. Sie werden wahrscheinlich immer noch ihre persönlichen Daten davor schützen wollen, von :material-eye-outline: Massenüberwachungsprogrammen erfasst zu werden. Ebenso sind viele Menschen vielleicht in erster Linie besorgt über die :material-account-search: Öffentliche Bloßstellung ihrer persönlichen Daten, sollten aber trotzdem auf sicherheitsrelevante Probleme achten, wie z. B. :material-bug-outline: Passive Angriffe - wie Malware, die ihre Geräte befallen. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/de/desktop.md b/i18n/de/desktop.md index ae9fb860..d306071c 100644 --- a/i18n/de/desktop.md +++ b/i18n/de/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/de/os/linux-overview.md b/i18n/de/os/linux-overview.md index 3c4fe4e0..269b13eb 100644 --- a/i18n/de/os/linux-overview.md +++ b/i18n/de/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/de/os/windows/index.md b/i18n/de/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/de/os/windows/index.md +++ b/i18n/de/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/el/basics/common-misconceptions.md b/i18n/el/basics/common-misconceptions.md index 97c92cc2..9bfa3283 100644 --- a/i18n/el/basics/common-misconceptions.md +++ b/i18n/el/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Αυτοί οι μύθοι πηγάζουν από μια σειρά προκαταλήψεων, ωστόσο το αν ο πηγαίος κώδικας είναι διαθέσιμος και πως αδειοδοτείται το λογισμικό δεν επηρεάζουν εγγενώς την ασφάλειά του με οποιονδήποτε τρόπο. ==Το λογισμικό ανοικτού κώδικα έχει τη δυνατότητα ** να είναι πιο ασφαλές από το ιδιόκτητο λογισμικό, αλλά δεν υπάρχει καμία απολύτως εγγύηση ότι αυτό υφίσταται στην πράξη.== Όταν αξιολογείς λογισμικό, θα πρέπει να εξετάζεις τη φήμη και την ασφάλεια κάθε εργαλείου σε ατομική βάση. -Το λογισμικό ανοικτού κώδικα *μπορεί να ελεγχθεί από τρίτα μέρη* και είναι συχνά πιο διαφανές όσον αφορά ενδεχόμενες αδυναμίες από ότι τα αντίστοιχα ιδιόκτητα λογισμικά. Επιπροσθέτως σου επιτρέπει να ελέγξεις τον κώδικα και να απενεργοποιήσεις οποιαδήποτε ύποπτη λειτουργία ανακαλύψεις. Ωστόσο, *εκτός και αν προβείς στον παραπάνω έλεγχο*, δεν υπάρχει καμία εγγύηση, ότι ο κώδικας έχει ποτέ αξιολογηθεί, ιδίως στην περίπτωση μικρότερων έργων λογισμικού. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Το λογισμικό ανοικτού κώδικα *μπορεί να ελεγχθεί από τρίτα μέρη* και είναι συχνά πιο διαφανές όσον αφορά ενδεχόμενες αδυναμίες από ότι τα αντίστοιχα ιδιόκτητα λογισμικά. Επιπροσθέτως σου επιτρέπει να ελέγξεις τον κώδικα και να απενεργοποιήσεις οποιαδήποτε ύποπτη λειτουργία ανακαλύψεις. Ωστόσο, *εκτός και αν προβείς στον παραπάνω έλεγχο*, δεν υπάρχει καμία εγγύηση, ότι ο κώδικας έχει ποτέ αξιολογηθεί, ιδίως στην περίπτωση μικρότερων έργων λογισμικού. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Από την άλλη πλευρά, το ιδιόκτητο λογισμικό είναι λιγότερο διαφανές, αλλά αυτό δε σημαίνει ότι δεν είναι ασφαλές. Σημαντικά έργα ιδιόκτητου λογισμικού μπορούν να ελεγχθούν εσωτερικά, καθώς και από οργανισμούς τρίτων μερών και ανεξάρτητοι ερευνητές ασφάλειας είναι ακόμη σε θέση να βρουν ευπάθειες με τεχνικές όπως η αντίστροφη μηχανική. diff --git a/i18n/el/basics/common-threats.md b/i18n/el/basics/common-threats.md index b6eba3cb..c16c9d0e 100644 --- a/i18n/el/basics/common-threats.md +++ b/i18n/el/basics/common-threats.md @@ -6,15 +6,50 @@ description: Το μοντέλο απειλής σου είναι προσωπι Γενικά, κατηγοριοποιούμε τις συστάσεις μας σε [απειλές](threat-modeling.md) ή στόχους που αφορούν τα περισσότερα άτομα. ==Ίσως νοιάζεσαι για μία ή περισσότερες (ή και καμία) από αυτές==· τα εργαλεία και οι υπηρεσίες που χρησιμοποιείς εξαρτώνται από τους στόχους σου. Μπορεί να έχεις και συγκεκριμένες απειλές εκτός αυτών των κατηγοριών, πράγμα που είναι απολύτως κατανοητό! Το σημαντικό είναι να κατανοήσεις τα πλεονεκτήματα και τα ελαττώματα των εργαλείων που επιλέγεις, μιας και κανένα από αυτά δεν θα σε προστατεύσει από κάθε απειλή. -- :material-incognito: Ανωνυμία - Θωράκιση της διαδικτυακής σου δραστηριότητας από την πραγματική σου ταυτότητα, προστατεύοντάς σε από άτομα που προσπαθούν να αποκαλύψουν συγκεκριμένα *την* ταυτότητά σου. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/el/desktop.md b/i18n/el/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/el/desktop.md +++ b/i18n/el/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/el/os/linux-overview.md b/i18n/el/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/el/os/linux-overview.md +++ b/i18n/el/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/el/os/windows/index.md b/i18n/el/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/el/os/windows/index.md +++ b/i18n/el/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/eo/basics/common-misconceptions.md b/i18n/eo/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/eo/basics/common-misconceptions.md +++ b/i18n/eo/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/eo/basics/common-threats.md b/i18n/eo/basics/common-threats.md index 0e826333..8c79b5b0 100644 --- a/i18n/eo/basics/common-threats.md +++ b/i18n/eo/basics/common-threats.md @@ -6,15 +6,50 @@ description: Via modelo de minaco estas propra, sed ĉi tiuj estas iuj el la afe Ĝenerale, ni kategoriigas niajn rekomendojn en [minacoj](threat-modeling.md) aŭ celoj pri kiuj la plej multaj homoj zorgas. ==Eble vi zorgus pri neniu, unu, kelkaj, aŭ ĉiuj el tiuj ebloj==, kaj la ilojn kaj servojn vi uzus, dependas de kiaj viaj celoj estas. Eble vi ankaŭ havas specifajn minacojn ekster ĉi tiuj kategorioj, kiu tute bonas! La plej grava parto estas evoluigi komprenon de la avantaĝoj kaj mankoj de la iloj kiujn vi elektas uzi, ĉar preskaŭ neniuj el ili protektos vin kontraŭ ĉiuj minacoj. -- :material-incognito: Anonimeco - Protekti vian enretan agadon kontraŭ via reala idento, protektante vin kontraŭ homoj kiuj celas trovi *vian* identon, specife. -- :material-target-account: Laŭcelaj Atakoj - Esti protektita kontraŭ retentruduloj aŭ aliaj malbonintencaj agantoj kiuj celas eniri al *viaj* datumoj aŭ aparatoj, specife. -- :material-bug-outline: Malaktivaj Atakoj - Esti protektita kontraŭ aferoj kiel malicaj programoj, datumaj breĉoj, kaj aliaj atakoj kiuj okazas kontraŭ multaj homoj samtempe. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Provizantoj de Servoj - Protekti vian datumon kontraŭ provizantoj de servoj (ekz. per E2EE, kiu faras vian datumon nelegebla por la servilo). -- :material-eye-outline: Amasgvatado - Protekto kontraŭ registaraj agentejoj, organizoj, retejoj, kaj servicoj kiuj kunlaboras por supri vian agadon. -- :material-account-cash: Gvatkapitalismo - Protekti vin kontraŭ grandaj reklam-servoj, kiaj Google kaj Facebook, kaj kontraŭ tuta gamo da triaj datum-kolektantoj. -- :material-account-search: Publika Ekspozicio - Limigi la informon pri vi, kiuj estas alireblaj interrete per serĉiloj aŭ de la popolo. -- :material-close-outline: Cenzuro - Eviti cenzuritan aliron al informo aŭ esti cenzurita kiam vi esprimas vin interrete. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Kelkaj el tiuj minacoj eble estas plej gravaj por vi ol aliaj, depende de viaj specifaj zorgoj. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Simile, multaj homoj eble ĉefe zorgas pri la :material-account-search: Publika Ekspozicio de siaj personaj datumoj, sed oni ankaŭ zorgus pri aferoj de sekureco, kiel :material-bug-outline: Malaktivaj Atakoj—kiel malicaj programoj infektantaj de siaj aparatoj. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/eo/desktop.md b/i18n/eo/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/eo/desktop.md +++ b/i18n/eo/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/eo/os/linux-overview.md b/i18n/eo/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/eo/os/linux-overview.md +++ b/i18n/eo/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/eo/os/windows/index.md b/i18n/eo/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/eo/os/windows/index.md +++ b/i18n/eo/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/es/basics/common-misconceptions.md b/i18n/es/basics/common-misconceptions.md index 30c4a946..895fc5fb 100644 --- a/i18n/es/basics/common-misconceptions.md +++ b/i18n/es/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Estos mitos provienen de varios prejuicios, pero el hecho de que el código fuente esté disponible y la forma en que se licencie el software no afecta intrínsecamente a su seguridad de ninguna manera. ==El software de código abierto tiene el *potencial* de ser más seguro que el software propietario, pero no hay ninguna garantía de que sea así.== Cuando evalúes el software, debes examinar la reputación y la seguridad de cada herramienta de forma individual. -El software de código abierto *puede* ser auditado por terceros, y a menudo es más transparente sobre las vulnerabilidades potenciales que sus contrapartes propietarias. También te permite revisar el código y desactivar cualquier funcionalidad sospechosa que encuentres. Sin embargo, *a menos que lo hagas*, no hay garantía de que el código haya sido evaluado alguna vez, especialmente en los proyectos de software más pequeños. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +El software de código abierto *puede* ser auditado por terceros, y a menudo es más transparente sobre las vulnerabilidades potenciales que sus contrapartes propietarias. También te permite revisar el código y desactivar cualquier funcionalidad sospechosa que encuentres. Sin embargo, *a menos que lo hagas*, no hay garantía de que el código haya sido evaluado alguna vez, especialmente en los proyectos de software más pequeños. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Por otro lado, el software propietario es menos transparente, pero eso no implica que no sea seguro. Los grandes proyectos de software propietario pueden ser auditados internamente y por agencias de terceros, y los investigadores de seguridad independientes pueden seguir encontrando vulnerabilidades con técnicas como la ingeniería inversa. diff --git a/i18n/es/basics/common-threats.md b/i18n/es/basics/common-threats.md index 2a102a3c..29ab831f 100644 --- a/i18n/es/basics/common-threats.md +++ b/i18n/es/basics/common-threats.md @@ -6,15 +6,50 @@ description: Tu modelo de amenaza es personal, pero éstas son algunas de las co En términos generales, clasificamos nuestras recomendaciones en las [amenazas](threat-modeling.md) u objetivos que se aplican a la mayoría de las personas. ==Puede que no te preocupe ninguna, una, varias o todas estas posibilidades==, y las herramientas y servicios que utilices dependerán de cuáles sean tus objetivos. Es posible que también tengas amenazas específicas fuera de estas categorías, ¡lo cual está perfectamente bien! Lo importante es desarrollar una comprensión de los beneficios y las deficiencias de las herramientas que elijas utilizar, porque prácticamente ninguna de ellas te protegerá de todas las amenazas. -- :material-incognito: Anonimato - Proteger tu actividad en línea de tu identidad real, protegiendote de las personas que están tratando de descubrir *tu* identidad específicamente. -- :material-target-account: Ataques dirigidos - Estar protegido de los hackers u otros actores maliciosos que están tratando de acceder a *tus* datos o dispositivos específicamente. -- :material-bug-outline: Ataques pasivos - Estar protegido de cosas como el malware, las filtraciones de datos y otros ataques que se realizan contra muchas personas a la vez. -- :material-package-variant-closed-remove: Ataques a la cadena de suministros - Una vulnerabilidad introducida en un buen software, ya sea directamente o a través de una dependencia de un tercero. -- :material-server-network: Proveedores de servicios - Proteger tus datos de los proveedores de servicios (por ejemplo, con E2EE, que hace que tus datos sean ilegibles para el servidor). -- :material-eye-outline: Vigilancia masiva - Protección contra las agencias gubernamentales, organizaciones, sitios web y servicios que trabajan juntos para rastrear tus actividades. -- :material-account-cash: Capitalismo de la vigilancia - Protegerse de las grandes redes de publicidad, como Google y Facebook, así como de una miríada de otros recolectores de datos de terceros. -- :material-account-search: Exposición pública - Limitar la información sobre ti que es accesible en línea, para los motores de búsqueda o el público en general. -- :material-close-outline: Censura - Evitar el acceso censurado a la información o ser censurado uno mismo al hablar en línea. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Algunas de estas amenazas pueden ser más importantes para ti que otras, dependiendo de tus preocupaciones específicas. Por ejemplo, un desarrollador de software con acceso a información importante o crítica podría estar preocupado por los :material-package-variant-closed-remove: ataques a la cadena de suministros y los :material-target-account: ataques dirigidos. Es probable que ellos quieran protejer sus datos personales de ser barridos en programas de :material-eye-outline:Espionaje Masivo. Del mismo modo, muchas personas pueden estar preocupadas principalmente por la :material-account-search: Exposición pública de sus datos personales, pero aún así deben tener cuidado con los problemas centrados en la seguridad, como los :material-bug-outline: Ataques pasivos-como el malware que afecta a sus dispositivos. @@ -45,6 +80,8 @@ Los sistemas operativos de escritorio generalmente se retrasan en el aislamientoACLU: La lección del 11-S sobre la privacidad: La Vigilancia Masiva No es el Camino a Seguir
@@ -132,7 +171,7 @@ Ante las revelaciones de Edward Snowden sobre programas del gobierno como [PRISM A pesar de la creciente vigilancia masiva en Estados Unidos, el gobierno ha descubierto que los programas de vigilancia masiva como Section 215 han tenido "poco valor único" con respecto a la detención de delitos reales o complots terroristas, con esfuerzos que duplican en gran medida los propios programas de vigilancia selectiva del FBI.[^2] -En línea, puedes ser rastreado a través de varios métodos: +Online, you can be tracked via a variety of methods, including but not limited to: - Tu dirección IP - Cookies del navegador @@ -140,10 +179,10 @@ En línea, puedes ser rastreado a través de varios métodos: - La huella digital de tu navegador o dispositivo - Correlación del método de pago -\[Esta lista no es exhaustiva]. - Si estás preocupado sobre los programas de vigilancia masiva, puedes usar estrategias como la compartamentalización de tus identidades en línea, mezclarte con otros usuarios o, cuando sea posible, evitar brindar información que te identifique. +## Surveillance as a Business Model + :material-account-cash: Capitalismo de Vigilancia > El capitalismo de vigilancia es un sistema económico centrado en la captura y mercantilización de datos personales con el propósito principal de obtener ganancias.[^3] diff --git a/i18n/es/desktop.md b/i18n/es/desktop.md index 726fa2d6..079fc427 100644 --- a/i18n/es/desktop.md +++ b/i18n/es/desktop.md @@ -232,7 +232,7 @@ La elección de una distribución Linux adecuada para ti dependerá de una gran - Gratis y de código abierto. - Recibe actualizaciones periódicas del software y del kernel. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Admite el cifrado de disco completo durante la instalación. - No congela las publicaciones periódicas durante más de 1 año. diff --git a/i18n/es/os/linux-overview.md b/i18n/es/os/linux-overview.md index ee17e19c..573c95cd 100644 --- a/i18n/es/os/linux-overview.md +++ b/i18n/es/os/linux-overview.md @@ -68,7 +68,7 @@ Arch y las distribuciones basadas en Arch no son recomendables para quienes se i For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Cualquiera que utilice el [Repositorio de Usuario de Arch (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **debe** sentirse cómodo auditando los PKGBUILDs que descargue de ese servicio. Los paquetes AUR son contenidos producidos por la comunidad y no se examinan de ninguna manera, por lo que son vulnerables a los ataques a la cadena de suministro de software, como de hecho ha sucedido en [en el pasado](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Cualquiera que utilice el [Repositorio de Usuario de Arch (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **debe** sentirse cómodo auditando los PKGBUILDs que descargue de ese servicio. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). El AUR debe utilizarse siempre con moderación, y a menudo hay muchos malos consejos en diversas páginas que dirigen a la gente a utilizar ciegamente [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) sin suficiente advertencia. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/es/os/windows/index.md b/i18n/es/os/windows/index.md index 2a62c2db..799d247f 100644 --- a/i18n/es/os/windows/index.md +++ b/i18n/es/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Notas de Privacidad -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/fa/basics/common-misconceptions.md b/i18n/fa/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/fa/basics/common-misconceptions.md +++ b/i18n/fa/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/fa/basics/common-threats.md b/i18n/fa/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/fa/basics/common-threats.md +++ b/i18n/fa/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/fa/desktop.md b/i18n/fa/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/fa/desktop.md +++ b/i18n/fa/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/fa/os/linux-overview.md b/i18n/fa/os/linux-overview.md index db704373..da9af28b 100644 --- a/i18n/fa/os/linux-overview.md +++ b/i18n/fa/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/fa/os/windows/index.md b/i18n/fa/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/fa/os/windows/index.md +++ b/i18n/fa/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/fr/basics/common-misconceptions.md b/i18n/fr/basics/common-misconceptions.md index fbf45fba..7db9075a 100644 --- a/i18n/fr/basics/common-misconceptions.md +++ b/i18n/fr/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Ces mythes découlent d'un certain nombre de préjugés, mais le fait que le code source soit disponible ou non et la manière dont les logiciels sont concédés sous licence n'affectent en rien leur sécurité. ==Les logiciels open-source ont le *potentiel* d'être plus sécurisé que les logiciels propriétaires, mais il n'y a absolument aucune garantie que ce soit le cas.== Lorsque vous évaluez un logiciel, vous devez examiner la réputation et la sécurité de chaque outil individuellement. -Les logiciels libres *peuvent* être audités par des tiers et sont souvent plus transparents sur les vulnérabilités potentielles que leurs homologues propriétaires. Ils vous permettent également d'examiner le code et de désactiver vous-même toute fonctionnalité suspecte. Cependant, *à moins que vous ne le fassiez*, il n'y a aucune garantie que le code ait jamais été évalué, en particulier pour les petits projets. Le processus de développement ouvert a aussi parfois été exploité pour introduire de nouvelles vulnérabilités connues sous le nom d' attaques de la chaîne d'approvisionnement (:material-package-variant-closed-remove: ), qui sont examinées plus en détail dans notre page sur les [menaces communes](common-threats.md).[^1] +Les logiciels libres *peuvent* être audités par des tiers et sont souvent plus transparents sur les vulnérabilités potentielles que leurs homologues propriétaires. Ils vous permettent également d'examiner le code et de désactiver vous-même toute fonctionnalité suspecte. Cependant, *à moins que vous ne le fassiez*, il n'y a aucune garantie que le code ait jamais été évalué, en particulier pour les petits projets. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Par ailleurs, les logiciels propriétaires sont moins transparents, mais cela ne signifie pas qu'ils ne sont pas sécurisés. Des projets logiciels propriétaires majeurs peuvent être audités en interne et par des agences tierces, et des chercheurs indépendants en sécurité peuvent toujours trouver des vulnérabilités avec des techniques telles que la rétro-ingénierie. diff --git a/i18n/fr/basics/common-threats.md b/i18n/fr/basics/common-threats.md index 3baac013..fe9c1ee0 100644 --- a/i18n/fr/basics/common-threats.md +++ b/i18n/fr/basics/common-threats.md @@ -6,15 +6,50 @@ description: Votre modèle de menace vous est personnel, mais ce sont là quelqu Pour faire simple, nous classons nos recommandations dans ces catégories générales de [menaces](threat-modeling.md) ou d'objectifs qui s'appliquent à la plupart des gens. ==Vous pouvez vous sentir concerné par une, plusieurs, toutes, ou bien aucune de ces possibilités==. Les outils et les services que vous utilisez dépendent également de vos objectifs. Il est possible que vous ayez des menaces spécifiques ne rentrant dans aucune de ces catégories, ce qui est tout à fait normal ! L'important est de bien comprendre les avantages et les inconvénients des outils que vous choisissez d'utiliser, car pratiquement aucun d'entre eux ne vous protégera contre toutes les menaces possibles. -- :material-incognito: Anonymat - Séparer votre activité en ligne de votre identité réelle, vous vous protégez des personnes qui tentent de découvrir explicitement *votre* identité -- :material-target-account: Attaques Ciblées - Se protéger contre les pirates informatiques dévoués ou d'autres agents malintentionnés essayant d'accéder spécifiquement à *vos* données ou appareils -- :material-bug-outline: Attaques Passives - Se protéger des logiciels malveillants, des fuites de données, et autres attaques qui sont faites contre des groupes de personnes -- :material-package-variant-closed-remove: Attaques de la chaîne d'approvisionnement - Une vulnérabilité ou un exploit introduit dans un logiciel par ailleurs bon, soit directement, soit par l'intermédiaire d'une dépendance d'un tiers. -- :material-server-network: Fournisseurs de Services - Protéger vos données des fournisseurs de services, en utilisant par exemple un chiffrement de bout en bout rendant vos données illisibles par le serveur -- :material-eye-outline: Surveillance de Masse - Protection contre les agences gouvernementales, organisations, sites web et services qui collaborent pour suivre vos activités en ligne -- :material-account-cash: Capitalisme de Surveillance - Se protéger des grands réseaux publicitaires comme Google et Facebook, ainsi que d'une myriade d'autres collecteurs de données tiers -- :material-account-search: Exposition Publique - Limiter les informations en ligne vous concernant, accessibles par les moteurs de recherche ou par le grand public -- :material-close-outline: Censure - Éviter les accès censurés à l'information et d'être soi-même censuré lorsqu'on discute en ligne +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Certaines de ces menaces peuvent peser plus que d'autres en fonction de vos préoccupations. Par exemple, un développeur de logiciels ayant accès à des données précieuses ou critiques peut être principalement concerné par les :material-package-variant-closed-remove: attaques de la chaîne d'approvisionnement et les :material-target-account: attaques ciblées. Il voudra probablement tout de même protéger ses données personnelles pour éviter qu'elles ne soient englobées dans des programmes de :material-eye-outline: surveillance de masse. De même, une « personne lambda » peut être principalement concernée par l':material-account-search: Exposition Publique de ses données personnelles, mais devrait tout de même se méfier des problèmes de sécurité tels que les :material-bug-outline: Attaques Passives comme les logiciels malveillants affectant ses appareils. @@ -45,6 +80,8 @@ Les systèmes d'exploitation de bureau sont généralement à la traîne en ce qACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ Face aux révélations d'Edward Snowden sur des programmes gouvernementaux tels Malgré la surveillance de masse croissante aux États-Unis, le gouvernement a constaté que les programmes de surveillance de masse comme la section 215 ont eu "peu de valeur unique" en ce qui concerne l'arrêt de crimes réels ou de complots terroristes, les efforts faisant largement double emploi avec les programmes de surveillance ciblée du FBI.[^2] -Vous pouvez être pisté de plusieurs manières en ligne : +Online, you can be tracked via a variety of methods, including but not limited to: - Votre adresse IP - Les cookies de votre navigateur @@ -140,10 +179,10 @@ Vous pouvez être pisté de plusieurs manières en ligne : - L'empreinte numérique de votre navigateur ou de votre appareil - La corrélation des modes de paiement -\[Cette liste n'est pas exhaustive]. - Si vous êtes préoccupé par les programmes de surveillance de masse, vous pouvez utiliser des stratégies comme cloisonner vos identités virtuelles, vous fondre dans la masse des utilisateurs, ou, dans la mesure du possible, simplement éviter de renseigner des informations qui pourraient permettre de vous identifier. +## Surveillance as a Business Model + :material-account-cash: Capitalisme de surveillance > Le capitalisme de surveillance est un système économique centré sur la collecte et la marchandisation des données personnelles dont le principal but est de faire du profit.[^3] diff --git a/i18n/fr/desktop.md b/i18n/fr/desktop.md index d6f00548..9aefbed8 100644 --- a/i18n/fr/desktop.md +++ b/i18n/fr/desktop.md @@ -232,7 +232,7 @@ Le choix d'une distribution Linux qui vous convient dépend d'une grande variét - Gratuites et open source. - Reçoivent régulièrement des mises à jour des logiciels et du noyau. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Prennent en charge le chiffrement complet du disque pendant l'installation. - Ne gêlent pas les mises à jour régulières pendant plus d'un an. diff --git a/i18n/fr/os/linux-overview.md b/i18n/fr/os/linux-overview.md index 66056f69..903a58f5 100644 --- a/i18n/fr/os/linux-overview.md +++ b/i18n/fr/os/linux-overview.md @@ -68,7 +68,7 @@ Arch et les distributions basées sur Arch ne sont pas recommandées pour ceux q For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Toute personne utilisant le [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **doit** être à l'aise avec l'audit des PKGBUILDs qu'elle télécharge depuis ce service. Les paquets AUR sont des contenus produits par la communauté et ne font l'objet d'aucune vérification. Ils sont donc vulnérables aux attaques de la chaîne d'approvisionnement des logiciels, ce qui s'est d'ailleurs produit [dans le passé](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Toute personne utilisant le [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **doit** être à l'aise avec l'audit des PKGBUILDs qu'elle télécharge depuis ce service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). Le AUR doit toujours être utilisé avec parcimonie, et l'on trouve souvent de nombreux mauvais conseils sur diverses pages qui incitent les gens à utiliser aveuglément [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) sans avertissement suffisant. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/fr/os/windows/index.md b/i18n/fr/os/windows/index.md index 161190a6..b66d6d05 100644 --- a/i18n/fr/os/windows/index.md +++ b/i18n/fr/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Remarques concernant la vie privée -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/he/basics/common-misconceptions.md b/i18n/he/basics/common-misconceptions.md index 703b1859..38deef10 100644 --- a/i18n/he/basics/common-misconceptions.md +++ b/i18n/he/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: מיתוסים אלו נובעים ממספר דעות קדומות, אך האם קוד המקור זמין ואופן רישיון התוכנה אינו משפיע מטבעו על אבטחתה בשום צורה. == לתוכנת קוד פתוח יש את ה*פוטנציאל* להיות מאובטח יותר מתוכנה קניינית, אבל אין שום ערובה שזה המצב.== כאשר אתה מעריך תוכנה, עליך להסתכל על המוניטין והאבטחה של כל כלי על בסיס אישי. -תוכנת קוד פתוח *ניתנת* לביקורת על ידי צדדים שלישיים, ולעתים קרובות היא שקופה יותר לגבי נקודות תורפה אפשריות מאשר עמיתים קנייניים. זה גם מאפשר לך לסקור את הקוד ולהשבית כל פונקציונליות חשודה שתמצא בעצמך. עם זאת, *אלא אם כן תעשה זאת*, אין ערובה שהקוד הוערך אי פעם, במיוחד עם פרויקטי תוכנה קטנים יותר. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +תוכנת קוד פתוח *ניתנת* לביקורת על ידי צדדים שלישיים, ולעתים קרובות היא שקופה יותר לגבי נקודות תורפה אפשריות מאשר עמיתים קנייניים. זה גם מאפשר לך לסקור את הקוד ולהשבית כל פונקציונליות חשודה שתמצא בעצמך. עם זאת, *אלא אם כן תעשה זאת*, אין ערובה שהקוד הוערך אי פעם, במיוחד עם פרויקטי תוכנה קטנים יותר. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] בצד השני, תוכנה קניינית פחות שקופה, אבל זה לא מרמז על כך שהיא לא מאובטחת. פרויקטי תוכנה קנייניים גדולים ניתנים לביקורת פנימית ועל ידי סוכנויות צד שלישי, וחוקרי אבטחה בלתי תלויים עדיין יכולים למצוא נקודות תורפה עם טכניקות כמו הנדסה לאחור. diff --git a/i18n/he/basics/common-threats.md b/i18n/he/basics/common-threats.md index f629d62d..81da070e 100644 --- a/i18n/he/basics/common-threats.md +++ b/i18n/he/basics/common-threats.md @@ -6,15 +6,50 @@ description: מודל האיום שלך הוא אישי עבורך, אך אלו באופן כללי, אנו מסווגים את ההמלצות שלנו ל[איומים](threat-modeling.md) או יעדים שחלים על רוב האנשים. ==ייתכן שאתה מודאג מאף אחת, אחת, כמה, או מכל האפשרויות האלה==, והכלים והשירותים שבהם אתה משתמש תלויים במטרותיך. ייתכן שיש לך איומים ספציפיים גם מחוץ לקטגוריות האלה, וזה בסדר גמור! החלק החשוב הוא פיתוח הבנה של היתרונות והחסרונות של הכלים שבהם אתה בוחר להשתמש, כי למעשה אף אחד מהם לא יגן עליך מכל איום. -- :material-incognito: אנונימיות - הגנה על הפעילות המקוונת שלך מהזהות האמיתית שלך, הגנה עליך מפני אנשים שמנסים לחשוף את הזהות *שלך* ספציפית. -- :material-target-account: התקפות ממוקדות - הגנה מפני האקרים או שחקנים זדוניים אחרים שמנסים לקבל גישה לנתונים או מכשירים ספציפיים *שלך*. -- :material-bug-outline: התקפות פסיביות - הגנה מפני דברים כמו תוכנות זדוניות, פרצות נתונים והתקפות אחרות שנעשות נגד אנשים רבים בו-זמנית. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: ספקי שירותים - הגנה על הנתונים שלך מפני ספקי שירות (למשל באמצעות E2EE, מה שהופך את הנתונים שלך לבלתי קריאים לשרת). -- :material-eye-outline: מעקב המוני - הגנה מפני סוכנויות ממשלתיות, ארגונים, אתרים ושירותים הפועלים יחד כדי לעקוב אחר הפעילויות שלך. -- :material-account-cash: קפיטליזם מעקב - הגנה על עצמך מפני רשתות פרסום גדולות, כמו גוגל ופייסבוק, כמו גם ממספר עצום של אוספי נתונים אחרים של צד שלישי. -- :material-account-search: חשיפה ציבורית - הגבלת המידע אודותיך הנגיש באינטרנט - למנועי חיפוש או לציבור הרחב. -- :material-close-outline: צנזורה - הימנעות מגישה מצונזרת למידע או מצונזר בעצמך כשאתה מדבר באינטרנט. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. חלק מהאיומים הללו עשויים להיות חשובים לך יותר מאחרים, בהתאם לדאגות הספציפיות שלך. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. באופן דומה, אנשים רבים עשויים להיות מודאגים בעיקר מ:material-account-search: חשיפה ציבורית של הנתונים האישיים שלהם, אך הם עדיין צריכים להיזהר מבעיות ממוקדות אבטחה, כגון :material-bug-outline: התקפות פסיביות—כמו תוכנות זדוניות המשפיעות על המכשירים שלהם. @@ -45,6 +80,8 @@ description: מודל האיום שלך הוא אישי עבורך, אך אלוACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS למרות המעקב ההמוני הגובר בארצות הברית, הממשלה מצאה שלתוכניות מעקב המוני כמו סעיף 215 היה "ערך ייחודי מועט" ביחס לעצירת פשעים או מזימות טרור בפועל, כאשר מאמצים משכפלים במידה רבה את תוכניות המעקב הממוקדות של ה-FBI עצמו.[^2] -באינטרנט, ניתן לעקוב אחריך במגוון שיטות: +Online, you can be tracked via a variety of methods, including but not limited to: - כתובת ה-IP שלך - עוגיות דפדפן @@ -140,10 +179,10 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS - טביעת האצבע של הדפדפן או המכשיר שלך - מתאם שיטת תשלום -\[רשימה זו אינה ממצה]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: קפיטליזם מעקב > קפיטליזם מעקב הוא שיטה כלכלית המרוכזת סביב לכידה וסחורה של נתונים אישיים למטרת הליבה של עשיית רווחים.[^3] diff --git a/i18n/he/desktop.md b/i18n/he/desktop.md index df94e762..9fc0a486 100644 --- a/i18n/he/desktop.md +++ b/i18n/he/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - מקבל עדכוני תוכנה וליבה קבועים. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - תומך בהצפנת דיסק מלא במהלך ההתקנה. - לא מקפיא מהדורות רגילות במשך יותר משנה. diff --git a/i18n/he/os/linux-overview.md b/i18n/he/os/linux-overview.md index 96f2d98d..24d72b5f 100644 --- a/i18n/he/os/linux-overview.md +++ b/i18n/he/os/linux-overview.md @@ -68,7 +68,7 @@ The atomic update method can achieve reliability with this model and is used for For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -כל מי שמשתמש ב[Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **חייב** להרגיש בנוח ביקורת PKGBUILD שהם מורידים מהשירות הזה. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +כל מי שמשתמש ב[Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **חייב** להרגיש בנוח ביקורת PKGBUILD שהם מורידים מהשירות הזה. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). תמיד יש להשתמש ב-AUR במשורה, ולעתים קרובות יש הרבה עצות רעות בדפים שונים שמפנים אנשים להשתמש באופן עיוור ב[עוזרים של AUR](https://wiki.archlinux.org/title/AUR_helpers) ללא אזהרה מספקת. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/he/os/windows/index.md b/i18n/he/os/windows/index.md index 22a7b27f..2be722da 100644 --- a/i18n/he/os/windows/index.md +++ b/i18n/he/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## הערות פרטיות -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/hi/basics/common-misconceptions.md b/i18n/hi/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/hi/basics/common-misconceptions.md +++ b/i18n/hi/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/hi/basics/common-threats.md b/i18n/hi/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/hi/basics/common-threats.md +++ b/i18n/hi/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/hi/desktop.md b/i18n/hi/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/hi/desktop.md +++ b/i18n/hi/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/hi/os/linux-overview.md b/i18n/hi/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/hi/os/linux-overview.md +++ b/i18n/hi/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/hi/os/windows/index.md b/i18n/hi/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/hi/os/windows/index.md +++ b/i18n/hi/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/hu/basics/common-misconceptions.md b/i18n/hu/basics/common-misconceptions.md index 75de0f5f..5cd3c0e1 100644 --- a/i18n/hu/basics/common-misconceptions.md +++ b/i18n/hu/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Ezek a mítoszok számos előítéletből fakadnak, de az, hogy a forráskód elérhető-e, és hogy a szoftverek licencelése hogyan történik, nem befolyásolja annak biztonságát semmilyen módon. ==A nyílt forráskódú szoftverek potenciálisan ** biztonságosabbak, mint a jogvédett szoftverek, de egyáltalán nem garantálható, hogy ez így is van.== Egy szoftver elbírálásánál az egyes eszközök hírnevét és biztonságát egyénileg kell megvizsgálni. -Nyílt forráskódú szoftverek felülvizsgál*hatók* harmadik felek által, és gyakran átláthatóbbak lehetséges sebezhetőségek esetében, mint a jogvédett szoftverek. Azt is lehetővé teszi, hogy felülvizsgáld a kódot, és letiltsd a gyanús funkciókat, amiket találsz. Azonban, *ha nem így teszel*, nincs garancia arra, hogy a kód valaha is el lett bírálva, különösen a kisebb szoftverprojektek esetében. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Nyílt forráskódú szoftverek felülvizsgál*hatók* harmadik felek által, és gyakran átláthatóbbak lehetséges sebezhetőségek esetében, mint a jogvédett szoftverek. Azt is lehetővé teszi, hogy felülvizsgáld a kódot, és letiltsd a gyanús funkciókat, amiket találsz. Azonban, *ha nem így teszel*, nincs garancia arra, hogy a kód valaha is el lett bírálva, különösen a kisebb szoftverprojektek esetében. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] A másik oldalon a jogvédett szoftverek kevésbé átláthatóak, de ez nem jelenti azt, hogy nem biztonságosak. A nagyobb jogvédett szoftverprojektek belső és harmadik fél által is felülvizsgálhatók, és független biztonsági kutatók továbbra is találhatnak sebezhetőségeket olyan technikákkal, mint a reverse engineering. diff --git a/i18n/hu/basics/common-threats.md b/i18n/hu/basics/common-threats.md index 065f8618..0e4011ad 100644 --- a/i18n/hu/basics/common-threats.md +++ b/i18n/hu/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/hu/desktop.md b/i18n/hu/desktop.md index 13445179..80d952d4 100644 --- a/i18n/hu/desktop.md +++ b/i18n/hu/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/hu/os/linux-overview.md b/i18n/hu/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/hu/os/linux-overview.md +++ b/i18n/hu/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/hu/os/windows/index.md b/i18n/hu/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/hu/os/windows/index.md +++ b/i18n/hu/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/id/basics/common-misconceptions.md b/i18n/id/basics/common-misconceptions.md index d21838c1..45c03fbc 100644 --- a/i18n/id/basics/common-misconceptions.md +++ b/i18n/id/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Mitos-mitos ini berasal dari sejumlah prasangka, tetapi apakah kode sumber tersedia dan bagaimana perangkat lunak dilisensikan tidak secara inheren memengaruhi keamanannya dengan cara apa pun. ==Perangkat lunak sumber terbuka memiliki *potensi* untuk lebih aman daripada perangkat lunak sumber tertutup, tetapi sama sekali tidak ada jaminan bahwa hal ini benar adanya.== Ketika Anda mengevaluasi perangkat lunak, Anda harus melihat reputasi dan keamanan setiap alat secara individu. -Perangkat lunak sumber terbuka *dapat* diaudit oleh pihak ketiga, dan sering kali lebih transparan mengenai potensi kerentanan daripada perangkat lunak sumber tertutup. Ini juga memungkinkan Anda untuk meninjau kode dan menonaktifkan fungsionalitas yang mencurigakan yang Anda temukan. Namun, *kecuali jika Anda melakukannya*, tidak ada jaminan bahwa kode pernah dievaluasi, terutama dengan proyek perangkat lunak yang lebih kecil. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Perangkat lunak sumber terbuka *dapat* diaudit oleh pihak ketiga, dan sering kali lebih transparan mengenai potensi kerentanan daripada perangkat lunak sumber tertutup. Ini juga memungkinkan Anda untuk meninjau kode dan menonaktifkan fungsionalitas yang mencurigakan yang Anda temukan. Namun, *kecuali jika Anda melakukannya*, tidak ada jaminan bahwa kode pernah dievaluasi, terutama dengan proyek perangkat lunak yang lebih kecil. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Di sisi lain, perangkat lunak sumber tertutup itu kurang transparan, tetapi bukan berarti tidak aman. Proyek-proyek perangkat lunak sumber tertutup utama dapat diaudit secara internal dan oleh lembaga pihak ketiga, dan para peneliti keamanan independen masih bisa menemukan kerentanan dengan teknik seperti rekayasa balik. diff --git a/i18n/id/basics/common-threats.md b/i18n/id/basics/common-threats.md index b2b92010..07feb351 100644 --- a/i18n/id/basics/common-threats.md +++ b/i18n/id/basics/common-threats.md @@ -6,15 +6,50 @@ description: Model ancaman Anda bersifat pribadi bagi Anda, tetapi ini adalah be Secara garis besar, kami mengkategorikan rekomendasi kami ke dalam [ancaman](threat-modeling.md) atau tujuan yang berlaku untuk kebanyakan orang. ==Anda mungkin tidak peduli dengan tidak ada, satu, beberapa, atau semua kemungkinan ini==, dan alat dan layanan yang Anda gunakan tergantung pada tujuan Anda. Anda mungkin juga memiliki ancaman khusus di luar kategori ini, dan itu tidak masalah! Bagian yang penting adalah mengembangkan pemahaman tentang manfaat dan kekurangan alat yang Anda pilih untuk digunakan, karena hampir tidak ada satu pun yang akan melindungi Anda dari setiap ancaman. -- :material-incognito: Anonimitas - Melindungi aktivitas daring Anda dari identitas asli Anda, melindungi Anda dari orang-orang yang mencoba mengungkap identitas *Anda* secara khusus. -- :material-target-account: Serangan yang Ditargetkan - Terlindungi dari peretas atau aktor jahat lainnya yang mencoba untuk mendapatkan akses ke data atau perangkat *Anda* secara khusus. -- :material-bug-outline: Serangan Pasif - Terlindungi dari hal-hal seperti malware, pembobolan data, dan serangan lain yang dilakukan terhadap banyak orang sekaligus. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Penyedia Layanan - Melindungi data Anda dari penyedia layanan (misalnya dengan E2EE, yang membuat data Anda tidak dapat dibaca oleh server). -- :material-eye-outline: Pengawasan Massal - Perlindungan dari lembaga, organisasi, situs web, dan layanan pemerintah yang bekerja sama untuk melacak aktivitas Anda. -- :material-account-cash: Kapitalisme Pengawasan - Melindungi diri Anda dari jaringan periklanan besar, seperti Google dan Facebook, serta segudang pengumpul data pihak ketiga lainnya. -- :material-account-search: Paparan Publik - Membatasi informasi tentang Anda yang dapat diakses secara daring—pada mesin pencari atau masyarakat umum. -- :material-close-outline: Penyensoran - Menghindari akses yang disensor terhadap informasi atau disensor ketika berbicara secara daring. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Beberapa ancaman ini mungkin lebih penting bagi Anda daripada yang lain, tergantung pada kekhawatiran Anda. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Demikian pula, banyak orang mungkin lebih peduli dengan :material-account-search: Paparan Publik pada data pribadi mereka, tetapi mereka tetap harus waspada terhadap masalah yang berfokus pada keamanan, seperti :material-bug-outline: Serangan Pasif—seperti perangkat lunak jahat yang memengaruhi perangkat mereka. @@ -45,6 +80,8 @@ Sistem operasi desktop umumnya tertinggal dalam hal kotak pasir yang tepat. ChroACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Meskipun pengawasan massal semakin meningkat di Amerika Serikat, pemerintah telah menemukan bahwa program pengawasan massal seperti Bagian 215 hanya memiliki "sedikit nilai unik" dalam hal menghentikan kejahatan aktual atau plot teroris, dengan upaya-upaya yang sebagian besar menduplikasi program pengawasan yang ditargetkan oleh FBI.[^2] -Secara daring, Anda dapat dilacak melalui berbagai metode: +Online, you can be tracked via a variety of methods, including but not limited to: - Alamat IP Anda - Kuki peramban @@ -140,10 +179,10 @@ Secara daring, Anda dapat dilacak melalui berbagai metode: - Sidik jari peramban atau perangkat Anda - Korelasi metode pembayaran -\[Daftar ini tidak lengkap]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Kapitalisme Pengawasan > Kapitalisme pengawasan adalah sistem ekonomi yang berpusat di sekitar penangkapan dan komodifikasi data pribadi untuk tujuan utama mencari keuntungan.[^3] diff --git a/i18n/id/desktop.md b/i18n/id/desktop.md index 93860fcc..dff4d215 100644 --- a/i18n/id/desktop.md +++ b/i18n/id/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Gratis dan bersumber terbuka. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/id/os/linux-overview.md b/i18n/id/os/linux-overview.md index 14becb42..d33387f2 100644 --- a/i18n/id/os/linux-overview.md +++ b/i18n/id/os/linux-overview.md @@ -68,7 +68,7 @@ Arch dan distribusi berbasis Arch tidak direkomendasikan bagi mereka yang baru m For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Siapa pun yang menggunakan [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **tidak boleh** segan untuk mengaudit PKGBUILD yang mereka unduh dari layanan tersebut. Paket AUR adalah konten yang diproduksi oleh komunitas dan tidak diperiksa dengan cara apa pun, dan oleh karena itu rentan terhadap serangan rantai pasok perangkat lunak, yang kenyataannya telah terjadi [pada masa lalu](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Siapa pun yang menggunakan [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **tidak boleh** segan untuk mengaudit PKGBUILD yang mereka unduh dari layanan tersebut. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). AUR harus selalu digunakan dengan hemat, dan sering kali ada banyak saran buruk di berbagai halaman yang mengarahkan orang untuk secara membabi buta menggunakan [pembantu AUR](https://wiki.archlinux.org/title/AUR_helpers) tanpa peringatan yang memadai. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/id/os/windows/index.md b/i18n/id/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/id/os/windows/index.md +++ b/i18n/id/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/it/basics/common-misconceptions.md b/i18n/it/basics/common-misconceptions.md index f2a0557c..087d7cda 100644 --- a/i18n/it/basics/common-misconceptions.md +++ b/i18n/it/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Questi miti derivano da una serie di pregiudizi, ma la disponibilità del codice sorgente e le modalità di licenza del software, non influiscono intrinsecamente sulla sua sicurezza, in alcun modo. ==I software open source hanno il *potenziale* di essere più sicuri di quelli proprietari, ma non esiste assolutamente alcuna garanzia che sia così.== Quando valuti il software, dovresti esaminare la reputazione e la sicurezza di ogni strumento, su base individuale. -I software open source *possono* essere controllati da terze parti e, spesso, sono più trasparenti sulle potenziali vulnerabilità, rispetto alle controparti proprietarie. Inoltre, ti consentono di revisionare il codice e disabilitare qualsiasi funzionalità sospetta tu trovi. Tuttavia, *a meno che non lo faccia*, non esiste alcuna garanzia che il codice sia mai stato valutato, specialmente con i progetti software più piccoli. Il processo di sviluppo aperto è stato talvolta sfruttato per introdurre nuove vulnerabilità, note come :material-package-variant-closed-remove: Attacchi alla supply chain , di cui si parla più diffusamente nella pagina [Minacce comuni](common-threats.md).[^1] +I software open source *possono* essere controllati da terze parti e, spesso, sono più trasparenti sulle potenziali vulnerabilità, rispetto alle controparti proprietarie. Inoltre, ti consentono di revisionare il codice e disabilitare qualsiasi funzionalità sospetta tu trovi. Tuttavia, *a meno che non lo faccia*, non esiste alcuna garanzia che il codice sia mai stato valutato, specialmente con i progetti software più piccoli. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] D'altra parte, i software proprietari sono meno trasparenti, ma ciò non implica che non siano sicuri. I grandi progetti di software proprietari sono controllabili internamente e da agenzie di terze parti, e i ricercatori indipendenti sulla sicurezza possono comunque trovare vulnerabilità, con tecniche come l'ingegneria inversa. diff --git a/i18n/it/basics/common-threats.md b/i18n/it/basics/common-threats.md index 4f0f710d..95eb9591 100644 --- a/i18n/it/basics/common-threats.md +++ b/i18n/it/basics/common-threats.md @@ -6,15 +6,50 @@ description: Il tuo modello di minaccia è personale, ma queste sono alcuni aspe In linea di massima, le nostre raccomandazioni sono suddivise in [minacce](threat-modeling.md) o obiettivi che si applicano alla maggior parte delle persone. ==Potresti essere interessato a nessuna, una, alcune o tutte queste possibilità==, e gli strumenti e servizi che utilizzi dipendono dai tuoi obiettivi. Potreste avere minacce specifiche anche al di fuori di queste categorie, il che è perfettamente normale! La parte importante è lo sviluppo di una comprensione dei benefici e difetti degli strumenti che scegli di utilizzare, poiché virtualmente nessuno di essi ti proteggerà da ogni minaccia. -- :material-incognito: Anonimato - Proteggono la tua attività online dalla tua identità reale, proteggendoti da persone che mirano a scoprire la *tua* identità nello specifico. -- :material-target-account: Attacchi mirati - Protezione da hacker o altri malintenzionati, che mirano ad accedere ai *tuoi* dati o dispositivi, nello specifico. -- :material-bug-outline: Attacchi passivi - Protezione da malware, violazioni di dati e altri attacchi effettuati contro molte persone, in una singola volta. -- :material-package-variant-closed-remove: Attacchi alla supply chain - Una vulnerabilità o un exploit introdotto in un software altrimenti valido, direttamente o attraverso una dipendenza di terze parti. -- :material-server-network: Service Providers - Protezione dei tuoi dati dai fornitori del servizio (es., con l'E2EE, che rende i tuoi dati illeggibili dal server). -- :material-eye-outline: Sorveglianza di massa - Protezione dalle agenzie governative, organizzazioni, siti web e servizi che cooperano per tracciare le tue attività. -- :material-account-cash: Capitalismo di sorveglianza - Protezione dalle grandi reti pubblicitarie, come Google e Facebook, nonché da una miriade di altri raccoglitori di dati di terze parti. -- :material-account-search: Esposizione pubblica - Limitazione delle informazioni accessibili online su di te, ai motori di ricerca o al pubblico generale. -- :material-close-outline: Censura - Prevenzione dell'accesso censurato a informazioni, o della tua censura, comunicando online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Alcune di queste minacce potrebbero essere per te più importanti di altre, a seconda delle tue preoccupazioni specifiche. Ad esempio, uno sviluppatore di software con accesso a dati preziosi o critici potrebbe essere interessato principalmente a :material-package-variant-closed-remove: Attacchi alla supply chain e :material-target-account: Attacchi mirati. Probabilmente vorranno ancora proteggere i loro dati personali dall'essere travolti nei programmi di :material-eye-outline: Sorveglianza di massa . Similmente, in molto potrebbero essere principalmente preoccupati dall':material-account-search: Esposizione Pubblica dei propri dati personali, pur rimanendo attendi ai problemi di sicurezza, come gli :material-bug-outline: Attacchi Passivi, come i malware che colpiscono i loro dispositivi. @@ -45,6 +80,8 @@ Generalmente, i sistemi operativi per desktop sono in ritardo, per l'adeguato saACLU: La lezione sulla privacy dell'11 settembre: La sorveglianza di massa non è la strada da seguire
@@ -132,7 +171,7 @@ Di fronte alle rivelazioni di Edward Snowden su programmi governativi come [PRIS Nonostante la crescente sorveglianza di massa negli Stati Uniti, il governo ha riscontrato che i programmi di sorveglianza di massa come la Sezione 215 hanno avuto "poco valore univoco", per quanto riguarda l'arresto di crimini reali o di complotti terroristici, con sforzi che, in gran parte, duplicano i programmi di sorveglianza mirata del FBI.[^2] -Online è possibile essere rintracciati con svariati metodi: +Online, you can be tracked via a variety of methods, including but not limited to: - Il tuo indirizzo IP - I cookie del browser @@ -140,10 +179,10 @@ Online è possibile essere rintracciati con svariati metodi: - L'impronta digitale del tuo browser o dispositivo - Correlazione del metodo di pagamento -\[Questo elenco non è completo]. - Se sei preoccupato per i programmi di sorveglianza di massa, puoi usare strategie come separare le tue identità online, confonderti con altri utenti o, quando possibile, semplicemente evitare di fornire informazioni identificative. +## Surveillance as a Business Model + :material-account-cash: Capitalismo di sorveglianza > Il capitalismo di sorveglianza è un sistema economico incentrato sulla cattura e commercializzazione dei dati personali, con l'obiettivo principale di trarre profitto.[^3] diff --git a/i18n/it/desktop.md b/i18n/it/desktop.md index bec21da5..b5cf32c6 100644 --- a/i18n/it/desktop.md +++ b/i18n/it/desktop.md @@ -232,7 +232,7 @@ La scelta di una distro Linux adatta a te dipende da una grande varietà di pref - Gratuito e open source. - Ricevono aggiornamenti regolari del software e del kernel. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supportano la crittografia del disco completo durante l'installazione. - Non interrompono le versioni regolari per più di 1 anno. diff --git a/i18n/it/os/linux-overview.md b/i18n/it/os/linux-overview.md index 730b7256..948695cf 100644 --- a/i18n/it/os/linux-overview.md +++ b/i18n/it/os/linux-overview.md @@ -68,7 +68,7 @@ Arch e le distribuzioni basate su Arch sono sconsigliate per coloro che sono all For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Chiunque utilizzi il [Repository di Arch User (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **deve** essere a proprio agio nel controllare i PKGBUILD che scarica da tale servizio. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Chiunque utilizzi il [Repository di Arch User (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **deve** essere a proprio agio nel controllare i PKGBUILD che scarica da tale servizio. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). L'AUR dovrebbe sempre essere utilizzata con parsimonia e, spesso, esistono molti cattivi consigli, su varie pagine, che indirizzano le persone a utilizzare ciecamente gli [aiutanti AUR](https://wiki.archlinux.org/title/AUR_helpers), senza avvertimenti sufficienti. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/it/os/windows/index.md b/i18n/it/os/windows/index.md index f7df3fa6..b98f5f8d 100644 --- a/i18n/it/os/windows/index.md +++ b/i18n/it/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Note sulla Privacy -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/ja/basics/common-misconceptions.md b/i18n/ja/basics/common-misconceptions.md index 342a3c2d..7af3f284 100644 --- a/i18n/ja/basics/common-misconceptions.md +++ b/i18n/ja/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/ja/basics/common-threats.md b/i18n/ja/basics/common-threats.md index d270de4b..2463558f 100644 --- a/i18n/ja/basics/common-threats.md +++ b/i18n/ja/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - あなたのIPアドレス - ブラウザーのクッキー @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/ja/desktop.md b/i18n/ja/desktop.md index 77fe630c..f41a1f8c 100644 --- a/i18n/ja/desktop.md +++ b/i18n/ja/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - 自由でオープンソースであること。 - 定期的にソフトウェアとカーネルのアップデートを受け取ること。 -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - インストール時にフルディスク暗号化をサポートしていること。 - 通常のリリースが1年以上凍結されないこと。 diff --git a/i18n/ja/os/linux-overview.md b/i18n/ja/os/linux-overview.md index 3ea36346..2d54677c 100644 --- a/i18n/ja/os/linux-overview.md +++ b/i18n/ja/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/ja/os/windows/index.md b/i18n/ja/os/windows/index.md index 9990fc44..fc9eeb35 100644 --- a/i18n/ja/os/windows/index.md +++ b/i18n/ja/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## プライバシーに関する注意事項 -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/ko/basics/common-misconceptions.md b/i18n/ko/basics/common-misconceptions.md index fecb33cd..aa905fda 100644 --- a/i18n/ko/basics/common-misconceptions.md +++ b/i18n/ko/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: 이런 오해는 여러 편견에서 비롯된 것입니다. 소스 코드 공개 여부이나 라이선스 방식 자체는 보안에 어떠한 영향도 미치지 않습니다. ==오픈 소스 소프트웨어는 독점 소프트웨어보다 보안이 뛰어날 *가능성*이 존재하지만, 반드시 그러하리라는 보장은 없습니다.== 특정 소프트웨어를 평가할 때는 해당 소프트웨어의 평판과 보안을 개별적으로 판단해야 합니다. -오픈 소스 소프트웨어는 제3자로부터 검증(감사)받는 것이 *가능하고*, 잠재적인 취약점을 취급하는 데에 있어서 독점 소프트웨어보다 투명하게 이루어지는 경우가 많습니다. 하고자 한다면 자신이 직접 코드를 검토할 수도 있으며, 의심스러운 기능은 비활성화 하는 것도 가능합니다. 하지만 이론상 가능한 것과는 별개로 (특히 소규모 소프트웨어 프로젝트일수록) 해당 코드가 검증되었다는 보장은 없습니다. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +오픈 소스 소프트웨어는 제3자로부터 검증(감사)받는 것이 *가능하고*, 잠재적인 취약점을 취급하는 데에 있어서 독점 소프트웨어보다 투명하게 이루어지는 경우가 많습니다. 하고자 한다면 자신이 직접 코드를 검토할 수도 있으며, 의심스러운 기능은 비활성화 하는 것도 가능합니다. 하지만 이론상 가능한 것과는 별개로 (특히 소규모 소프트웨어 프로젝트일수록) 해당 코드가 검증되었다는 보장은 없습니다. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] 반면 독점 소프트웨어는 투명성이 상대적으로 떨어지지만, 그렇다고 해서 안전하지 않다는 뜻은 아닙니다. 메이저 독점 소프트웨어는 내부 및 외부 기관에서 감사를 진행할 수 있으며, 외부 보안 연구원도 리버스 엔지니어링 등의 기술을 통해 취약점을 발견할 수 있습니다. diff --git a/i18n/ko/basics/common-threats.md b/i18n/ko/basics/common-threats.md index 7dd6b6f7..113c733f 100644 --- a/i18n/ko/basics/common-threats.md +++ b/i18n/ko/basics/common-threats.md @@ -6,15 +6,50 @@ description: 위협 모델은 개개인마다 다르지만, 이 사이트의 방 전반적으로, Privacy Guides의 권장 목록은 대부분의 사람들에게 적용되는 [위협](threat-modeling.md) 혹은 목표로 분류됩니다. 여러분이 사용하는 툴 및 서비스는 여러분의 목표에 따라 달라지며, ==이러한 위협 가능성에 대한 관심도는 사람마다 다를 수 있습니다.== 혹시나 여기에 정리되지 않은 종류의 위협을 겪고 있더라도 상관 없습니다! 핵심은 '사용하기로 선택한 툴의 장단점을 이해하는 것' 입니다. 모든 위협으로부터 여러분을 완벽히 보호할 수 있는 툴은 존재하지 않기 때문입니다. -- :material-incognito: 익명성 - 온라인 활동에서 실제 신원을 보호하여, *여러분의* 신원을 밝혀내려는 사람들로부터 여러분을 보호합니다. -- :material-target-account: 표적 공격 - *당신의* 데이터나 기기에 세부적으로 접근하려는 해커 및 그 외 악의적인 상대로부터 보호합니다. -- :material-bug-outline: 수동적 공격 - 멀웨어, 데이터 유출 등 다수의 사람을 한꺼번에 대상으로 삼는 공격으로부터 보호합니다. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: 서비스 제공자 - (여러분의 데이터를 서버에서 읽을 수 없도록 하는 E2EE 등을 이용하여) 서비스 제공자로부터 여러분의 데이터를 보호합니다. -- :material-eye-outline: 대중 감시 - 여러분의 활동을 추적하기 위해 협력하는 정부 기관, 단체, 웹사이트, 서비스로부터 보호합니다. -- :material-account-cash: 감시 자본주의 - Google, Facebook 등의 거대 광고 네트워크 및 기타 수많은 제3자 데이터 수집 업체로부터 여러분을 보호합니다. -- :material-account-search: 공개 노출 - 여러분에 대한 정보를 (검색 엔진이나 일반 대중이) 온라인에서 접근하는 것을 제한합니다. -- :material-close-outline: 검열 - 정보 접근을 제한하는 검열을 회피하고, 온라인상에서 자신의 주장이 검열되는 것을 방지합니다. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. 대응해야 할 위협의 우선 순위는 개인의 관심도에 따라 바뀔 수 있습니다. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. 마찬가지로, 대부분의 사람들이 가장 우려하는 위협은 개인 데이터의 :material-account-search: 공개 노출일 테지만, 기기 감염 멀웨어 등의 :material-bug-outline: 수동적 공격 보안 문제 또한 주의해야 합니다. @@ -45,6 +80,8 @@ description: 위협 모델은 개개인마다 다르지만, 이 사이트의 방ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS 미국에서 대중 감시가 증가하고 있음에도 불구하고, 정부는 215조항과 같은 대중 감시 프로그램이 실제 범죄나 테러 음모를 저지하는 데 있어 '고유한 가치가 거의 없다'라는 사실을 발견했으며, 대부분의 노력은 FBI의 표적 감시 프로그램과 중복되는 것으로 나타났습니다.[^2] -온라인상에서 여러분은 다양한 방법을 통해 추적당할 수 있습니다. +Online, you can be tracked via a variety of methods, including but not limited to: - 여러분의 IP 주소 - 브라우저 쿠키 @@ -140,10 +179,10 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS - 여러분의 브라우저/기기 핑거프린트 - 결제 수단 연관성 -\[이 목록뿐만이 아닙니다]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: 감시 자본주의(Surveillance Capitalism) > 감시 자본주의는 이윤 창출을 주요 목적으로 하여 개인 데이터를 수집하고 상품화하는 데 중점을 둔 경제 시스템입니다.[^3] diff --git a/i18n/ko/desktop.md b/i18n/ko/desktop.md index 431b0128..458d0ed6 100644 --- a/i18n/ko/desktop.md +++ b/i18n/ko/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/ko/os/linux-overview.md b/i18n/ko/os/linux-overview.md index 1ace1225..39cd56ee 100644 --- a/i18n/ko/os/linux-overview.md +++ b/i18n/ko/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/ko/os/windows/index.md b/i18n/ko/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/ko/os/windows/index.md +++ b/i18n/ko/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/ku-IQ/basics/common-misconceptions.md b/i18n/ku-IQ/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/ku-IQ/basics/common-misconceptions.md +++ b/i18n/ku-IQ/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/ku-IQ/basics/common-threats.md b/i18n/ku-IQ/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/ku-IQ/basics/common-threats.md +++ b/i18n/ku-IQ/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/ku-IQ/desktop.md b/i18n/ku-IQ/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/ku-IQ/desktop.md +++ b/i18n/ku-IQ/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/ku-IQ/os/linux-overview.md b/i18n/ku-IQ/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/ku-IQ/os/linux-overview.md +++ b/i18n/ku-IQ/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/ku-IQ/os/windows/index.md b/i18n/ku-IQ/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/ku-IQ/os/windows/index.md +++ b/i18n/ku-IQ/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/nl/basics/common-misconceptions.md b/i18n/nl/basics/common-misconceptions.md index 6bf8bf2e..c4f7a827 100644 --- a/i18n/nl/basics/common-misconceptions.md +++ b/i18n/nl/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Deze mythes komen voort uit een aantal vooroordelen, maar of de broncode beschikbaar is en hoe software in licentie wordt gegeven, heeft op geen enkele manier invloed op de beveiliging ervan. ==Open-source software heeft de *potentieel* om veiliger te zijn dan propriëtaire software, maar er is absoluut geen garantie dat dit het geval is.== Wanneer je software evalueert, moet je op individuele basis naar de reputatie en beveiliging van elke tool kijken. -Open-source software *kan* worden gecontroleerd door derden, en is vaak transparanter over mogelijke kwetsbaarheden dan propriëtaire tegenhangers. Ze kunnen ook flexibeler zijn, zodat je in de code kunt duiken en alle verdachte functionaliteit kunt uitschakelen die je zelf vindt. Echter, *tenzij je dit zelf doet*, is er geen garantie dat code ooit is geëvalueerd, vooral bij kleinere softwareprojecten. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *kan* worden gecontroleerd door derden, en is vaak transparanter over mogelijke kwetsbaarheden dan propriëtaire tegenhangers. Ze kunnen ook flexibeler zijn, zodat je in de code kunt duiken en alle verdachte functionaliteit kunt uitschakelen die je zelf vindt. Echter, *tenzij je dit zelf doet*, is er geen garantie dat code ooit is geëvalueerd, vooral bij kleinere softwareprojecten. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Aan de andere kant is propriëtaire software minder transparant, maar dat betekent niet dat het niet veilig is. Grote propriëtaire softwareprojecten kunnen intern en door derden worden gecontroleerd, en onafhankelijke veiligheidsonderzoekers kunnen nog steeds kwetsbaarheden vinden met technieken als reverse engineering. diff --git a/i18n/nl/basics/common-threats.md b/i18n/nl/basics/common-threats.md index 2c17887a..b639b84b 100644 --- a/i18n/nl/basics/common-threats.md +++ b/i18n/nl/basics/common-threats.md @@ -6,15 +6,50 @@ description: Jouw dreigingsmodel is persoonlijk voor je, maar dit zijn enkele va In grote lijnen delen wij onze aanbevelingen in in deze algemene categorieën van [bedreigingen](threat-modeling.md) of doelstellingen die voor de meeste mensen gelden. ==U kunt zich bezighouden met geen, een, enkele, of al deze mogelijkheden==, en de instrumenten en diensten die je gebruikt hangen af van wat jouw doelstellingen zijn. Misschien heb je ook specifieke bedreigingen buiten deze categorieën, en dat is prima! Het belangrijkste is dat je inzicht krijgt in de voordelen en tekortkomingen van de middelen die je gebruikt, want vrijwel geen enkel middel beschermt je tegen elke denkbare bedreiging. -- :material-incognito: Anonimiteit - Het afschermen van jouw online activiteiten van jouw echte identiteit, waardoor je beschermd bent tegen mensen die proberen te achterhalen *jouw* identiteit specifiek. -- :material-target-account: Gerichte aanvallen - Beschermd zijn tegen gerichte hackers of andere kwaadwillenden die toegang proberen te krijgen tot *jouw* gegevens of apparaten specifiek. -- :material-bug-outline: Passieve aanvallen - Beschermd zijn tegen zaken als malware, inbreuken op gegevens en andere aanvallen die tegen veel mensen tegelijk worden uitgevoerd -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Dienstverleners - Bescherming van jouw gegevens tegen dienstverleners, bv. met end-to-endencryptie waardoor jouw gegevens onleesbaar worden voor de server. -- :material-eye-outline: Mass Surveillance - Bescherming tegen overheidsinstellingen, organisaties, websites en diensten die samenwerken om jouw activiteiten te volgen. -- :material-account-cash: Surveillance Capitalism - Jezelf beschermen tegen grote advertentienetwerken zoals Google en Facebook, en een groot aantal andere gegevensverzamelaars van derden -- :material-account-search: Public Exposure - het beperken van de informatie over je die online toegankelijk is voor zoekmachines of het grote publiek. -- :material-close-outline: Censuur - Voorkomen van gecensureerde toegang tot informatie en zelf gecensureerd worden als je online spreekt +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Sommige van deze bedreigingen kunnen zwaarder wegen dan andere, afhankelijk van jouw specifieke zorgen. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Op dezelfde manier is de "gemiddelde consument" misschien in de eerste plaats bezorgd over :material-account-search: Public Exposure van zijn persoonsgegevens, maar moet hij toch op zijn hoede zijn voor op beveiliging gerichte zaken zoals :material-bug-outline: Passive Attacks zoals malware die zijn apparaten aantast. @@ -45,6 +80,8 @@ Apps kunnen geen root-toegang krijgen en hebben alleen toegang tot systeembronneACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Ondanks de toenemende massasurveillance in de Verenigde Staten heeft de regering vastgesteld dat massasurveillanceprogramma's zoals Section 215 "weinig unieke waarde" hebben gehad wat betreft het stoppen van daadwerkelijke misdaden of terroristische complotten, waarbij de inspanningen grotendeels de eigen gerichte surveillanceprogramma's van de FBI dupliceren.[^2] -Ondanks de toenemende massasurveillance in de Verenigde Staten is de regering tot de conclusie gekomen dat massasurveillanceprogramma's zoals Sectie 215 "weinig unieke waarde" hebben gehad wat betreft het stoppen van echte misdaden of terroristische complotten, waarbij de inspanningen grotendeels een herhaling zijn van de eigen gerichte surveillanceprogramma's van de FBI.[^1] +Online, you can be tracked via a variety of methods, including but not limited to: - Jouw IP-adres - Browser cookies @@ -140,10 +179,10 @@ Ondanks de toenemende massasurveillance in de Verenigde Staten is de regering to - Jouw browser of apparaat vingerafdruk - Correlatie van betalingsmethodes -\[Deze lijst is niet uitputtend]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance kapitalisme > Het surveillance kapitalisme is een economisch systeem dat draait om het vastleggen en verhandelen van persoonsgegevens met als hoofddoel het maken van winst.[^2] diff --git a/i18n/nl/desktop.md b/i18n/nl/desktop.md index 0e2eca97..d5ff3fe7 100644 --- a/i18n/nl/desktop.md +++ b/i18n/nl/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/nl/os/linux-overview.md b/i18n/nl/os/linux-overview.md index 513e4d98..f5fa21a6 100644 --- a/i18n/nl/os/linux-overview.md +++ b/i18n/nl/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/nl/os/windows/index.md b/i18n/nl/os/windows/index.md index 2e374f6e..8f39677f 100644 --- a/i18n/nl/os/windows/index.md +++ b/i18n/nl/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Opmerkingen -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/pl/basics/common-misconceptions.md b/i18n/pl/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/pl/basics/common-misconceptions.md +++ b/i18n/pl/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/pl/basics/common-threats.md b/i18n/pl/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/pl/basics/common-threats.md +++ b/i18n/pl/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/pl/desktop.md b/i18n/pl/desktop.md index 1cff547b..0ceb203d 100644 --- a/i18n/pl/desktop.md +++ b/i18n/pl/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/pl/os/linux-overview.md b/i18n/pl/os/linux-overview.md index e0984df0..72c8d7a8 100644 --- a/i18n/pl/os/linux-overview.md +++ b/i18n/pl/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/pl/os/windows/index.md b/i18n/pl/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/pl/os/windows/index.md +++ b/i18n/pl/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/pt-BR/basics/common-misconceptions.md b/i18n/pt-BR/basics/common-misconceptions.md index bd71c321..2641a206 100644 --- a/i18n/pt-BR/basics/common-misconceptions.md +++ b/i18n/pt-BR/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Estes mitos resultam de uma série de preconceitos, mas se o código fonte está disponível e a forma como o software é licenciado não afecta de modo algum a sua segurança de forma inerente. ==Software de código aberto tem o *potencial* para ser mais seguro do que um software proprietário, mas não existe qualquer garantia de que assim seja.== Quando se avalia o software, se deve olhar a reputação e a segurança de cada ferramenta numa base individual. -O software de código aberto *pode* ser auditado por terceiros, e é muitas vezes mais transparente sobre potenciais vulnerabilidades do que os seus equivalentes proprietários. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +O software de código aberto *pode* ser auditado por terceiros, e é muitas vezes mais transparente sobre potenciais vulnerabilidades do que os seus equivalentes proprietários. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/pt-BR/basics/common-threats.md b/i18n/pt-BR/basics/common-threats.md index 2b5e0cba..9256c582 100644 --- a/i18n/pt-BR/basics/common-threats.md +++ b/i18n/pt-BR/basics/common-threats.md @@ -6,15 +6,50 @@ description: Seu modelo de ameaça é personalizado para você, mas estas são a Em resumo, nós agrupamos nossas recomendações considerando as [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Você pode estar preocupado com nenhuma, uma, poucas ou todas essas possibilidades==, e as ferramentas e serviços para você usar vão de depender de quais são seus objetivos. Você também pode ter ameaças específicas fora dessas categorias, o que é perfeitamente normal! A parte importante é desenvolver um entendimento dos benefícios e das deficiências das ferramentas que você escolher usar, pois, praticamente nenhuma delas o protegerá de todas as ameaças. -- :material-incognito: Anonimato — Proteger sua atividade on-line de sua identidade real, proteger você de pessoas que estão tentando descobrir especificamente *sua* identidade. -- :material-target-account: Ataques Direcionados — Estar protegido contra hackers ou outros agentes mal-intencionados que estão tentando obter acesso especificamente aos *seus* dados ou dispositivos. -- :material-bug-outline: Ataques Passivos — Estar protegido contra coisas como vírus (malware), violações de dados e outros ataques feitos contra muitas pessoas ao mesmo tempo. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Provedores de Serviço — Proteger seus dados de provedores de serviços (por exemplo, com ponta-a-ponta (E2EE), que torna seus dados ilegíveis para o servidor). -- :material-eye-outline: Vigilância em Massa — Proteção contra agências governamentais, organizações, sites e serviços que trabalham juntos para rastrear suas atividades. -- :material-account-cash: Capitalismo de Vigilância — Proteção contra grandes redes de publicidade, como Google e Facebook, bem como uma infinidade de outros coletores de dados de terceiros. -- :material-account-search: Exposição Pública — Limitar as informações sobre você que podem ser acessadas on-line — para mecanismos de pesquisa ou para o público em geral. -- :material-close-outline: Censura — Evitar a censura que afeta o acesso às informações ou que você mesmo seja censurado ao falar on-line. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Algumas dessas ameaças podem ser mais importantes para você do que outras, dependendo de suas preocupações específicas. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Da mesma forma, muitas pessoas podem estar preocupadas principalmente com a :material-account-search: Exposição Pública de seus dados pessoais, mas ainda assim devem ser cautelosas com questões voltadas para a segurança, como :material-bug-outline: Ataques Passivos — como vírus (malware) que afeta seus dispositivos. @@ -45,6 +80,8 @@ Sistemas operacionais de mesa geralmente ficam para trás em termos de isolamentACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Cookies do navegador @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - A impressão digital do seu navegador ou dispositivo - Correlação dos métodos de pagamento -\[Esta lista não é exaustiva]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/pt-BR/desktop.md b/i18n/pt-BR/desktop.md index 78fc8cb9..6473d044 100644 --- a/i18n/pt-BR/desktop.md +++ b/i18n/pt-BR/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/pt-BR/os/linux-overview.md b/i18n/pt-BR/os/linux-overview.md index 64fd1c94..1dd62f98 100644 --- a/i18n/pt-BR/os/linux-overview.md +++ b/i18n/pt-BR/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/pt-BR/os/windows/index.md b/i18n/pt-BR/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/pt-BR/os/windows/index.md +++ b/i18n/pt-BR/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/pt/basics/common-misconceptions.md b/i18n/pt/basics/common-misconceptions.md index dec11125..11ffdc8c 100644 --- a/i18n/pt/basics/common-misconceptions.md +++ b/i18n/pt/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Estes mitos têm origem numa série de preconceitos, mas o facto de o código-fonte estar ou não disponível e como o software é licenciado não afetam de forma alguma a sua segurança. ==O software de código aberto tem o *potencial* de ser mais seguro do que o software proprietário, mas não há qualquer garantia de que seja esse o caso.== Ao avaliar o software, deve analisar a reputação e a segurança de cada ferramenta numa base individual. -O software de código aberto *pode* ser auditado por terceiros e é frequentemente mais transparente relativamente a potenciais vulnerabilidades do que as contrapartes proprietárias. Permite-lhe também rever o código e desativar qualquer funcionalidade suspeita que encontre. No entanto, *a menos que o faça*, não há garantia de que o código tenha sido alguma vez avaliado, especialmente em projetos de software menores. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +O software de código aberto *pode* ser auditado por terceiros e é frequentemente mais transparente relativamente a potenciais vulnerabilidades do que as contrapartes proprietárias. Permite-lhe também rever o código e desativar qualquer funcionalidade suspeita que encontre. No entanto, *a menos que o faça*, não há garantia de que o código tenha sido alguma vez avaliado, especialmente em projetos de software menores. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] Por outro lado, o software proprietário é menos transparente, mas isso não significa que não seja seguro. Os principais projetos de software proprietário podem ser auditados internamente e por agências terceiras, e os investigadores de segurança independentes podem ainda encontrar vulnerabilidades com técnicas como a engenharia inversa. diff --git a/i18n/pt/basics/common-threats.md b/i18n/pt/basics/common-threats.md index 97f47cda..9b240298 100644 --- a/i18n/pt/basics/common-threats.md +++ b/i18n/pt/basics/common-threats.md @@ -6,15 +6,50 @@ description: Cada utilizador tem o seu modelo de ameaça, mas estes são alguns Em termos gerais, categorizamos as nossas recomendações no tipo de [ameaças](threat-modeling.md) ou objetivos que se aplicam à maioria das pessoas. ==Pode preocupar-se com nenhuma, uma, algumas ou todas estas possibilidades==, e as ferramentas e serviços que utiliza dependem dos seus objetivos. Também pode ter ameaças específicas fora destas categorias, o que é perfeitamente normal! O que importa realmente é que compreenda as vantagens e desvantagens das ferramentas que escolher, uma vez que praticamente nenhuma delas o protegerá de todas as ameaças. -- :material-incognito: Anonimato - Protege a sua atividade online da sua identidade real, protegendo-o de pessoas que estão a tentar descobrir *a sua * identidade. -- :material-target-account: Ataques direcionados - Estar protegido contra hackers ou outros agentes maliciosos que estão a tentar obter acesso aos *seus* dados ou dispositivos. -- :material-bug-outline: Ataques passivos - Estar protegido contra coisas como malware, violações de dados e outros ataques que são feitos contra muitas pessoas ao mesmo tempo. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Fornecedores de serviços - Proteger os seus dados dos fornecedores de serviços (por exemplo, com E2EE, que torna os seus dados ilegíveis para o servidor). -- :material-eye-outline: Vigilância em massa - Proteção contra agências governamentais, organizações, sites e serviços que trabalham em conjunto para seguir as suas atividades. -- :material-account-cash: Capitalismo de vigilância - Proteger-se das grandes redes de marketing, como o Google e o Facebook, bem como de uma miríade de outros coletores de dados de terceiros. -- :material-account-search: Exposição pública - Limitar as informações sobre si que estão acessíveis online - para motores de busca ou para o público em geral. -- :material-close-outline: Censura - Evitar a censura ao acesso de informações ou quando nos expressamos online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Algumas destas ameaças podem ser mais importantes para si do que outras, dependendo das suas preocupações específicas. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Da mesma forma, muitas pessoas podem estar principalmente preocupadas com a :material-account-search: Exposição pública dos seus dados pessoais, mas podem também importar-se com questões de segurança, como :material-bug-outline: Ataques passivos- como o malware que afeta os seus dispositivos. @@ -45,6 +80,8 @@ Os sistemas operativos para desktop deixam a desejar no que diz respeito a uma aACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Apesar da crescente vigilância em massa nos Estados Unidos, o governo concluiu que os programas de vigilância em massa, como a Secção 215, têm tido "pouco valor único" no que diz respeito a impedir crimes reais ou conspirações terroristas, com esforços que duplicam em grande parte os programas de vigilância direcionada do próprio FBI.[^2] -Enquanto online, pode ser seguido através de uma variedade de métodos: +Online, you can be tracked via a variety of methods, including but not limited to: - O seu endereço IP - Cookies do browser @@ -140,10 +179,10 @@ Enquanto online, pode ser seguido através de uma variedade de métodos: - A impressão digital do seu browser ou dispositivo - Correlação dos métodos de pagamento -\[Esta não é uma lista exaustiva]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Capitalismo de vigilância > O capitalismo de vigilância é um sistema económico centrado na captura e mercantilização de dados pessoais, com o objetivo principal de gerar lucro.[^3] diff --git a/i18n/pt/desktop.md b/i18n/pt/desktop.md index 1b52a5df..d1caefea 100644 --- a/i18n/pt/desktop.md +++ b/i18n/pt/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/pt/os/linux-overview.md b/i18n/pt/os/linux-overview.md index fb2e61ab..f0c32c6c 100644 --- a/i18n/pt/os/linux-overview.md +++ b/i18n/pt/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/pt/os/windows/index.md b/i18n/pt/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/pt/os/windows/index.md +++ b/i18n/pt/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/ru/basics/common-misconceptions.md b/i18n/ru/basics/common-misconceptions.md index 105ff3d4..07aef48e 100644 --- a/i18n/ru/basics/common-misconceptions.md +++ b/i18n/ru/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Эти мифы проистекают из ряда предрассудков, однако доступность исходного кода и способ лицензирования программного обеспечения по своей сути никак не влияют на его безопасность. ==Программное обеспечение с открытым исходным кодом имеет *потенциал* быть более безопасным, чем проприетарное программное обеспечение, но нет абсолютно никаких гарантий, что это так.== Когда вы оцениваете программное обеспечение, вы должны смотреть на репутацию и безопасность каждого инструмента в отдельности. -Программное обеспечение с открытым исходным кодом *может* проверяться третьими сторонами, и зачастую оно более прозрачно в отношении потенциальных уязвимостей, чем проприетарные аналоги. Оно также позволяет просматривать код и отключать любые подозрительные функции, которые вы обнаружите. Однако, *если вы не сделаете этого*, нет никакой гарантии того, что код когда-либо проверялся, особенно в небольших проектах. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Программное обеспечение с открытым исходным кодом *может* проверяться третьими сторонами, и зачастую оно более прозрачно в отношении потенциальных уязвимостей, чем проприетарные аналоги. Оно также позволяет просматривать код и отключать любые подозрительные функции, которые вы обнаружите. Однако, *если вы не сделаете этого*, нет никакой гарантии того, что код когда-либо проверялся, особенно в небольших проектах. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] С другой стороны, проприетарное программное обеспечение менее прозрачно, но это не означает, что оно небезопасно. Крупные проекты по разработке проприетарного программного обеспечения могут подвергаться внутреннему аудиту и аудиту сторонних организаций, а независимые исследователи безопасности все еще могут находить уязвимости с помощью таких методов, как реверс-инжиниринг. diff --git a/i18n/ru/basics/common-threats.md b/i18n/ru/basics/common-threats.md index 51da8988..f485b9fd 100644 --- a/i18n/ru/basics/common-threats.md +++ b/i18n/ru/basics/common-threats.md @@ -6,15 +6,50 @@ description: Модель угрозы уникальна для каждого, В широком смысле мы разделяем наши рекомендации по категориям [угроз](threat-modeling.md) или целей, которые применимы к большинству людей. ==Вас может волновать одна, несколько, все эти возможности или они могут не волновать вас вовсе==, и инструменты и услуги, которые вы используете, зависят от ваших целей. У тебя могут быть специфичные угрозы, не относящиеся к этим категориям, что определённо нормально! Важной частью является развитие понимания преимуществ и недостатков инструментов, которые ты решил использовать, потому что ни один из них не защитит тебя от всех угроз. -- :material-incognito: Анонимность - изоляция твоей деятельности в интернете от твоей настоящей личности, защита тебя от людей, пытающихся раскрыть *именно твою* личность. -- :material-target-account: Таргетированные атаки - защита от хакеров и других злоумышленников, которые пытаются получить доступ к *именно твоим* данным и устройствам. -- :material-bug-outline: Пассивные атаки - защита от таких вещей, как вредоносное ПО, утечка данных и других атак, которые совершаются одновременно против многих людей. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Поставщики услуг - защита твоих данных от поставщиков услуг (например, с помощью E2EE, которое делает твои данные нечитаемыми для сервера). -- :material-eye-outline: Массовая слежка - защита от правительственных агентств, организаций, веб-сайтов и служб, которые совместно отслеживают твою активность. -- :material-account-cash: Капитализм слежки - Защита от крупных рекламных сетей, таких как Google и Facebook, а также от множества других сторонних сборщиков данных. -- :material-account-search: Публичная экспозиция - ограничение информации о вас, которая доступна онлайн поисковым системам или широкой общественности. -- :material-close-outline: Цензура - избегание цензуры как для доступа к информации, так и для её создания онлайн. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. В зависимости от твоих конкретных ситуаций, некоторые угрозы могут быть более важные, чем другие. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Аналогичным образом, многие люди могут быть в первую очередь обеспокоены :material-account-search: публичной экспозицией своих личных данных, но им все равно следует опасаться проблем, связанных с безопасностью, таких как :material-bug-outline: пассивные атаки - например, вредоносных программ, воздействующих на их устройства. @@ -45,6 +80,8 @@ description: Модель угрозы уникальна для каждого,ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Несмотря на растущую массовую слежку в Соединенных Штатах, правительство обнаружило, что программы массовой слежки, такие как Раздел 215, имеют "мало уникальной ценности" в отношении пресечения реальных преступлений или террористических заговоров, а усилия в основном дублируют собственные целевые программы слежки ФБР.[^2] -В Интернете тебя можно отследить по различным параметрам: +Online, you can be tracked via a variety of methods, including but not limited to: - Твой IP адрес - Файлы cookie в браузере @@ -140,10 +179,10 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS - Цифровой отпечаток твоего браузера или устройства - Корреляция способов оплаты -\[Этот список не является исчерпывающим]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Капитализм слежки > Капитализм слежки - это экономическая система, сосредоточенная вокруг сбора и коммерциализации персональных данных с основной целью получения прибыли.[^3] diff --git a/i18n/ru/desktop.md b/i18n/ru/desktop.md index 5d26eaf0..19ba33a6 100644 --- a/i18n/ru/desktop.md +++ b/i18n/ru/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/ru/os/linux-overview.md b/i18n/ru/os/linux-overview.md index bf6d463b..750fcad1 100644 --- a/i18n/ru/os/linux-overview.md +++ b/i18n/ru/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/ru/os/windows/index.md b/i18n/ru/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/ru/os/windows/index.md +++ b/i18n/ru/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/sv/basics/common-misconceptions.md b/i18n/sv/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/sv/basics/common-misconceptions.md +++ b/i18n/sv/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/sv/basics/common-threats.md b/i18n/sv/basics/common-threats.md index d6688f54..bfabc6ba 100644 --- a/i18n/sv/basics/common-threats.md +++ b/i18n/sv/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. ChromACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Trots den ökande massövervakningen i USA har regeringen konstaterat att massövervakningsprogram som avsnitt 215 har haft "litet unikt värde" när det gäller att stoppa faktiska brott eller terroristplaner, och att insatserna i stort sett har varit en kopia av FBI:s egna riktade övervakningsprogram.[^2] -På nätet kan du spåras på olika sätt: +Online, you can be tracked via a variety of methods, including but not limited to: - Din IP-adress - Webbläsarcookies @@ -140,10 +179,10 @@ På nätet kan du spåras på olika sätt: - Fingeravtryck från din webbläsare eller enhet - Betalningsmetod korrelation -\[Denna lista är inte uttömmande]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Övervakningskapitalism > Övervakningskapitalism är ett ekonomiskt system som är centrerat kring insamling och kommersialisering av personuppgifter i syfte att skapa vinst.[^3] diff --git a/i18n/sv/desktop.md b/i18n/sv/desktop.md index c12d02b0..e53e8afe 100644 --- a/i18n/sv/desktop.md +++ b/i18n/sv/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/sv/os/linux-overview.md b/i18n/sv/os/linux-overview.md index 75ca7102..96d7f66e 100644 --- a/i18n/sv/os/linux-overview.md +++ b/i18n/sv/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/sv/os/windows/index.md b/i18n/sv/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/sv/os/windows/index.md +++ b/i18n/sv/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/tr/basics/common-misconceptions.md b/i18n/tr/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/tr/basics/common-misconceptions.md +++ b/i18n/tr/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/tr/basics/common-threats.md b/i18n/tr/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/tr/basics/common-threats.md +++ b/i18n/tr/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/tr/desktop.md b/i18n/tr/desktop.md index b1992e51..d154b811 100644 --- a/i18n/tr/desktop.md +++ b/i18n/tr/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/tr/os/linux-overview.md b/i18n/tr/os/linux-overview.md index aaa2f89c..4a38ed81 100644 --- a/i18n/tr/os/linux-overview.md +++ b/i18n/tr/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/tr/os/windows/index.md b/i18n/tr/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/tr/os/windows/index.md +++ b/i18n/tr/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/uk/basics/common-misconceptions.md b/i18n/uk/basics/common-misconceptions.md index 68ce9d70..4314348b 100644 --- a/i18n/uk/basics/common-misconceptions.md +++ b/i18n/uk/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: Ці міфи випливають з низки упереджень, але доступність вихідного коду та спосіб ліцензування програмного забезпечення жодним чином не впливають на його безпеку. == Програмне забезпечення з відкритим вихідним кодом має *потенціал* бути безпечнішим, ніж пропрієтарне програмне забезпечення, але немає жодних гарантій, що це так.== Коли ви оцінюєте програмне забезпечення, ви повинні дивитися на репутацію та безпеку кожного інструменту на індивідуальній основі. -Програмне забезпечення з відкритим кодом *може* перевірятися третіми сторонами і часто є більш прозорим щодо потенційних вразливостей, ніж пропрієтарні аналоги. Це також дає змогу ознайомитися з кодом та вимкнути всі підозрілі функції, які ви знайдете самі. Однак, *якщо ви не зробите цього*, немає ніякої гарантії, що код коли-небудь оцінювався, особливо для невеликих проєктів. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Програмне забезпечення з відкритим кодом *може* перевірятися третіми сторонами і часто є більш прозорим щодо потенційних вразливостей, ніж пропрієтарні аналоги. Це також дає змогу ознайомитися з кодом та вимкнути всі підозрілі функції, які ви знайдете самі. Однак, *якщо ви не зробите цього*, немає ніякої гарантії, що код коли-небудь оцінювався, особливо для невеликих проєктів. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] З іншого боку, пропрієтарне програмне забезпечення менш прозоре, але це не означає, що воно не є безпечним. Великі проєкти пропрієтарного програмного забезпечення можуть бути перевірені як внутрішніми, так і сторонніми організаціями, а незалежні дослідники безпеки все ще можуть знайти вразливості за допомогою таких методів, як зворотна інженерія. diff --git a/i18n/uk/basics/common-threats.md b/i18n/uk/basics/common-threats.md index 5f461b22..625d2b03 100644 --- a/i18n/uk/basics/common-threats.md +++ b/i18n/uk/basics/common-threats.md @@ -6,15 +6,50 @@ description: Ваша модель загроз є особистою, але ц Загалом, ми класифікуємо наші рекомендації на [загрози](threat-modeling.md) або цілі, які стосуються більшості людей. ==Ви можете бути зацікавлені в жодній, одній, кількох або всіх цих можливостях==, і інструменти та сервіси, які ви використовуєте, залежать від того, які цілі ви ставите перед собою. Ви також можете мати специфічні загрози поза цими категоріями, і це цілком нормально! Важливою частиною є розуміння переваг і недоліків інструментів, які ви обираєте, оскільки практично жоден з них не захистить вас від усіх можливих загроз. -- :material-incognito: Анонімність — розмежування вашої активності в Інтернеті від вашої реальної особистості, захист від людей, які намагаються розкрити саме *вашу* особистість. -- :material-target-account: Цільові атаки — захист від хакерів та інших зловмисників, які намагаються отримати доступ саме до *ваших* даних або пристроїв. -- :material-bug-outline: Пасивні атаки — захист від таких речей, як шкідливе програмне забезпечення, витік даних та інших атак, спрямованих проти багатьох людей одразу. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Постачальники послуг — захист ваших даних від постачальників послуг (наприклад, за допомогою E2EE, що робить ваші дані нечитабельними для сервера). -- :material-eye-outline: Масове спостереження — захист від державних установ, організацій, веб-сайтів та служб, які працюють разом, щоб відстежувати вашу діяльність. -- :material-account-cash: Капіталізм нагляду — захист від великих рекламних мереж, таких як Google і Facebook, а також безлічі інших сторонніх збирачів даних. -- :material-account-search: Публічний розголос — обмеження інформації про вас, яка доступна в Інтернеті - пошуковим системам або широкій громадськості. -- :material-close-outline: Цензура — уникнення цензурованого доступу до інформації або цензури під час спілкування в Інтернеті. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Деякі з цих загроз можуть бути важливішими для вас, ніж інші, залежно від ваших конкретних проблем. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Аналогічно, багато людей можуть бути в першу чергу стурбовані :material-account-search: публічним розголошенням їхніх персональних даних, але їм все одно слід остерігатися проблем, пов'язаних з безпекою, таких як :material-bug-outline: пасивні атаки — як-от шкідливе програмне забезпечення, що вражає їхні пристрої. @@ -45,6 +80,8 @@ description: Ваша модель загроз є особистою, але цACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Незважаючи на зростання масового стеження в США, уряд виявив, що програми масового стеження, такі як Розділ 215, мають "невелику унікальну цінність" щодо припинення реальних злочинів або терористичних змов, а їхні зусилля значною мірою дублюють власні програми цільового стеження, що проводяться ФБР.[^2] -В Інтернеті вас можуть відстежувати різними способами: +Online, you can be tracked via a variety of methods, including but not limited to: - Ваша IP-адреса - Файли cookie браузера @@ -140,10 +179,10 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS - Відбиток вашого браузера або пристрою - Кореляція способів оплати -\[Цей список не є вичерпним]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Капіталізм нагляду > Капіталізм нагляду - це економічна система, в основі якої лежить збір і комерціалізація персональних даних з метою отримання прибутку.[^3] diff --git a/i18n/uk/desktop.md b/i18n/uk/desktop.md index 13549cc2..13e2c2a0 100644 --- a/i18n/uk/desktop.md +++ b/i18n/uk/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/uk/os/linux-overview.md b/i18n/uk/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/uk/os/linux-overview.md +++ b/i18n/uk/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/uk/os/windows/index.md b/i18n/uk/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/uk/os/windows/index.md +++ b/i18n/uk/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/vi/basics/common-misconceptions.md b/i18n/vi/basics/common-misconceptions.md index b0066544..6832f170 100644 --- a/i18n/vi/basics/common-misconceptions.md +++ b/i18n/vi/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. diff --git a/i18n/vi/basics/common-threats.md b/i18n/vi/basics/common-threats.md index 7d8bf19a..7b040b0b 100644 --- a/i18n/vi/basics/common-threats.md +++ b/i18n/vi/basics/common-threats.md @@ -6,15 +6,50 @@ description: Your threat model is personal to you, but these are some of the thi Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. -- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. -- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. -- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. -- :material-package-variant-closed-remove: Supply Chain Attacks - A vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. -- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). -- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. -- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. -- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. -- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. @@ -45,6 +80,8 @@ Desktop operating systems generally lag behind on proper sandboxing. ChromeOS haACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] -Online, you can be tracked via a variety of methods: +Online, you can be tracked via a variety of methods, including but not limited to: - Your IP address - Browser cookies @@ -140,10 +179,10 @@ Online, you can be tracked via a variety of methods: - Your browser or device fingerprint - Payment method correlation -\[This list isn't exhaustive]. - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: Surveillance Capitalism > Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] diff --git a/i18n/vi/desktop.md b/i18n/vi/desktop.md index 7d0cef63..086ee82b 100644 --- a/i18n/vi/desktop.md +++ b/i18n/vi/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/vi/os/linux-overview.md b/i18n/vi/os/linux-overview.md index 103c202d..69b537ed 100644 --- a/i18n/vi/os/linux-overview.md +++ b/i18n/vi/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/vi/os/windows/index.md b/i18n/vi/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/vi/os/windows/index.md +++ b/i18n/vi/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/zh-Hant/basics/common-misconceptions.md b/i18n/zh-Hant/basics/common-misconceptions.md index 71a1e148..b6757f89 100644 --- a/i18n/zh-Hant/basics/common-misconceptions.md +++ b/i18n/zh-Hant/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: 這些迷思源於許多偏見,原始碼是否開放以及軟體的許可並不會以任何方式影響其安全性。 ==開源軟件 *可能* 比商業軟件更安全,但絕對不能保證這一點。==評估軟體時,您應該根據每個工具的聲譽和安全性進行評估。 -開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非您真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 開放開發過程有時也被利用引入新的漏洞,稱為:material-package-variant-closed-remove: Supply Chain Attacks,這些漏洞將在[常見威脅一章](common-threats.md)進一步討論。[^1] +開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非您真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] 另一方面,專有軟件不太透明,但這並不意味著它不安全。 主要的商用軟件專案會由內部和第三方機構進行審計,獨立的安全研究人員仍然可以通過逆向工程等技術發現漏洞。 diff --git a/i18n/zh-Hant/basics/common-threats.md b/i18n/zh-Hant/basics/common-threats.md index 680c5a26..a7b640d2 100644 --- a/i18n/zh-Hant/basics/common-threats.md +++ b/i18n/zh-Hant/basics/common-threats.md @@ -6,15 +6,50 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多 廣義來講,我們將建議歸類為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 您可能會在意各種可能性的組合,而選用的工具和服務則取決於您的目標何在。 您也可能有超出這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。 -- :material-incognito: 匿名 -保護您的在線活動免受您真實身份影響,保護您防範某些企圖揭露 *您* 身份的侵害。 -- :material-target-account: 針對性攻擊 -保護免受駭客或其他惡意行為者的攻擊,他們正試圖存取訪問 *您的* 資料或設備。 -- :material-bug-outline: 被動攻擊 -保護免受惡意軟體、數據洩露和其他同時針對多人的攻擊。 -- :material-package-variant-closed-remove: 供應鏈攻擊 - 直接或透過第三方依賴軟體引入的弱點或破壞。 -- :material-server-network: 服務供應商 - 保護您的資料免受服務供應商侵害(例如,使用 E2EE ,使您保存在伺服器的資料無法被他人讀取)。 -- :material-eye-outline: 大規模監控 -保護您免受政府機構、組織、網站和服務共同追蹤您的活動。 -- :material-account-cash: 監控資本主義 - 保議自己不會被 Google, Facebook 等大型網路廣告以及其它無數第三方資料收集者監控。 -- :material-account-search: 公開曝光 -限制搜尋引擎或一般大眾可在網路上找到有關您的資訊。 -- :material-close-outline: 審查 -避免資訊被封鎖或自己的網路發言時受到審查。 +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. 其中一些威脅對您來說可能比其他威脅更嚴重,這取決於您的具體問題。 例如,有權存取有價值或關鍵資料的軟體開發人員可能主要關心 :material-package-variant-closed-remove: 供應鏈攻擊 和 :material-target-account: 針對性的攻擊。 他們可能仍然希望保護自己的個人資料免受 :material-eye-outline: 大規模監控 計劃的影響。 同樣,許多人主要關心其個人資料的 :material-account-search: 公開曝光 ,但他們仍應該警惕聚焦安全的問題,例如 :material-bug-outline: 被動攻擊—例如惡意軟件影響他們的設備。 @@ -45,6 +80,8 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多 儘管在美國有越來越多的大規模監控,政府卻發現像依 215 條採取的監控計畫在阻卻犯案與恐怖陰謀上沒有實用價值,它們幾乎只是重複著 FBI 所做的特定監控計畫而已。[^2] -在網上,您可以通過各種方法進行追蹤: +Online, you can be tracked via a variety of methods, including but not limited to: - 您的 IP 地址 - 瀏覽器 cookie @@ -140,10 +179,10 @@ description: 您的威脅模型雖說是個人的事,但它也是本站許多 - 您的瀏覽器或裝置指紋 - 付款方式關聯 -\ [此列表並非詳盡無缺]。 - 如果您擔心大規模監控計劃,您可以隨時隨地策略性避免提供識別個資,例如劃分您的網路身份,與其他用戶混合。 +## Surveillance as a Business Model + :material-account-cash: 監控資本主義 > 監控資本主義的核心是獲取個人資料並將之商品化,以謀求最大利潤的經濟體系。[^3] diff --git a/i18n/zh-Hant/desktop-browsers.md b/i18n/zh-Hant/desktop-browsers.md index 810f95cb..a2bf6dee 100644 --- a/i18n/zh-Hant/desktop-browsers.md +++ b/i18n/zh-Hant/desktop-browsers.md @@ -2,7 +2,7 @@ meta_title: "尊重隱私的 PC 和 Mac 網路瀏覽器 - Privacy Guides" title: "桌面瀏覽器" icon: material/laptop -description: These privacy-protecting browsers are what we currently recommend for standard/non-anonymous internet browsing on desktop systems. +description: 這些保護隱私的瀏覽器是我們目前推薦在桌上型系統上使用的標準/非匿名網路瀏覽器。 cover: desktop-browsers.webp schema: - diff --git a/i18n/zh-Hant/desktop.md b/i18n/zh-Hant/desktop.md index bb21498e..213a4d74 100644 --- a/i18n/zh-Hant/desktop.md +++ b/i18n/zh-Hant/desktop.md @@ -232,7 +232,7 @@ While we [recommend against](os/linux-overview.md#release-cycle) "perpetually ou - 免費且開放原始碼。 - 必須定期接收軟體和內核更新。 -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - 安裝時必須支援全磁碟加密。 - 不可將定期更新發佈凍結超過1年。 diff --git a/i18n/zh-Hant/os/linux-overview.md b/i18n/zh-Hant/os/linux-overview.md index 0a12bf75..0cc7fcf3 100644 --- a/i18n/zh-Hant/os/linux-overview.md +++ b/i18n/zh-Hant/os/linux-overview.md @@ -68,7 +68,7 @@ The atomic update method can achieve reliability with this model and is used for For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -使用 [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **者必須** 對該服務下載的 PKGBUILD進行審計。 AUR 軟體套件是社區製作的內容,未經任何審查,很容易受到軟體供應鏈的攻擊, [事實上已發生過這類事件](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository)。 +使用 [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **者必須** 對該服務下載的 PKGBUILD進行審計。 AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). 應該少用 AUR,而往往各種網頁有很多不好的建議,指導人們盲目地使用 [AUR 幫助器](https://wiki.archlinux.org/title/AUR_helpers) 卻沒有足夠警告。 Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/zh-Hant/os/windows/index.md b/i18n/zh-Hant/os/windows/index.md index 1e34b706..41e2d998 100644 --- a/i18n/zh-Hant/os/windows/index.md +++ b/i18n/zh-Hant/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## 隱私筆記 -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/i18n/zh/basics/common-misconceptions.md b/i18n/zh/basics/common-misconceptions.md index 6c7a7cc2..9aa5d781 100644 --- a/i18n/zh/basics/common-misconceptions.md +++ b/i18n/zh/basics/common-misconceptions.md @@ -42,7 +42,7 @@ schema: 这些神话源于一些偏见,但软件产品的来源和许可并不以任何方式内在地影响其安全性。 ==开源软件 *有可能* 比专有软件更安全, 但对于这一点没有绝对保证。== 在你评估软件时,需要去逐一检查每个工具的声誉和安全性。 - 开源软件 *,可以由第三方进行审计,而且通常比专有的同类软件对潜在的漏洞更加透明。 它还允许你审查代码并禁用你自己发现的任何可疑功能。 然而, *,除非你这样做*,否则不能保证代码曾经被评估过,特别是对于较小的软件项目。 The open development process has also sometimes been exploited to introduce new vulnerabilities known as :material-package-variant-closed-remove: Supply Chain Attacks, which are discussed further in our [Common Threats](common-threats.md) page.[^1] + 开源软件 *,可以由第三方进行审计,而且通常比专有的同类软件对潜在的漏洞更加透明。 它还允许你审查代码并禁用你自己发现的任何可疑功能。 然而, *,除非你这样做*,否则不能保证代码曾经被评估过,特别是对于较小的软件项目。 The open development process has also sometimes been exploited to introduce new vulnerabilities known as [:material-package-variant-closed-remove: Supply Chain Attacks](common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which are discussed further in our [Common Threats](common-threats.md) page.[^1] 从另一个角度看,专利软件的透明度较低,但这并不意味着它不安全。 主要的专利软件项目可以由内部和第三方机构进行审计,而独立的安全研究人员仍然可以通过逆向工程等技术找到漏洞。 diff --git a/i18n/zh/basics/common-threats.md b/i18n/zh/basics/common-threats.md index e39b1b74..a0a8885d 100644 --- a/i18n/zh/basics/common-threats.md +++ b/i18n/zh/basics/common-threats.md @@ -6,15 +6,50 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网 广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性==, 你应该使用的工具和服务取决于你的目标。 你可能也有这些类别之外的特定威胁,这完全可以! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。 -- :material-incognito: 匿名性 - 隔离你的线上活动和你的真实身份, 特别是要保护 *你的* 身份不被人揭露。 -- :material-target-account: 定向攻击 -防御专业黑客或恶意代理人获得,特别是 *你的* 数据或设备的访问权。 -- :material-bug-outline: 被动攻击 - 防御诸如恶意软件、数据泄露和其他一些同时针对许多人的攻击。 -- :material-package-variant-closed-remove: 供应链攻击 - 将漏洞或漏洞利用直接或通过第三方依赖引入到原本良好的软件中。 -- :material-server-network: 服务供应商 - 保护您的数据不受服务供应商的影响,例如,通过端到端加密使您的数据无法被服务器读取。 -- :material-eye-outline: 大规模监控 - 防止政府机构、组织、网站和服务联合起来共同追踪你的活动。 -- :material-account-cash: 监视资本主义 - 保护自己不受谷歌和Facebook等大型广告网络以及其他无数第三方数据收集者的影响 -- :material-account-search: 公开曝光 - 限制搜索引擎或一般公众在线访问到关于你的信息的能力。 -- :material-close-outline: 审查 - 避免信息的获取受到审查或者在网上的发言被审查。 +:material-incognito: **Anonymity** +: + +Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. + +:material-target-account: **Targeted Attacks** +: + +Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. + +:material-package-variant-closed-remove: **Supply Chain Attacks** +: + +Typically a form of :material-target-account: Targeted Attack that centers around a vulnerability or exploit introduced into otherwise good software either directly or through a dependency from a third party. + +:material-bug-outline: **Passive Attacks** +: + +Being protected from things like malware, data breaches, and other attacks that are made against many people at once. + +:material-server-network: **Service Providers** +: + +Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). + +:material-eye-outline: **Mass Surveillance** +: + +Protection from government agencies, organizations, websites, and services which work together to track your activities. + +:material-account-cash: **Surveillance Capitalism** +: + +Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. + +:material-account-search: **Public Exposure** +: + +Limiting the information about you that is accessible online—to search engines or the general public. + +:material-close-outline: **Censorship** +: + +Avoiding censored access to information or being censored yourself when speaking online. 其中一些威胁可能比其他威胁更重要,具体取决于您的关注点。 For example, a software developer with access to valuable or critical data may be primarily concerned with :material-package-variant-closed-remove: Supply Chain Attacks and :material-target-account: Targeted Attacks. They will likely still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. 同样,"普通人 "可能主要关心他们的个人数据的 :material-account-search: ,公开曝光 ,但他们仍应警惕那些侧重于安全的问题,比如:material-bug-outline: ,被动攻击,就像那些会影响到设备的恶意软件 。 @@ -45,6 +80,8 @@ description: 您的威胁模式是您自己量身定制的,但这些是本网ACLU: The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward
@@ -132,7 +171,7 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS 尽管美国的大规模监控越来越多,但政府发现,像第215条这样的大规模监控计划在阻止实际犯罪或恐怖主义阴谋方面 "没有什么独特的价值",其努力主要是重复联邦调查局自己的目标监控计划。[^2] -尽管美国的大规模监控越来越多,但政府发现,像第215条这样的大规模监控计划在阻止实际犯罪或恐怖主义阴谋方面 "没有什么独特的价值",这份工作基本上只是在重复联邦调查局本身的目标监控计划。[^1] +Online, you can be tracked via a variety of methods, including but not limited to: - 你的IP地址 - 浏览器 Cookie @@ -140,10 +179,10 @@ In the face of Edward Snowden's disclosures of government programs such as [PRIS - 你的浏览器或设备指纹 - 支付方式的关联 -\ [此列表并非详尽无遗]。 - If you're concerned about mass surveillance programs, you can use strategies like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +## Surveillance as a Business Model + :material-account-cash: 监视资本主义 > 监视资本主义是一种以获取个人数据和将个人数据商品化为核心,从而以此营利的经济体系。[^2] diff --git a/i18n/zh/desktop.md b/i18n/zh/desktop.md index 9300b394..52c028cb 100644 --- a/i18n/zh/desktop.md +++ b/i18n/zh/desktop.md @@ -232,7 +232,7 @@ Choosing a Linux distro that is right for you will come down to a huge variety o - Free and open source. - Receives regular software and kernel updates. -- Avoids X11, as its last major release was [more than a decade](https://www.x.org/wiki/Releases) ago. +- Avoids X11, as its last major release was [more than a decade](https://x.org/wiki/Releases) ago. - The notable exception here is Qubes, but the [isolation issues](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation) which X11 typically has are avoided by virtualization. This isolation only applies to apps *running in different qubes* (virtual machines); apps running in the *same* qube are not protected from each other. - Supports full-disk encryption during installation. - Doesn't freeze regular releases for more than 1 year. diff --git a/i18n/zh/os/linux-overview.md b/i18n/zh/os/linux-overview.md index b746e90a..e255f826 100644 --- a/i18n/zh/os/linux-overview.md +++ b/i18n/zh/os/linux-overview.md @@ -68,7 +68,7 @@ Arch and Arch-based distributions are not recommended for those new to Linux (re For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](#mandatory-access-control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository) **must** be comfortable auditing PKGBUILDs that they download from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations ""){.pg-viridian}, which has in fact happened [in the past](https://bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository). The AUR should always be used sparingly, and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to the use of third-party Personal Package Archives (PPAs) on Debian-based distributions or Community Projects (COPR) on Fedora. diff --git a/i18n/zh/os/windows/index.md b/i18n/zh/os/windows/index.md index 8217591b..6238bb21 100644 --- a/i18n/zh/os/windows/index.md +++ b/i18n/zh/os/windows/index.md @@ -26,7 +26,7 @@ This section is a work in progress, because it takes considerably more time and ## Privacy Notes -Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://www.extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. +Microsoft Windows, particularly those versions aimed at consumers like the **Home** version often don't prioritize privacy friendly features by [default](https://theguardian.com/technology/2015/jul/31/windows-10-microsoft-faces-criticism-over-privacy-default-settings). As a result we often see more [data collection](https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Telemetry_and_data_collection) than necessary, without any real warnings that this is the default behavior. In an attempt to compete with Google in the advertising space, [Cortana](https://en.wikipedia.org/wiki/Cortana_\(virtual_assistant\)) has included unique identifiers such as an "advertising ID" in order to correlate usage and assist advertisers in targeted advertising. At launch, telemetry could not be disabled in non-enterprise editions of Windows 10. It still cannot be disabled, but Microsoft added the ability to [reduce](https://extremetech.com/computing/243079-upcoming-windows-update-reduces-spying-microsoft-still-mum-data-collects) the data that is sent to them. With Windows 11 there are a number of restrictions or defaults such as: diff --git a/includes/strings.zh-Hant.env b/includes/strings.zh-Hant.env index 29203a3d..c2b65b86 100644 --- a/includes/strings.zh-Hant.env +++ b/includes/strings.zh-Hant.env @@ -17,12 +17,12 @@ HOMEPAGE_RSS_STORIES_LINK="https://share.privacyguides.org/web-stories/feed/" HOMEPAGE_RSS_STORIES_TITLE="Privacy Guides 網路故事 RSS 訂閱" HOMEPAGE_RSS_FORUM_LINK="https://discuss.privacyguides.net/latest.rss" HOMEPAGE_RSS_FORUM_TITLE="最新 Privacy Guides 論壇討論 RSS 訂閱" -HOMEPAGE_HEADER="The collaborative privacy advocacy community." -HOMEPAGE_SUBHEADER="Privacy Guides is a not-for-profit, volunteer-run project that hosts online communities and publishes news and recommendations surrounding privacy and security tools, services, and knowledge." -HOMEPAGE_BUTTON_GET_STARTED_NAME="Start Your Privacy Journey" -HOMEPAGE_BUTTON_GET_STARTED_TITLE="The first step of your privacy journey" -HOMEPAGE_BUTTON_TOOLS_NAME="Recommended Tools" -HOMEPAGE_BUTTON_TOOLS_TITLE="Recommended privacy tools, services, and knowledge" +HOMEPAGE_HEADER="協作隱私倡議社區。" +HOMEPAGE_SUBHEADER="Privacy Guides 是個非營利、由志工驅動的計劃,營運著線上社群、發佈新聞和推薦注重隱私與安全的工具、服務和知識。" +HOMEPAGE_BUTTON_GET_STARTED_NAME="開始您的隱私旅程" +HOMEPAGE_BUTTON_GET_STARTED_TITLE="隱私保護的第一步" +HOMEPAGE_BUTTON_TOOLS_NAME="推薦工具" +HOMEPAGE_BUTTON_TOOLS_TITLE="推薦的隱私工具、服務和知識" NAV_ABOUT="關於" NAV_ADVANCED="進階" NAV_ADVANCED_TOPICS="進階主題"