Warning
+Warnung
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. @@ -225,7 +225,7 @@ Shelter supports blocking contact search cross profiles and sharing files acrossWarning
+Warnung
Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). diff --git a/i18n/de/basics/multi-factor-authentication.md b/i18n/de/basics/multi-factor-authentication.md index 1cf3c9b4..1844c214 100644 --- a/i18n/de/basics/multi-factor-authentication.md +++ b/i18n/de/basics/multi-factor-authentication.md @@ -141,7 +141,7 @@ The command will prevent an adversary from bypassing MFA when the computer boots ### LinuxWarning
+Warnung
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. diff --git a/i18n/de/data-redaction.md b/i18n/de/data-redaction.md index 9268e0b9..32706257 100644 --- a/i18n/de/data-redaction.md +++ b/i18n/de/data-redaction.md @@ -123,7 +123,7 @@ The app offers multiple ways to erase metadata from images. Namely:Warning
+Warnung
You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). diff --git a/i18n/de/desktop-browsers.md b/i18n/de/desktop-browsers.md index 9696f291..aa7b3d27 100644 --- a/i18n/de/desktop-browsers.md +++ b/i18n/de/desktop-browsers.md @@ -134,7 +134,7 @@ Mullvad Browser wird mit DuckDuckGo als Standard [Suchmaschine](search-engines.mWarning
+Warnung
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases). @@ -252,7 +252,7 @@ Brave basiert auf dem Chromium-Webbrowser-Projekt, sollte sich also vertraut anf **macOS users:** The download for Brave Browser from their official website is a `.pkg` installer which requires admin privileges to run (and may run other unnecessary scripts on your machine). As an alternative, you can download the latest `Brave-Browser-universal.dmg` file from their [GitHub releases](https://github.com/brave/brave-browser/releases/latest) page, which provides a traditional "drag to Applications folder" install.Warning
+Warnung
Brave adds a "[referral code](https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes)" to the file name in downloads from the Brave website, which is used to track which source the browser was downloaded from, for example `BRV002` in a download named `Brave-Browser-BRV002.pkg`. The installer will then ping Brave's server with the referral code at the end of the installation process. If you're concerned about this, you can rename the installer file before opening it. diff --git a/i18n/de/desktop.md b/i18n/de/desktop.md index 1fac706b..5dcbeee5 100644 --- a/i18n/de/desktop.md +++ b/i18n/de/desktop.md @@ -168,7 +168,7 @@ Whonix is best used [in conjunction with Qubes](https://whonix.org/wiki/Qubes/WhWarning
+Warnung
Tails [doesn't erase](https://gitlab.tails.boum.org/tails/tails/-/issues/5356) the [video memory](https://en.wikipedia.org/wiki/Dual-ported_video_RAM) when shutting down. When you restart your computer after using Tails, it might briefly display the last screen that was displayed in Tails. If you shut down your computer instead of restarting it, the video memory will erase itself automatically after being unpowered for some time. diff --git a/i18n/de/device-integrity.md b/i18n/de/device-integrity.md index 75b6f7ac..475aba93 100644 --- a/i18n/de/device-integrity.md +++ b/i18n/de/device-integrity.md @@ -82,7 +82,7 @@ These tools can trigger false-positives. If any of these tools finds indicatorsWarning
+Warnung
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. @@ -131,7 +131,7 @@ iMazing automates and interactively guides you through the process of using [MVT These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.Warning
+Warnung
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. @@ -184,7 +184,7 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co These are apps you can install on your device which scan your device for signs of compromise.Warning
+Warnung
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. diff --git a/i18n/de/email-clients.md b/i18n/de/email-clients.md index 8db5bc08..44f92bd1 100644 --- a/i18n/de/email-clients.md +++ b/i18n/de/email-clients.md @@ -108,7 +108,7 @@ Apple Mail has the ability to load remote content in the background or block itWarning
+Warnung
When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). diff --git a/i18n/de/email.md b/i18n/de/email.md index 3b89f3fc..c0475388 100644 --- a/i18n/de/email.md +++ b/i18n/de/email.md @@ -19,7 +19,7 @@ Für alles andere empfehlen wir eine Reihe von E-Mail-Anbietern, die auf nachhal ## OpenPGP-kompatible Dienste -These providers natively support OpenPGP encryption/decryption and the [Web Key Directory standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic E2EE emails. Zum Beispiel können Kunden von Proton Mail eine E2EE-Nachricht an Kunden von Mailbox.org senden oder sie können OpenPGP-verschlüsselte Benachrichtigungen von Internetdiensten erhalten, die dies unterstützen. +Diese Anbieter unterstützen von Haus aus die OpenPGP-Ver- und Entschlüsselung sowie den Web Key Directory Standard, so dass anbieterunabhängige E2E-verschlüsselte E-Mails möglich sind. Zum Beispiel können Kunden von Proton Mail eine E2EE-Nachricht an Kunden von Mailbox.org senden oder sie können OpenPGP-verschlüsselte Benachrichtigungen von Internetdiensten erhalten, die dies unterstützen.Warning
+Warnung
-When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](basics/email-security.md#email-metadata-overview). +Wenn Sie eine E2EE-Technologie wie OpenPGP verwenden, enthält Ihre E-Mail immer noch einige unverschlüsselte Metadaten im Header (Quelltext) der E-Mail, einschließlich der Betreffzeile! Lesen Sie mehr über [E-Mail-Metadaten](basics/email-security.md#email-metadata-overview). -OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) +OpenPGP unterstützt auch keine Forward Secrecy. Das heißt, wenn entweder Ihr privater Schlüssel oder der des Empfängers gestohlen wird, sind alle vorher damit verschlüsselten Nachrichten offen. [Wie schütze ich meine privaten Schlüssel?](basics/email-security.md#how-do-i-protect-my-private-keys)Warning
+Warnung
When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. @@ -103,7 +103,7 @@ You will need to take a few [extra steps](https://gonzoknows.com/posts/Yattee) bWarning
+Warnung
When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. @@ -137,7 +137,7 @@ LibreTube allows you to store your subscription list and playlists locally on yoWarning
+Warnung
When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. @@ -173,7 +173,7 @@ Your subscription list and playlists are saved locally on your Android device. 1. The default instance is [FramaTube](https://framatube.org), however more can be added via **Settings** → **Content** → **PeerTube instances**Warning
+Warnung
When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](tor.md) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. @@ -201,7 +201,7 @@ There are a number of public instances, with some instances having [Tor](tor.md)Warning
+Warnung
Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. diff --git a/i18n/de/index.md b/i18n/de/index.md index ac430a98..c4a11d7f 100644 --- a/i18n/de/index.md +++ b/i18n/de/index.md @@ -46,7 +46,7 @@ schema: Privatsphäre sollte nicht mit Verheimlichen verwechselt werden. Wir wissen, was auf der Toilette passiert, aber machen trotzdem die Tür zu. Das liegt daran, dass du deine Privatsphäre willst, aber nicht unbedingt alles verheimlichen willst. **Alle** haben etwas zu schützen. Privatsphäre ist etwas, das uns zum Menschen macht. -[:material-book-outline: Why Privacy Matters](basics/why-privacy-matters.md){ class="md-button md-button--primary" } +[:material-book-outline: Warum Privatsphäre wichtig ist](basics/why-privacy-matters.md){ class="md-button md-button--primary" } ## Was kann ich tun? diff --git a/i18n/de/meta/admonitions.md b/i18n/de/meta/admonitions.md index d47127e0..f1ee2138 100644 --- a/i18n/de/meta/admonitions.md +++ b/i18n/de/meta/admonitions.md @@ -103,7 +103,7 @@ Lorem ipsum dolor sit amet, consectetur adipiscing elit. #### `warning`Warning
+Warnung
Lorem ipsum dolor sit amet, consectetur adipiscing elit. diff --git a/i18n/de/multi-factor-authentication.md b/i18n/de/multi-factor-authentication.md index ee60af63..47bf0748 100644 --- a/i18n/de/multi-factor-authentication.md +++ b/i18n/de/multi-factor-authentication.md @@ -32,7 +32,7 @@ YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/suppor For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.Warning
+Warnung
The firmware of YubiKey is not open source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. @@ -61,14 +61,14 @@ Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/ For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.Warning
+Warnung
While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP secrets, we highly recommend that you use a YubiKey instead.Warning
+Warnung
Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md index f866b6cb..4cdab114 100644 --- a/i18n/de/os/android-overview.md +++ b/i18n/de/os/android-overview.md @@ -100,7 +100,7 @@ An app may request a permission for a specific feature it has. For example, any [Exodus](https://exodus-privacy.eu.org) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.Warning
+Warnung
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. diff --git a/i18n/de/os/ios-overview.md b/i18n/de/os/ios-overview.md index fa3d3bcf..eab78e7a 100644 --- a/i18n/de/os/ios-overview.md +++ b/i18n/de/os/ios-overview.md @@ -147,7 +147,7 @@ After enabling stolen data protection, [certain actions](https://support.apple.c iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts.Warning
+Warnung
With this setting enabled, someone could intentionally wipe your phone by entering the wrong password many times. Make sure you have proper backups and only enable this setting if you feel comfortable with it. diff --git a/i18n/de/os/macos-overview.md b/i18n/de/os/macos-overview.md index 822bfd40..d177ac61 100644 --- a/i18n/de/os/macos-overview.md +++ b/i18n/de/os/macos-overview.md @@ -157,7 +157,7 @@ macOS employs defense in depth by relying on multiple layers of software and har ### Software SecurityWarning
+Warnung
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general. @@ -182,7 +182,7 @@ System Integrity Protection makes critical file locations read-only to protect a macOS apps downloaded from the App Store are required to be sandboxed usng the [App Sandbox](https://developer.apple.com/documentation/security/app_sandbox).Warning
+Warnung
Software downloaded from outside the official App Store is not required to be sandboxed. You should avoid non-App Store software as much as possible. diff --git a/i18n/de/real-time-communication.md b/i18n/de/real-time-communication.md index 6a1f7de0..18dcb5e4 100644 --- a/i18n/de/real-time-communication.md +++ b/i18n/de/real-time-communication.md @@ -129,7 +129,7 @@ Briar supports forward secrecy[^1] by using the Bramble [Handshake](https://code ## Additional OptionsWarning
+Warnung
These messengers do not have forward secrecy[^1], and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. diff --git a/i18n/de/search-engines.md b/i18n/de/search-engines.md index b1892ece..ea799e46 100644 --- a/i18n/de/search-engines.md +++ b/i18n/de/search-engines.md @@ -98,7 +98,7 @@ Wenn du eine SearXNG-Instanz verwendest, beachte unbedingt deren DatenschutzbestWarning
+Warnung
Startpage beschränkt regelmäßig den Zugang zu seinem Dienst auf bestimmten IP-Adressen, wie IPs, die für VPNs oder Tor reserviert sind. [DuckDuckGo](#duckduckgo) und [Brave Search](#brave-search) sind freundlichere Optionen, wenn dein Bedrohungsmodell das Verbergen deiner IP-Adresse vor dem Suchanbieter erfordert. diff --git a/i18n/sv/advanced/dns-overview.md b/i18n/sv/advanced/dns-overview.md index 2ffb67b2..eccd5da5 100644 --- a/i18n/sv/advanced/dns-overview.md +++ b/i18n/sv/advanced/dns-overview.md @@ -6,7 +6,7 @@ description: The Domain Name System is the "phonebook of the internet," helping The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. -## What is DNS? +## Vad är DNS? When you visit a website, a numerical address is returned. For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned. @@ -55,16 +55,16 @@ Below, we discuss and provide a tutorial to prove what an outside observer may s If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer. -| No. | Time | Source | Destination | Protocol | Length | Info | -| --- | -------- | --------- | ----------- | -------- | ------ | ---------------------------------------------------------------------- | -| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT | -| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT | -| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT | -| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT | +| No. | Time | Source | Destination | Protokoll | Length | Info | +| --- | -------- | --------- | ----------- | --------- | ------ | ---------------------------------------------------------------------- | +| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT | +| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT | +| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT | +| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT | An observer could modify any of these packets. -## What is "encrypted DNS"? +## Vad är "krypterad DNS"? Encrypted DNS can refer to one of a number of protocols, the most common ones being: @@ -114,7 +114,7 @@ In locations where there is internet filtering (or censorship), visiting forbidd When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: -### IP Address +### IP-adress The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides. @@ -279,7 +279,7 @@ Encrypted DNS with a third-party should only be used to get around redirects and [List of recommended DNS servers](../dns.md ""){.md-button} -## What is DNSSEC? +## Vad är DNSSEC? [Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests. diff --git a/i18n/sv/advanced/payments.md b/i18n/sv/advanced/payments.md index 99777425..e03fb474 100644 --- a/i18n/sv/advanced/payments.md +++ b/i18n/sv/advanced/payments.md @@ -33,7 +33,7 @@ When buying gift cards online, there is usually a slight discount. Prepaid cards - [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) -## Virtual Cards +## Virtuella kort Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. diff --git a/i18n/sv/advanced/tor-overview.md b/i18n/sv/advanced/tor-overview.md index e081a794..8c837670 100644 --- a/i18n/sv/advanced/tor-overview.md +++ b/i18n/sv/advanced/tor-overview.md @@ -25,7 +25,7 @@ Connecting directly to Tor will make your connection stand out to any local netw Therefore, you should make an effort to hide your IP address **before** connecting to the Tor network. You can do this by simply connecting to a VPN (through a client installed on your computer) and then accessing [Tor](../tor.md) as normal, through Tor Browser for example. This creates a connection chain like: -- [x] You → VPN → Tor → Internet +- [x] Du → VPN → Tor → Internet From your ISP's perspective, it looks like you're accessing a VPN normally (with the associated cover that provides you). From your VPN's perspective, they can see that you are connecting to the Tor network, but nothing about what websites you're accessing. From Tor's perspective, you're connecting normally, but in the unlikely event of some sort of Tor network compromise, only your VPN's IP would be exposed, and your VPN would *additionally* have to be compromised to deanonymize you. @@ -35,8 +35,8 @@ This is **not** censorship circumvention advice, because if Tor is blocked entir We **very strongly discourage** combining Tor with a VPN in any other manner. Do not configure your connection in a way which resembles any of the following: -- You → Tor → VPN → Internet -- You → VPN → Tor → VPN → Internet +- Du → Tor → VPN → Internet +- Du → VPN → Tor → VPN → Internet - Any other configuration Some VPN providers and other publications will occasionally recommend these **bad** configurations to evade Tor bans (exit nodes being blocked by websites) in some places. [Normally](https://support.torproject.org/#about_change-paths), Tor frequently changes your circuit path through the network. When you choose a permanent *destination* VPN (connecting to a VPN server *after* Tor), you're eliminating this advantage and drastically harming your anonymity. @@ -133,7 +133,7 @@ Connecting to an Onion Service in Tor works very similarly to connecting to a cl