privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-08-25 07:39:15 +00:00
Code Activity

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot
2023-04-11 17:41:10 +00:00
parent a0707ccc54
commit fa99d5df46
1976 changed files with 243497 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
i18n/zh/404.md Normal file
View File

@@ -0,0 +1,19 @@
---
hide:
- 反馈
meta:
-
property: "机器人"
content: "索引nofollow"
---
# 404 - 页面不存在
我们找不到你请求的页面! 或许你是在找这些吗?
- [威胁模型分析简介](basics/threat-modeling.md)
- [推荐的DNS提供商](dns.md)
- [最好的桌面浏览器](desktop-browsers.md)
- [最好的VPN提供商](vpn.md)
- [Privacy Guides论坛](https://discuss.privacyguides.net)
- [我们的博客](https://blog.privacyguides.org)

53
i18n/zh/CODE_OF_CONDUCT.md Normal file
View File

@@ -0,0 +1,53 @@
# Community Code of Conduct
**We pledge** to make our community a harassment-free experience for everyone.
**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others.
**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment.
## Community Standards
What we expect from members of our communities:
1. **Don't spread misinformation**
We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
1. **Don't abuse our willingness to help**
Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/).
1. **Behave in a positive and constructive manner**
Examples of behavior that contributes to a positive environment for our community include:
- Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
- Focusing on what is best not just for us as individuals, but for the overall community
### Unacceptable Behavior
The following behaviors are considered harassment and are unacceptable within our community:
- The use of sexualized language or imagery, and sexual attention or advances of any kind
- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or email address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
## Scope
Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities.
We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion.
### Contact
If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system.
If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`.
All community leaders are obligated to respect the privacy and security of the reporter of any incident.

40
i18n/zh/about/criteria.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: 通用标准
---
!!! 示例“正在进行的工作”
以下页面是一项正在进行的工作,目前并不反映我们建议的全部标准。 过去关于这个主题的讨论。[#24](https://github.com/privacyguides/privacyguides.org/discussions/24)
以下是一些必须适用于所有提交给隐私指南的事项。 每个类别都会有额外的纳入要求。
## 财务披露
我们不通过推荐某些产品赚钱,我们不使用联盟链接,我们也不为项目捐赠者提供特殊考虑。
## 一般准则
我们在考虑新的建议时采用这些优先事项。
- **安全**:工具应该在适用的地方遵循安全的最佳做法。
- **来源的可用性**: 开放源码项目通常比同等的专有替代品更受欢迎。
- **跨平台**:我们通常倾向于建议跨平台,以避免厂商锁定。
- **积极开发**:我们推荐的工具应该积极开发,未维护的项目在大多数情况下会被删除。
- **可用性**:工具应该是大多数计算机用户可以使用的,不应该要求有过度的技术背景。
- **文档化**:工具应该有明确和广泛的使用文档。
## 开发商自行提交的资料
我们对希望提交其项目或软件供审议的开发者有这些要求。
- 必须披露隶属关系,即您在提交的项目中的职位。
- 如果是涉及处理敏感信息的项目,如信使、密码管理器、加密的云存储等,必须有一份安全白皮书。
- 第三方审计情况。 我们想知道你是否有一个或计划了一个。 如果可能,请说明谁将进行审计。
- 必须解释该项目在隐私方面带来了什么。
- 它是否解决了任何新问题?
- 为什么有人要使用它而不是其他的东西呢?
- 必须说明其项目的确切威胁模式是什么。
- 潜在的用户应该清楚地知道该项目能提供什么,以及不能提供什么。

50
i18n/zh/about/donate.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: 支持我们
---
<!-- markdownlint-disable MD036 -->
需要大量的 [](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 和 [工作](https://github.com/privacyguides/privacyguides.org/pulse/monthly) ,以保持《隐私指南》的更新和传播有关隐私和大规模监控的信息。 如果你喜欢我们的工作,帮助我们的最好方式是通过参与 [编辑网站](https://github.com/privacyguides/privacyguides.org) 或 [贡献翻译](https://crowdin.com/project/privacyguides)。
如果你想在经济上支持我们对我们来说最方便的方法是通过Open Collective捐款这是一个由我们的财政主机运营的网站。 Open Collective接受通过信用卡/借记卡、PayPal和银行转账付款。
[在OpenCollective.com上捐款](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary}
在美国直接捐给我们Open Collective的捐款通常是可以免税的因为我们的财政主机Open Collective基金会是一个注册的501c3组织。 捐赠后,你会收到开放集体基金会的收据。 《隐私指南》不提供财务建议,你应该联系你的税务顾问,了解这是否适用于你。
如果你已经利用了GitHub的赞助你也可以在那里赞助我们的组织。
[在GitHub上赞助我们](https://github.com/sponsors/privacyguides ""){.md-button}
## 支持者
特别感谢所有支持我们任务的人! :heart:
*请注意本节直接从Open Collective加载一个小部件。 这一部分并不反映在Open Collective之外的捐赠我们也无法控制这一部分中的具体捐赠者。*
<script src="https://opencollective.com/privacyguides/banner.js"></script>
## 我们如何使用捐赠费
隐私指南是一个 **非营利性** 组织。 我们将捐款用于各种目的,包括。
**域名注册**
:
我们有一些域名,如 `privacyguides.org` 这些域名每年花费我们约10美元来维护其注册。
**虚拟主机**
:
本网站的流量每月使用数百千兆字节的数据,我们使用各种服务提供商来跟上这种流量。
**在线服务**
:
我们的主机 [互联网服务](https://privacyguides.net) ,用于测试和展示我们喜欢的不同隐私产品, [推荐](../tools.md)。 其中一些是公开提供给我们社区使用的SearXNG、Tor等一些是提供给我们的团队成员的电子邮件等
**购买商品**
:
我们偶尔会购买产品和服务,以测试我们 [推荐的工具](../tools.md)。
我们仍在与我们的财政主机Open Collective Foundation合作以接收加密货币捐款目前对于许多较小的交易来说会计是不可行的但这在未来应该会改变。 同时,如果您希望进行大额(> $100)加密货币捐赠,请联系 [jonah@privacyguides.org](mailto:jonah@privacyguides.org)。

102
i18n/zh/about/index.md Normal file
View File

@@ -0,0 +1,102 @@
---
title: "关于隐私指南(Privacy Guides)"
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
schema:
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
---
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. 我们是一个非营利性的集体,完全由志愿者 [团队成员](https://discuss.privacyguides.net/g/team) 和贡献者运作。 Our website is free of advertisements and not affiliated with any of the listed providers.
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that arent run by the big tech companies.
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], [NPO Radio 1](https://www.nporadio1.nl/nieuws/binnenland/8eaff3a2-8b29-4f63-9b74-36d2b28b1fe1/ooit-online-eens-wat-doms-geplaatst-ga-jezelf-eens-googlen-en-kijk-dan-wat-je-tegenkomt), and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
## History
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
## 我们的团队
??? person "@jonah"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/jonah)
- [:simple-github: GitHub](https://github.com/jonaharagon "@jonaharagon")
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me}
- [:fontawesome-solid-house: 主页](https://www.jonaharagon.com)
??? person "@niek-de-wilde"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/Niek-de-Wilde)
- [:simple-github: GitHub](https://github.com/blacklight447 "@blacklight447")
- [:simple-mastodon: Mastodon](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me}
??? person "@dngray"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/dngray)
- [:simple-github: GitHub](https://github.com/dngray "@dngray")
- [:simple-mastodon: Mastodon](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me}
- [:fontawesome-solid-envelope: 电子邮件](mailto:dngray@privacyguides.org)
??? person "@freddy"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy)
- [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m")
- [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me}
- [:fontawesome-solid-envelope: 电子邮件](mailto:freddy@privacyguides.org)
- [:fontawesome-solid-house: 主页](https://freddy.omg.lol)
??? person "@mfwmyfacewhen"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen)
- [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen")
- [:fontawesome-solid-house: 主页](https://mfw.omg.lol)
??? person "@olivia"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/olivia)
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States.
## 网站许可证
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
除非另有说明,否则本网站上的所有内容均根据 [Creative Commons Attribution-NoDerivatives 4.0国际公共许可证](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)的条款提供。 这意味着你可以自由地以任何媒介或形式复制和重新分发材料,用于任何目的,甚至是商业目的;只要你适当地注明 `隐私指南www.privacyguides.org` ,并提供许可证的链接。 您可以以任何合理的方式这样做,但不得以任何方式暗示隐私指南认可您或您的使用。 如果您重构、转换或建立在此网站的内容,您可能无法分发修改过的材料。
设立这个许可证是为了防止人们在不给予适当信用的情况下分享我们的作品,并防止人们以可能被用来误导的方式修改我们的作品。 如果你觉得这个许可证的条款对你正在进行的项目来说限制性太大,请与我们联系: `jonah@privacyguides.org`。 我们很高兴为隐私领域的善意项目提供替代的许可选项

50
i18n/zh/about/notices.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "Notices and Disclaimers"
---
## 法律声明
隐私指南不是律师事务所。 因此,隐私指南网站和撰稿人并不提供法律意见。 我们网站和指南中的材料和建议不构成法律意见,也不会为网站做出贡献或就我们网站与隐私指南或其他贡献者进行沟通,从而建立律师-客户关系。
与任何人类努力一样,运行此网站都涉及不确定性和权衡。 我们希望这个网站有所帮助,但它可能包含错误,无法解决所有问题。 如果您对自己的情况有任何疑问,我们建议您自己进行研究,寻求其他专家,并与隐私指南社区进行讨论。 如果您有任何法律问题,请先咨询您自己的法律顾问,然后再继续。
隐私指南是一个开放源码项目,根据许可证做出贡献,其中包括为了保护网站及其贡献者,明确规定隐私指南项目和网站可“按原样”提供,不提供保证,并且不对使用网站或网站中的任何建议所造成的损害承担责任。 此外, 隐私指南不保证、不代表使用本网站、或其他与资料相关,或任何关联本网站的其他网站上资料的准确性,可能导致的结果或可靠性。
此外,隐私指南不保证本网站将始终可用或完全可用。
## Licensing Overview
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
Unless otherwise noted, all **content** on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). The underlying **source code** used to generate this website and display that content is released under the [MIT License](https://github.com/privacyguides/privacyguides.org/tree/main/LICENSE-CODE).
这不包括嵌入此存储库的第三方代码,也不包括其他标注了替代许可证的代码。 以下是一些值得注意的例子,但这一清单可能不包括所有方面:
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
这意味着您可以根据Creative Commons Attribution-NoDerivatives 4.0国际公共许可证文本中列出的条款,将此存储库中的可读内容用于您自己的项目。 您可以以任何合理的方式这样做,但不得以任何方式暗示隐私指南认可您或您的使用。 **未经本项目的明确批准,您 **,不得在您自己的项目中使用隐私指南的品牌。 隐私指南的品牌商标包括“隐私指南”字样和盾形标志。
我们认为从第三方提供商获得的 `资产` 中的标志和其他图像属于公共领域或 **合理使用**。 简而言之,法律 [公正使用原则](https://www.copyright.gov/fair-use/more-info.html) 允许使用受版权保护的图像来识别主题,以供公众评论。 然而,在一个或多个司法管辖区,这些徽标和其他图像仍可能受商标法的约束。 在使用此内容之前,请确保其用于识别拥有商标的实体或组织,并且根据适用于您预期使用情况的法律,您有权使用商标。 *从本网站复制内容时,您应自行负责确保您不侵犯他人的商标或版权。*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
## 可接受用途
您不得以任何方式使用本网站,造成或可能造成对本网站的损害或损害隐私指南的可用性或可访问性,或以任何非法、非法、欺诈、有害或与任何非法、非法、欺诈或有害目的或活动相关的方式使用本网站。
未经明确的书面同意,您不得在本网站上或与本网站相关进行任何系统或自动化的数据收集活动,包括:
* 过多的自动扫描
* 拒绝服务攻击
* Scraping
* 数据挖掘
* 'Framing' (IFrames)
---
*本通知本身的部分内容来自GitHub上的 [openensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) 。 That resource and this page itself are released under [CC-BY-4.0](https://creativecommons.org/licenses/by-sa/4.0/).*

61
i18n/zh/about/privacy-policy.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: "隐私政策"
---
隐私指南是一个社区项目,由一些活跃的志愿者贡献者运营。 团队成员的公开列表 [可在GitHub](https://github.com/orgs/privacyguides/people)上找到。
## 我们从访客那里收集的数据
我们非常重视网站访问者的隐私,因此我们不会跟踪任何个人。 作为我们网站的访问者:
- 未收集任何个人信息
- 浏览器中不储存诸如Cookies之类的信息
- 不与第三方共享、发送或出售任何信息
- 没有与广告公司共享任何信息
- 没有挖掘和收集有关个人和行为趋势的信息
- 没有信息被货币化
你可以在我们的 [统计](statistics.md) 页面上查看我们收集的数据。
我们运行 [Plausible Analytics (分析)](https://plausible.io) 的自托管安装,以收集一些匿名使用数据,用于统计目的。 我们的目标是跟踪网站流量的总体趋势,而不是跟踪个人访问者。 所有数据仅为汇总数据。 没有收集任何个人数据。
收集的数据包括推荐来源、首页、访问持续时间、访问期间使用的设备信息(设备类型、操作系统、国家/地区和浏览器)等。 您可以在此处了解有关Plausible如何以尊重隐私的方式工作和收集信息的更多信息 [](https://plausible.io/data-policy).
## 我们从账户持有人处收集的数据
在我们提供的某些网站和服务中,许多功能可能需要帐户。 例如,可能需要帐户在论坛平台上发布和回复主题。
要注册大多数帐户,我们将收集姓名、用户名、电子邮件和密码。 如果网站需要的信息不仅仅是该数据,则会在每个网站的单独隐私声明中清晰标记和注明该信息。
我们使用您的帐户数据在网站上识别您的身份,并创建专门针对您的页面,例如您的个人资料页面。 我们还将使用您的帐户数据在我们的服务上为您发布公开个人资料。
我们使用您的电子邮件:
- 通知您网站或服务上的帖子和其他活动。
- 重置密码,确保账号安全。
- 在与您的账号相关的特殊情况下与您联系。
- 就法律要求如DMCA删除请求与您联系。
在一些网站和服务上,你可以为你的账户提供额外的信息,如简短的传记、头像、你的位置或你的生日。 我们将这些信息提供给每个可以访问有关网站或服务的人。 使用我们的任何服务都不需要这些信息,而且可以在任何时候删除。
只要你的账户仍然开放,我们就会储存你的账户数据。 关闭账户后我们可能会以备份或存档的形式保留您的部分或全部账户数据最长时间为90天。
## 联系我们
隐私指南团队通常不能访问个人数据,除了通过一些修改面板授予的有限访问权。 有关您的个人信息的询问应直接发送至。
```text
Jonah Aragon
服务管理员
jonah@privacyguides.org
```
对于所有其他查询,你可以联系我们团队的任何成员。
For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use.
## 关于本政策
我们将 [在此发布](privacy-policy.md)本声明的新版本。 我们可能会更改此文档未来版本中更改公告的方式。 在此期间,我们可以随时更新我们的联系信息,而不会宣布更改。 请随时参阅 [隐私政策](privacy-policy.md) ,了解最新的联系信息。
本页的完整修订版 [历史](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) 可在GitHub上找到。

143
i18n/zh/about/privacytools.md Normal file
View File

@@ -0,0 +1,143 @@
---
title: "隐私工具常见问题"
---
# 我们为什么从隐私工具转向隐私指南
2021年9月每个活跃的贡献者都一致同意从隐私工具转到这个网站工作隐私指南。 之所以做出此决定是因为PrivacyTools的创始人和域名控制者已消失很长一段时间无法与之联系。
在PrivacyTools.io上构建了一个信誉良好的网站和服务这对隐私工具的未来造成了严重打击因为任何未来的意外都可能在没有恢复方法的情况下毁灭整个组织。 这种转变在几个月前通过包括博客、Twitter、Reddit和Mastodon在内的各种渠道传达给隐私工具社区以确保整个过程尽可能顺利进行。 我们这样做是为了确保没有人被蒙在鼓里,这也是我们团队成立以来的工作方式,同时也是为了确保隐私指南被公认为与转型前的隐私工具一样的可靠组织。
在组织搬迁完成后,隐私工具的创始人回来了,并开始传播关于隐私指南项目的错误信息。 他们除了继续传播错误信息外还在PrivacyTools域名上经营一个付费链接农场。 我们创建这个页面是为了澄清误解。
## 什么是隐私工具?
PrivacyTools由“BurungHantu”于2015年创立他希望在斯诺登揭露事件后创造一个隐私信息资源--实用的工具。 该网站发展成为一个蓬勃发展的开源项目,有 [个众多贡献者](https://github.com/privacytools/privacytools.io/graphs/contributors)其中一些最终承担了各种组织责任例如运营Matrix和Mastodon等在线服务管理和审查GitHub网站的变化为该项目寻找赞助商撰写博客文章以及运营Twitter等社交媒体外联平台等。
从2019年开始 BurungHantu越来越远离网站和社区的积极发展并开始延迟与我们运营的服务器相关的付款。 为了避免我们的系统管理员自掏腰包支付服务器费用我们将网站上列出的捐赠方式从BurungHantu的个人PayPal和加密货币账户改为新的OpenCollective页面 [2019年10月31日](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/)。 这具有额外的好处使我们的财务完全透明我们坚信这一价值并且在美国可以免税因为它们由开放集体基金会501 (c) 3持有。 这一变动得到了团队的一致同意,没有引起争议。
## 我们为什么要继续前进
2020年 BurungHantu的缺席变得更加明显。 有一次,我们要求将该域名的名称服务器改为由我们的系统管理员控制的名称服务器,以避免未来的中断,而这一改变在最初的要求后一个多月才完成。 他在Matrix的公共聊天室和私人团队聊天室里一连消失了好几个月偶尔会突然出现给一些小的反馈或者承诺会更加活跃然后再次消失。
2020年10月PrivacyTools 系统管理员 (Jonah) [因这些困难离开了](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) 这个项目,将控制权交给另一个长期贡献者。 </em> Jonah一直在操作几乎所有的PrivacyTools服务并在BurungHantu不在的情况下担任 *事实上的网站开发项目负责人,因此他的离开对组织来说是一个重大变化。 当时由于这些重大的组织变化BurungHantu向剩余的团队承诺他将回来控制这个项目的发展。 在接下来的几个月里, PrivacyTools团队通过几种沟通方式进行了联系但没有收到任何回复。</p>
## 域名可靠性
2021年初PrivacyTools团队对项目的未来越来越担心因为域名将在2021年3月1日到期。 该域名最终由BurungHantu更新没有发表评论。
团队的担忧没有得到解决,我们意识到这将是每年的一个问题。如果域名过期,就会让它被占用者或垃圾邮件发送者窃取,从而毁掉该组织的声誉。 我们也很难联系到社区,让他们了解所发生的事情。
在没有与BurungHantu进行任何接触的情况下我们决定最好的行动方案是在我们仍能保证对旧域名的控制权的情况下在2022年3月之前的某个时候转移到一个新的域名。 这样我们就能干净地将所有的PrivacyTools资源重定向到新的网站而不会出现任何服务中断的情况。 这个决定是提前好几个月做出的并传达给了整个团队希望BurungHantu能够伸出援手保证他继续支持这个项目因为有了一个可识别的品牌名称和庞大的网上社区从 "PrivacyTools "转移出去是最不可取的结果。
在2021年中期PrivacyTools团队联系了乔纳他同意重新加入团队帮助完成过渡。
## 社区呼吁行动
</a> 在2021年7月底我们
通知PrivacyTools社区我们打算选择一个新的名字并在一个新的域名上继续项目将在2022年8月2日选择 [](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw)。 最后,"Privacy Guides "被选中, `privacyguides.org` 域名已经被Jonah拥有用于2020年的一个副业项目但没有得到发展。</p>
## 控制r/privacytoolsIO
在privacytools.io网站出现问题的同时r/privacytoolsIO的管理团队也面临着管理该子版块的挑战。 该子版块一直以来都是基本独立于网站发展的但BurungHantu也是该子版块的主要版主而且他是唯一被授予 "完全控制 "特权的版主。 u/trai_dep是当时唯一活跃的版主 [在2021年6月28日向Reddit的管理员发布了](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) 要求获得主要版主职位和完全控制权限以便对Subreddit进行必要的修改。
Reddit要求子版块有活跃的版主。 如果主版主长时间不活动(如一年),主版主的位置可以重新任命给下一个版主。 为了使这一请求得到批准BurungHantu必须在很长一段时间内完全不参与所有Reddit活动这与他在其他平台上的行为是一致的。
> 如果你通过Reddit请求被撤掉了子版块的版主那是因为你缺乏回应和缺乏活动使该子版块有资格进行r/redditrequest转移。
>
> r/redditrequest是Reddit确保社区有积极的版主的方式是 [版主行为准则的一部分](https://www.redditinc.com/policies/moderator-code-of-conduct)。
## 开始过渡
2021年9月14日我们 [,宣布](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) ,开始迁移到这个新领域。
> [...] 我们发现有必要尽早进行这一转换,以确保人们尽快发现这一过渡。 这给了我们足够的时间来过渡域名目前正在重定向到www.privacyguides.org并希望给每个人足够的时间来注意这一变化更新书签和网站等。
这一变化 [,需要:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/)
- 重定向 www.privacytools.io 到 [www.privacyguides.org](https://www.privacyguides.org)。
- 在GitHub上存档源代码以保存我们过去的工作和问题跟踪器我们继续使用该网站未来几个月的开发。
- 在我们的subreddit和其他各种社区发布公告告知人们官方的变化。
- 正式关闭privacytools.io服务如Matrix和Mastodon并鼓励现有用户尽快迁移。
事情似乎进行得很顺利,我们活跃的社区中的大多数人都完全按照我们的希望转换到我们的新项目。
## 后续事件
在过渡期后的大约一周BurungHantu在近一年来首次回到了网上然而我们团队中没有人愿意回到PrivacyTools因为他历来不可靠。 他没有为自己的长期缺席道歉,而是立即展开攻势,将向隐私指南的过渡定位为对他和他的项目的攻击。 随后,当社区指出他缺席并放弃了这个项目时,他 [,删除了](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) ,其中许多帖子。
此时BurungHantu声称他想继续自己的privacytools.io的工作并要求我们删除从www.privacytools.io 到 [www.privacyguides.org](https://www.privacyguides.org)的重定向。 我们答应了他的请求并要求他保持Matrix、Mastodon和PeerTube的子域名的活跃性以便我们作为一项公共服务在社区内运行至少几个月以便让这些平台上的用户能够轻松地迁移到其他账户。 由于我们所提供的服务的联合性质,它们与特定的域名联系在一起,使得迁移非常困难(在某些情况下不可能迁移)。
</a> 不幸的是由于r/privacytoolsIO子版块的控制权没有按照BurungHantu的要求归还他进一步信息见下文这些子版块在10月初被 ,终止了任何仍在使用这些服务的用户的迁移可能性。</p>
在这之后BurungHantu对Jonah从项目中窃取捐款提出了不实指控。 BurungHantu在所谓的事件发生后有一年多的时间但他从未让任何人知道直到隐私指南迁移之后。 BurungHantu多次被要求提供证据并要求团队 [和社区](https://twitter.com/TommyTran732/status/1526153536962281474),对其沉默的原因进行评论,但他没有这样做。
BurungHantu还在Twitter上发了一篇 [的帖子](https://twitter.com/privacytoolsIO/status/1510560676967710728) 声称一名“律师”在Twitter上与他联系并提供建议再次试图欺负我们让他控制我们的subreddit ,并作为他的诽谤运动的一部分,在假装成为受害者的同时,搅乱了隐私指南发布周围的水域。
## PrivacyTools.io的现状
截至2022年9月25日我们看到BurungHantu的整体计划在privacytools.io上实现而这正是我们今天决定创建这个解释页的原因。 他运营的网站似乎是该网站的SEO优化版本该网站推荐工具以换取经济补偿。 [最近IVPN和Mullvad这两个VPN供应商几乎被隐私社区普遍推荐为](../vpn.md) 并因其反对联盟计划的立场而备受关注被从PrivacyTools中删除。 在他们的位置上? NordVPN、Surfshark、ExpressVPN和hide.me巨大的VPN公司拥有不值得信赖的平台和商业行为因其积极的营销和联盟计划而臭名昭著。
==**PrivacyTools正是成为了我们 [在2019年的PrivacyTools博客上警告过的那种网站](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) 。**== 自转型以来我们一直试图与PrivacyTools保持距离但他们对我们项目的持续骚扰以及现在对他们的品牌在6年的开源贡献中获得的信誉的荒谬滥用令我们感到非常不安。 我们这些真正为隐私而战的人并不是在相互斗争,也不是从出价最高的人那里得到我们的建议。
## r/privacytoolsIO 的现状
</a> 在推出 [r/PrivacyGuides](https://www.reddit.com/r/privacyguides)让u/trai_dep继续主持这两个子版块是不现实的在社区同意过渡的情况下r/privacytoolsIO在2021年11月1日的帖子中被 ,成为一个受限制的子版块。</p>
> [...] 该小组的成长是PrivacyGuides.org团队数年来努力的结果。 还有你们每一个人。
>
> 一个Subreddit需要大量的工作来管理和调节。 就像一个花园一样,它需要耐心的照料和日常护理。 这不是一个适合放荡不羁的人或有承诺问题的人的任务。 它不可能在一个抛弃了它好几年的园丁手下茁壮成长,然后出现在那里要求今年的收获作为他们的贡品。 这对多年前组建的团队是不公平的。 这对你不公平。 [...]
子版块不属于任何人,尤其不属于品牌持有人。 他们属于自己的社区而社区及其版主做出了支持移至r/PrivacyGuides的决定。
</a> 在此后的几个月里BurungHantu威胁并乞求将subreddit的控制权归还给他的账户 违反了Reddit的规则。</p>
> 不允许任何版主对删除请求进行报复。
对于一个拥有数千名剩余用户的社区来说,我们觉得把这个庞大的平台的控制权还给那个抛弃了它一年多的人,而且他现在经营着一个我们认为提供非常低质量信息的网站,这将是非常不尊重的。 对我们来说保留该社区过去多年的讨论更为重要因此u/trai_dep和其他子版块的管理团队做出决定保持r/privacytoolsIO的现状。
## OpenCollective Now
我们的筹款平台OpenCollective是另一个争论的焦点。 我们的立场是OpenCollective是由我们的团队建立的并由我们的团队管理以资助我们目前经营的服务而PrivacyTools不再做这些。 </a> 我们 ,就我们转向隐私指南的问题向所有的捐赠者进行了宣传,我们得到了赞助商和社区的一致支持。</p>
因此OpenCollective中的资金属于Privacy Guides它们被赋予了我们的项目而不是一个知名域名的所有者。 在2021年9月17日向捐赠者发布的公告中我们向任何不同意我们立场的捐赠者提供退款但没有人接受这一提议。
> 如果任何赞助商或支持者不同意或觉得被最近的这些事件误导并希望在这些极不寻常的情况下要求退款请通过电子邮件与我们的项目管理员联系jonah@triplebit.net。
## 延伸阅读
这个话题已经在我们社区的不同地方进行了广泛的讨论,而且似乎大多数人在阅读这个页面时都已经熟悉了导致转向隐私指南的事件。 我们以前关于这个问题的一些帖子可能有额外的细节,为了简洁起见,我们在这里省略了。 为了完整起见,它们已被链接到下面。
- [2021年6月28日请求控制r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/)
- [2021年7月27日在PrivacyTools博客上宣布了我们的搬迁意向由团队撰写](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/)
- [2021年9月13日在r/privacytoolsIO上宣布我们开始过渡到隐私指南。](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/)
- [2021年9月17日Jonah在OpenCollective上发布的公告](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides)
- [2021 年9月30日Twitter 主题详细介绍了本页上描述的大部分事件](https://twitter.com/privacy_guides/status/1443633412800225280)
- [2021年10月1日u/dng99发帖指出子域名失败。](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/)
- [2022年4月2日u/dng99对PrivacyTools的指责性博文的回应](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
- [2022年5月16日由@TommyTran732在Twitter上回应](https://twitter.com/TommyTran732/status/1526153497984618496)
- [2022年9月3日在Techlore的论坛上发表的帖子@dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)

38
i18n/zh/about/services.md Normal file
View File

@@ -0,0 +1,38 @@
# 隐私指南服务
我们运行一些网络服务来测试功能,并推广很酷的去中心化、联盟化和/或开源项目。 这些服务中有许多是向公众提供的,详情如下。
[:material-comment-alert: 报告问题](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary}
## 论坛
- 域名: [discuss.privacyguides.net](https://discuss.privacyguides.net)
- 可用性:公开的
- 来源: [github.com/discourse/discourse](https://github.com/discourse/discourse)
## Gitea
- 域名: [code.privacyguides.dev](https://code.privacyguides.dev)
- 可用性。仅限邀请
,任何从事 *《隐私指南》*相关开发或内容的团队可应要求获得访问权。
- 来源: [snapcraft.io/gitea](https://snapcraft.io/gitea)
## Matrix
- 域名: [matrix.privacyguides.org](https://matrix.privacyguides.org)
- 可用性。仅限邀请
可根据要求将访问权授予Privacy Guides团队成员、Matrix版主、第三方Matrix社区管理员、Matrix机器人操作员以及其他需要可靠Matrix存在的个人。
- 来源: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
## SearXNG
- 域名: [search.privacyguides.net](https://search.privacyguides.net)
- 可用性:公开的
- 来源: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker)
## Invidious
- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net)
- Availability: Semi-Public
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)

61
i18n/zh/about/statistics.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: 流量统计
---
## 网站统计
<iframe plausible-embed src="https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="plausibleFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">统计资料由 <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics提供</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>
## 博客统计
<iframe plausible-embed src="https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="blogFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">统计资料由 <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics提供</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>

104
i18n/zh/advanced/communication-network-types.md Normal file
View File

@@ -0,0 +1,104 @@
---
title: "通信网络类型"
icon: 'material/transit-connection-variant'
description: An overview of several network architectures commonly used by instant messaging applications.
---
有几种网络架构常用于人与人之间的信息传递。 这些网络可以提供不同的隐私保证,这就是为什么在决定使用哪种应用程序时,应该考虑你的 [威胁模型](../basics/threat-modeling.md)。
[推荐的即时通讯工具](../real-time-communication.md ""){.md-button}
## 集中式网络
![集中式网络示意图](../assets/img/layout/network-centralized.svg){ align=left }
集中式通讯软件是指所有参与者都在同一服务器或由同一组织控制的服务器网络上。
一些自托管通讯软件允许您设置自己的服务器。 自托管可以提供额外的隐私保证,例如没有使用日志或对元数据(关于谁与谁交谈的数据)的访问限制。 自我托管的集中式通讯是孤立的,所有人都必须在同一个服务器上进行交流。
**优点:**
- 新的功能和更改可以更快地实施。
- 更容易开始使用和寻找联系人。
- 成熟和稳定的功能生态系统,因为它们集成于一套体系。
- 当您选择自托管服务器时,隐私问题能缓解不少。
**缺点**
- 可以包括 [访问限制和审查](https://drewdevault.com/2018/08/08/Signal.html)。 这可能包括以下内容:
- 封禁将可能提供更灵活的定制或更好的体验的[第三方客户端](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165)。 通常在使用条款和条件中定义。
- 为第三方开发者提供的文件很差或没有。
- 当单个实体控制服务时,[所有权](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/),隐私政策和服务的行为很容易改变,可能会在以后危及服务。
- 自托管需要耐心和知识。
## 联邦网络
![联邦网络示意图](../assets/img/layout/network-decentralized.svg){ align=left }
联邦网络使用多个独立的去中心化服务器,这些服务器能够相互通信(例如电子邮件)。 联邦允许系统管理员控制自己的服务器,并且仍然是更大的网络的一部分。
自托管时,联合服务器的成员可以发现其他服务器的成员并与其进行通信,尽管某些服务器可以选择通过不联邦化(例如工作团队服务器)来保持私密性。
**优点:**
- 允许在运行自己的服务器时更好地控制自己的数据。
- 允许您通过在多个“公共”服务器之间选择信任谁。
- 通常允许第三方客户端提供更原生、定制或可访问的体验。
- 可以验证服务器与公共源代码匹配,假设您有权访问服务器或您信任这样做的人(例如,家庭成员)。
**缺点**
- 添加新功能更加复杂,因为这些功能需要进行标准化和测试,以确保网络上的所有服务器都能一起使用。
- 由于前一点,与集中式平台相比,功能可能缺乏,不完整或以意想不到的方式工作,例如脱机或消息删除时的消息中继。
- 一些元数据可能是泄漏的(例如,像 "谁在和谁说话 "这样的信息但如果使用E2EE则没有实际的消息内容
- 通常需要信任服务器的管理员。 他们可能是业余爱好者,也可能不是“安全专业人士” ,并且可能不会提供标准文档,如隐私政策或服务条款,详细说明如何使用您的数据。
- 因为其他服务器的滥用行为或违反了公认的行为的一般规则,服务器管理员有时会选择封锁其他服务器 这会妨碍您与这些服务器的成员进行通信。
## 点对点网络
![P2P网络示意图](../assets/img/layout/network-distributed.svg){ align=left }
点对点聊天软件连接到一个由节点组成的 [分布式网络](https://en.wikipedia.org/wiki/Distributed_networking) ,在没有第三方服务器的情况下将信息转发给收件人。
客户端(对等节点)通常通过使用 [分布式网络](https://en.wikipedia.org/wiki/Distributed_computing) 找到对方。 这方面的例子包括 [分布式哈希表](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT),由 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 等使用。 另一种方法是基于近距离的网络通过WiFi或蓝牙建立连接例如Briar或 [Scuttlebutt](https://www.scuttlebutt.nz) 社交网络协议)。
一旦一个节点通过这些方法中的任何一种找到了通往其联系人的路线,它们之间就会建立直接连接。 虽然信息通常是加密的,但观察者仍然可以推断出发件人和收件人的位置和身份。
P2P网络不使用服务器因为节点之间直接通信因此不存在自我托管。 不过,一些附加服务可能依赖于集中式服务器,例如用户发现或中继离线消息,自托管对此仍有帮助。
**优点:**
- 很小的第三方暴露。
- 现代P2P平台默认端对端加密。 与集中式和联邦式模式不同,没有任何服务器可能会拦截和解密你的信息。
**缺点**
- 缺少很多特性:
- 消息只有在两个节点都在线时才能发送,然而,你的客户端可以将消息存储在本地,以等待联系人重新上线。
- 通常会增加移动设备的电池用量,因为客户端必须保持与分布式网络的连接,以了解联系人的在线情况。
- 某些常见的Messenger功能可能没有实现或不完整例如消息删除。
- 如果你不与 [VPN](../vpn.md) 或 [Tor](../tor.md)结合使用该软件你的IP地址和与你通信的联系人的IP地址可能会被暴露。 许多国家都有某种形式的大规模监控或元数据保留。
## 匿名路由
![匿名网络示意图](../assets/img/layout/network-anonymous-routing.svg){ align=left }
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的Messenger隐藏发送方、接收方的身份或他们一直在通信的证据。 理想情况下Messenger应该将这三者都隐藏起来。
有 [许多](https://doi.org/10.1145/3182658) 不同的方法来实现匿名网络。 其中最著名的是
洋葱路由 (即 [Tor](tor-overview.md)),它通过一个强加密的 [覆盖网络](https://en.wikipedia.org/wiki/Overlay_network) ,隐藏每个节点的位置以及每个信息的接收者和发送者来通信。 发件人和收件人从不直接交互只通过一个秘密的会合节点会面这样就不会泄露IP地址或物理位置。 节点不能解密信息,也不能解密最终目的地;只有收件人可以。 每个中间节点只能解密一部分,表明下一步将把仍然加密的信息发送到哪里,直到它到达可以完全解密的收件人那里,因此命名为 "洋葱路由"。</p>
在匿名网络中自托管一个节点并不为托管者提供额外的隐私,而是有助于整个网络对识别攻击的抗性,对每个人都有好处。
**优点:**
- 最小第三方暴露。
- 消息可以以去中心的方式中继,即使其中一方处于离线状态。
**缺点**
-
- 通常仅限于较少的媒体类型,主要是文本,因为很慢。
- 如果通过随机路由选择节点,则某些节点可能远离发送方和接收方,增加延迟,甚至在其中一个节点脱机时无法传输消息。
- 开始时比较复杂,因为需要创建和安全备份一个加密私钥。
- 就像其他去中心化平台一样,对开发者来说,增加功能比中心化平台更复杂。 因此,功能可能缺乏或未完全实现,例如脱机消息中继或消息删除。

354
i18n/zh/advanced/dns-overview.md Normal file
View File

@@ -0,0 +1,354 @@
---
title: "DNS简介"
icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
---
[域名系统](https://en.wikipedia.org/wiki/Domain_Name_System) 是“互联网电话簿”。 DNS将域名转换为IP地址以便浏览器和其他服务可以通过分散的服务器网络加载互联网资源。
## 什么是DNS
当您访问某个网站时,系统会返回一个数字地址。 例如,当你访问 `privacyguides.org`时,会返回地址 `192.98.54.105`
DNS自互联网的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System#History) 以来一直存在。 与DNS服务器间的通讯通常是 **未** 加密的。 在家用场景下,客户通过 [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)获得由ISP提供的服务器。
未加密的DNS请求可能会被轻易地 **被监视** ,或者在传输过程中 **被修改**。 在世界的某些地方Isp被要求做原始的 [DNS过滤](https://en.wikipedia.org/wiki/DNS_blocking)。 当你请求一个被封锁的域名的IP地址时服务器可能不会回应或可能以不同的IP地址回应。 由于DNS协议没有加密ISP或任何网络运营商可以使用 [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) 来监控请求。 ISP还可以基于共有特性阻止请求无论使用的是哪个DNS服务器。 未加密的DNS始终使用 [端口](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 并且始终使用UDP。
下面我们将探讨并提供一个教程来验证一下外部观察者对于使用常规未加密DNS和 [加密DNS](#what-is-encrypted-dns)这两种情况下分别可能看到什么。
### 未加密DNS
1. 使用 [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) [Wireshark](https://en.wikipedia.org/wiki/Wireshark) 项目的一部分),我们可以监测和记录互联网数据包流。 此命令记录符合指定规则的数据包:
```bash
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
2. 然后我们可以使用 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) LinuxMacOS等或 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) Windows将DNS查询发送到两个服务器。 Web浏览器等软件会自动执行这些查找除非它们被配置为使用加密的DNS。
=== "Linux, macOS"
```
dig +noall +answer privacyguides.org @1.1.1.1
dig +noall +answer privacyguides.org @8.8.8.8
```
=== "Windows"
```
nslookup privacyguides.org 1.1.1.1
nslookup privacyguides.org 8.8.8.8
```
3. 接下来,我们来 [分析](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) 输出的结果:
=== "Wireshark"
```
wireshark -r /tmp/dns.pcap
```
=== "tshark"
```
tshark -r /tmp/dns.pcap
```
如果运行上面的Wireshark命令顶部窗格显示“[帧](https://en.wikipedia.org/wiki/Ethernet_frame)” ,底部窗格显示有关所选帧的所有数据。 企业过滤和监控解决方案(如政府购买的解决方案)可以自动完成这一过程,无需人工干预,并可以汇总多帧数据以产生对网络观察者有用的统计数据。
| No. | 时间 | 来源 | 目的地 | 协议 | 长度 | 信息 |
| --- | -------- | --------- | --------- | --- | --- | ---------------------------------------------------------------------- |
| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | 云存储 | 104 | Standard query 0x58ba A privacyguides.org OPT |
| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | 云存储 | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT |
| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | 云存储 | 104 | Standard query 0xf1a9 A privacyguides.org OPT |
| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | 云存储 | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT |
观察者可以修改这些数据包中的任何一个。
## 什么是“加密DNS”
加密DNS可以指代若干协议中的一种最常见的协议是
### DNSCrypt
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是首批加密DNS查询的方法之一。 DNSCrypt在端口443上运行并可以使用TCP或UDP传输协议。 DNSCrypt从未提交给 [互联网工程任务组IETF](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) 也没有经过 [征求意见RFC](https://en.wikipedia.org/wiki/Request_for_Comments) 过程,因此除了少数 [实现](https://dnscrypt.info/implementations)之外没有被广泛使用。 因此,它在很大程度上被更流行的 [DNS over HTTPS](#dns-over-https-doh)取代了。
### DNS over TLS (DoT)
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) 是另一种加密DNS通信的方法在 [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858)中被定义。 首次得到支持是在安卓9、iOS 14和Linux上被版本号237的 [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) 实现。 近年来业界的偏好已经从DoT转向DoH因为DoT是一个 [复杂的协议](https://dnscrypt.info/faq/) 并且在现有的实现中对RFC的遵守情况各不相同。 DoT也在一个专用的853端口上运行该端口很容易被限制性的防火墙阻断。
### DNS over HTTPS (DoH)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS)由[RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) 定义,查询通过[HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) 协议打包并通过 HTTPS保障安全性. 由Firefox 60和Chrome 83等Web浏览器首次实现支持。 由Firefox 60和Chrome 83等Web浏览器首次实现支持。
DoH的原生实现出现在iOS 14、macOS 11、微软Windows和Android 13中然而它不会被默认启用 [](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144))。 一般的Linux桌面支持还在等待systemd [实现](https://github.com/systemd/systemd/issues/8639) ,所以 [目前依然需要安装第三方软件](../dns.md#linux)。
## 外部一方能看到什么?
在本示例中我们将记录当我们提出DoH请求时会发生什么
1. 首先,启动 `tshark`。
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
2. 其次,使用 `curl`提出请求:
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
3. 在提出请求后,我们可以用 <kbd>CTRL</kbd> + <kbd>C</kbd>停止抓包。
4. 在Wireshark中分析结果
```bash
wireshark -r /tmp/dns_doh.pcap
```
我们可以看到任何加密连接都需要发生的 [连接建立](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) 和 [TLS握手](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) 过程。 当查看下面的“应用程序数据”数据包时没有一个数据包包含我们请求的域或返回的IP地址。
## 为什么我**不应该** 使用加密的DNS
在有互联网过滤(或审查)的地方,访问被禁止的资源可能会有自己的后果,你应该在你的 [威胁模型](../basics/threat-modeling.md)。 我们 **不** 建议为此目的使用加密的DNS。 使用 [Tor](https://torproject.org) 或 [VPN](../vpn.md) 来代替。 如果您使用的是VPN 则应使用VPN的DNS服务器。 使用VPN时您已经信任它们的所有网络活动。
当我们进行DNS查找时通常是因为我们想要访问资源。 下面我们将讨论一些即使在使用加密的DNS时也可能泄露你的浏览活动的方法。
### IP 地址
确定浏览活动的最简单方法可能是查看你的设备所访问的IP地址。 例如,如果观察者知道 `privacyguides.org` 在 `198.98.54.105`,而你的设备正在从 `198.98.54.105`请求数据,你很有可能正在访问隐私指南。
这种方法只有在IP地址属于一个只承载少数网站的服务器时才有用。 如果网站托管在一个共享平台上如Github Pages、Cloudflare Pages、Netlify、WordPress、Blogger等它也不是很有用。 如果服务器托管在一个 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy),它也不是很有用,这在现代互联网上非常普遍。
### 服务器名称指示SNI
服务器名称指示通常在一个IP地址承载许多网站时使用。 这可能是一个像Cloudflare这样的服务或其他一些 [拒绝服务攻击](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保护。
1. 再次开始捕获 `tshark`。 我们用我们的IP地址添加了一个过滤器所以你不会捕获很多数据包。
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
2. 然后我们访问 [https://privacyguides.org](https://privacyguides.org)。
3. 访问完网站后,我们要用 <kbd>CTRL</kbd> + <kbd>C</kbd>停止抓包。
4. 接下来我们要分析结果:
```bash
wireshark -r /tmp/pg.pcap
```
我们将看到连接的建立然后是隐私指南网站的TLS握手。 第5帧左右。 你会看到一个 "Client Hello"。
5. 展开每个字段旁边的三角形 &#9656;。
```text
▸ Transport Layer Security
▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello
▸ Handshake Protocol: Client Hello
▸ Extension: server_name (len=22)
▸ Server Name Indication extension
```
6. 我们可以看到SNI值它披露了我们正在访问的网站。 `tshark` 命令可以直接给你包含SNI值的所有数据包的值。
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
这意味着即使我们使用 "加密DNS "服务器域名也可能通过SNI被披露。 [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) 协议带来了 [Client Hello](https://blog.cloudflare.com/encrypted-client-hello/),可以防止这种泄漏。
</a> 各国政府,特别是 [中国](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) 和 [俄罗斯](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/),已经开始阻止
,或表示希望这样做。 [最近,俄罗斯开始封锁使用 [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) 标准的外国网站](https://github.com/net4people/bbs/issues/108)。 这是因为作为HTTP/3一部分的 [QUIC](https://en.wikipedia.org/wiki/QUIC) 协议要求 `ClientHello` 也被加密。</p>
### 在线证书状态协议OCSP
你的浏览器披露你的浏览活动的另一种方式是通过 [在线证书状态协议](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol)。 当访问一个HTTPS网站时浏览器可能会检查该网站的 [证书](https://en.wikipedia.org/wiki/Public_key_certificate) 是否已被撤销。 这通常是通过HTTP协议完成的这意味着它是 **,而不是** 加密的。
该OCSP请求包含证书"[序列号](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)",该证书是唯一的。 它被发送到 "OCSP响应者",以检查其状态。
我们可以使用 [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) 命令来模拟浏览器会做什么。
1. 获取服务器证书,并使用 [`sed`](https://en.wikipedia.org/wiki/Sed) ,只保留重要部分,并将其写入文件。
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
2. 获得中间证书。 [证书颁发机构CA](https://en.wikipedia.org/wiki/Certificate_authority) ,通常不直接签署证书;他们使用所谓的 "中间 "证书。
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
3. `pg_and_intermediate.cert` 中的第一个证书实际上是步骤1中的服务器证书。 我们可以再次使用 `sed` 删除直到END的第一个实例。
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
4. 获取服务器证书的OCSP应答器。
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
我们的证书显示的是Lets Encrypt证书响应者。 如果我们想查看证书的所有详细信息,我们可以使用:
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
5. 开始捕获数据包。
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
6. 提出OCSP请求。
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
-cert /tmp/pg_server.cert \
-text \
-url http://r3.o.lencr.org
```
7. 打开捕获。
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
在 "OCSP "协议中会有两个数据包:一个 "请求 "和一个 "响应"。 对于 "请求",我们可以通过展开每个字段旁边的三角形 &#9656; ,看到 "序列号"。
```bash
▸ Online Certificate Status Protocol
▸ tbsRequest
▸ requestList: 1 item
▸ Request
▸ reqCert
serialNumber
```
对于 "回应",我们也可以看到 "序列号"。
```bash
▸ Online Certificate Status Protocol
▸ responseBytes
▸ BasicOCSPResponse
▸ tbsResponseData
▸ responses: 1 item
▸ SingleResponse
▸ certID
serialNumber
```
8. 或者使用 `tshark` 来过滤序列号的数据包。
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
如果网络观察者拥有公开的公共证书,他们可以将序列号与该证书相匹配,从而从中确定你所访问的网站。 这个过程可以自动化并能将IP地址与序列号联系起来。 也可以检查 [证书透明度](https://en.wikipedia.org/wiki/Certificate_Transparency) 日志中的序列号。
## 我应该使用加密的DNS吗
我们做了这个流程图来描述你什么时候 *应该* 使用加密的DNS。
``` mermaid
图TB
开始[Start] --> 匿名{尝试<br> 匿名?}
anonymous--> | Yes | tor(使用Tor)
anonymous--> | No | censorship{Avoiding<br> censorship?
审查 --> | 是 | vpnOrTor(使用<br> VPN或Tor)
审查 --> | 不 | 隐私{想从ISP那里获得隐私<br>}。
privacy --> | Yes | vpnOrTor
privacy --> | No | obnoxious{ISP使<br> obnoxious<br> redirects? }
obnoxious --> | Yes | encryptedDNS(使用第三方的<br> 加密DNS<br> )
obnoxious --> | No | ispDNS{ISP是否支持<br> 加密DNS }
ispDNS --> | 是 | useISP(与ISP一起使用<br> 加密DNS<br> )
ispDNS --> | 否 | nothing(什么都不做)
```
第三方的加密DNS应该只用于绕过重定向和基本的 [DNS拦截](https://en.wikipedia.org/wiki/DNS_blocking) ,当你能确定不会有任何后果,或者你对一个能做一些基本过滤的供应商感兴趣时。
[推荐的DNS服务器列表](../dns.md ""){.md-button}
## 什么是DNSSEC
[域名系统安全扩展](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC)是DNS的一项功能对域名查询的响应进行认证。 它不为这些查询提供隐私保护而是防止攻击者操纵或毒害对DNS请求的响应。
换句话说DNSSEC对数据进行数字签名以帮助确保其有效性。 为了确保安全查询签名发生在DNS查询过程中的每一级。 因此来自DNS的所有答案都可以被信任。
DNSSEC的签署过程类似于某人用笔签署一份法律文件该人用一个独特的签名签署其他人无法创建法院专家可以查看该签名并验证该文件是由该人签署的。 这些数字签名确保数据没有被篡改。
DNSSEC在DNS的所有层面上实现了分层的数字签名政策。 例如,在 `privacyguides.org` 查询的情况下,根 DNS 服务器将签署 `.org` 名称服务器的密钥,然后 `.org` 名称服务器将签署 `privacyguides.org`的权威名称服务器的密钥。
<small>改编自Google的[DNS安全扩展(DNSSEC)概述](https://cloud.google.com/dns/docs/dnssec)和Cloudflare的[DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/),两者均以[CC BY 4.0](https://creativecommons.org/licenses/by/4.0/)授权。</small>
## 什么是QNAME最小化
QNAME是一个 "限定名称",例如 `privacyguides.org`。 QNAME最小化减少了从DNS服务器发送至 [权威名称服务器的信息量](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server)。
而不是发送整个域名 `privacyguides.org`QNAME最小化意味着DNS服务器将要求所有以 `.org`结尾的记录。 进一步的技术描述在 [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816)中定义。
## 什么是EDNS客户子网ECS
[EDNS 客户端子网](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) 是递归 DNS 解析器为 [主机或客户端](https://en.wikipedia.org/wiki/Client_(computing)) 进行 DNS 查询时,指定一个 [子网](https://en.wikipedia.org/wiki/Subnetwork) 的一种方法。
它的目的是 "加快 "数据的交付,给客户一个属于离他们很近的服务器的答案,如 [内容交付网络](https://en.wikipedia.org/wiki/Content_delivery_network)这通常用于视频流和服务JavaScript网络应用。
这项功能确实是以隐私为代价的因为它告诉DNS服务器一些关于客户端位置的信息。

84
i18n/zh/advanced/payments.md Normal file
View File

@@ -0,0 +1,84 @@
---
title: Private Payments
icon: material/hand-coin
---
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
## Cash
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payees name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
Despite this, its typically the best option.
## Prepaid Cards & Gift Cards
Its relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually dont have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants dont accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
Prepaid cards dont allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that dont accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
### Online Marketplaces
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
## Virtual Cards
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
## Cryptocurrency
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
!!! 危险
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
### Privacy Coins
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
### Other Coins (Bitcoin, Ethereum, etc.)
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
### Wallet Custody
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
### Acquisition
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
## Additional Considerations
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Dont sign up for rewards programs or provide any other information about yourself.
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants dont allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.

94
i18n/zh/advanced/tor-overview.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: "Tor概述"
icon: 'simple/torproject'
description: Tor是一个免费使用的去中心化网络专为尽量隐私地使用互联网而设计。
---
Tor是一个免费使用的去中心化网络专为尽量隐私地使用互联网而设计。 如果使用得当,该网络可以实现隐私且匿名地浏览和通信。
## Path Building to Clearnet Services
"Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays).
Every time you [connect to Tor](../tor.md), it will choose three nodes to build a path to the internet—this path is called a "circuit."
<figure markdown>
![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](../assets/img/how-tor-works/tor-path.svg#only-light)
![Tor path showing your device connecting to an entry node, middle node, and exit node before reaching the destination website](../assets/img/how-tor-works/tor-path-dark.svg#only-dark)
<figcaption>Tor circuit pathway</figcaption>
</figure>
每个节点都有自己的功能:
### 入口节点
入口节点通常被称为守护节点是你的Tor客户端连接到的第一个节点。 入口节点能够看到你的IP地址但它无法看到你正在连接什么。
与其他节点不同Tor客户端会随机选择一个入口节点并坚持两到三个月以保护你免受某些攻击。[^1]
### 中间节点
中间节点是你的Tor客户端连接的第二个节点。 它可以看到流量来自哪个节点--入口节点--以及它接下来要去哪个节点。 中间节点不能看到你的IP地址或你正在连接的域。
对于每个新线路在所有可用的Tor节点中随机选择中间节点。
### 出口节点
出口节点是你的网络流量离开Tor网络并被转发到待达目的地的地方。 出口节点无法看到你的IP地址但它确实知道正在连接到哪个网站。
出口节点将从运行有出口中继标志的所有可用Tor节点中随机选择。[^2]
## Path Building to Onion Services
"Onion Services" (also commonly referred to as "hidden services") are websites which can only be accessed by the Tor browser. These websites have a long randomly generated domain name ending with `.onion`.
Connecting to an Onion Service in Tor works very similarly to connecting to a clearnet service, but your traffic is routed through a total of **six** nodes before reaching the destination server. Just like before however, only three of these nodes are contributing to *your* anonymity, the other three nodes protect *the Onion Service's* anonymity, hiding the website's true IP and location in the same manner that Tor Browser is hiding yours.
<figure style="width:100%" markdown>
![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](../assets/img/how-tor-works/tor-path-hidden-service.svg#only-light)
![Tor path showing your traffic being routed through your three Tor nodes plus three additional Tor nodes which hide the website's identity](../assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark)
<figcaption>Tor circuit pathway with Onion Services. Nodes in the <span class="pg-blue">blue</span> fence belong to your browser, while nodes in the <span class="pg-red">red</span> fence belong to the server, so their identity is hidden from you.</figcaption>
</figure>
## 加密
Tor用出口、中间和入口节点的密钥对每个数据包一个传输的数据块进行三次加密--按顺序进行。
一旦Tor建立了一个电路数据传输就会按以下方式进行。
1. 首先:当数据包到达入口节点时,第一层的加密被移除。 在这个加密的数据包中,入口节点会发现另一个带有中间节点地址的加密数据包。 然后,入口节点将把数据包转发给中间节点。
2. 第二:当中间节点收到来自入口节点的数据包时,它也会用自己的密钥去掉一层加密,这时会发现一个带有出口节点地址的加密数据包。 然后,中间节点将把数据包转发给出口节点。
3. 最后:当出口节点收到其数据包时,它将用其密钥去除最后一层加密。 出口节点将看到目标地址并将数据包转发到该地址。
下面是一个显示该过程的替代图。 每个节点都会移除自己的加密层,而当目的地服务器返回数据时,同样的过程会完全反向发生。 例如,出口节点不知道你是谁,但它知道它来自哪个节点,因此它添加了自己的加密层并将其发送回来。
<figure markdown>
![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light)
![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
<figcaption>Sending and receiving data through the Tor Network</figcaption>
</figure>
通过使用Tor我们可以在没有任何一方知道整个线路的情况下连接到一个服务器。 入口节点知道你是谁,但不知道你要去哪里;中间节点不知道你是谁,也不知道你要去哪里;而出口节点知道你要去哪里,但不知道你是谁。 因为出口节点是进行最终连接的目标服务器永远不会知道你的IP地址。
## Caveats (注意)
尽管Tor确实提供了强有力的隐私保障但您必须意识到Tor并不完美
- 资金充足、能够被动地观察全球大多数网络通信量的对手有机会通过先进的通信量分析将Tor用户去匿名化。 Tor也不能防止您错误地暴露自己例如分享了太多关于您真实身份的信息。
- Tor出口节点也可以监控通过它们的流量。 这意味着没有加密的流量如普通的HTTP流量可以被记录和监控。 如果这种流量包含个人可识别信息,那么那个出口节点可以把你去匿名化。 因此我们建议尽可能使用HTTPS over Tor。
如果您希望使用Tor浏览网页我们只建议使用 **官方** Tor浏览器该浏览器旨在防止指纹。
- [Tor浏览器 :material-arrow-right-drop-circle:](../tor.md#tor-browser)
## 其它资源
- [Tor浏览器用户手册](https://tb-manual.torproject.org)
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
[^1]: 您线路上的第一个中继称为“入口警卫“或“警卫”。 它是一个快速而稳定的中继会在2-3个月内持续作为你的线路的第一个中继以防止已知的破坏匿名性的攻击。 你的线路其余部分会随着你访问的每个新网站而改变所有这些中继器一起提供Tor的全部隐私保护。 关于警卫中继器如何工作的更多信息,请参阅这篇 [博文](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) 和 [关于入口警卫的论文](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf)。 ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
[^2]: 中继标志:由目录权限分配并在目录协议规范中进一步定义的线路位置(例如, “Guard”、“Exit”、“BadExit” )、线路属性(例如, “Fast”、“Stable” )或角色(例如, “Authority”、“HSDir” )的中继的特殊( dis- )限定。 ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))

423
i18n/zh/android.md Normal file
View File

@@ -0,0 +1,423 @@
---
title: "安卓"
icon: 'simple/android'
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Android Operating Systems
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: 安卓
image: /assets/img/android/android.svg
url: https://source.android.com/
sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-
"@context": http://schema.org
"@type": CreativeWork
name: GrapheneOS
image: /assets/img/android/grapheneos.svg
url: https://grapheneos.org/
sameAs: https://en.wikipedia.org/wiki/GrapheneOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Divest
image: /assets/img/android/divestos.svg
url: https://divestos.org/
sameAs: https://en.wikipedia.org/wiki/DivestOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": Product
name: Pixel
brand:
"@type": Brand
name: 谷歌
image: /assets/img/android/google-pixel.png
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
review:
"@type": Review
author:
"@type": Organization
name: Privacy Guides
-
"@context": http://schema.org
"@type": MobileApplication
name: Shelter
applicationCategory: Utilities
operatingSystem: 安卓
-
"@context": http://schema.org
"@type": MobileApplication
name: Auditor
applicationCategory: Utilities
operatingSystem: 安卓
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure Camera
applicationCategory: Utilities
operatingSystem: 安卓
-
"@context": http://schema.org
"@type": MobileApplication
name: 安全的PDF查看器Secure PDF Viewer
applicationCategory: Utilities
operatingSystem: 安卓
---
![安卓徽标](assets/img/android/android.svg){ align=right }
**安卓开源项目** 是一个由谷歌领导的开源移动操作系统,为世界上大多数移动设备提供动力。 大多数使用安卓系统销售的手机都经过修改,包括侵入性的集成和应用程序,如谷歌游戏服务,所以你可以通过用没有这些侵入性功能的安卓系统版本替换你的手机默认安装,来大大改善你在移动设备上的隐私。
[:octicons-home-16:](https://source.android.com/){ .card-link title="首页" }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=文档}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="源代码" }
这些是我们推荐的安卓操作系统、设备和应用程序,以最大限度地提高你的移动设备的安全和隐私。 要了解更多关于安卓的信息。
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
## AOSP 衍生品
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
!!! note
由于OEM停止支持寿命终止的设备如GrapheneOS或CalyxOS的 "扩展支持 "设备)没有完整的安全补丁(固件更新)。 无论安装何种软件,都不能认为这些设备是完全安全的。
### GrapheneOS
!!! recommendation
![GrapheneOS标志](assets/img/android/grapheneos.svg#only-light){ align=right }
![GrapheneOS标志](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
**GrapheneOS**是涉及隐私和安全的最佳选择。
GrapheneOS提供了额外的[安全加固](https://en.wikipedia.org/wiki/Hardening_(计算))和隐私改进。 它有一个[加固的内存分配器](https://github.com/GrapheneOS/hardened_malloc)、网络和传感器权限,以及其他各种[安全功能](https://grapheneos.org/features)。 GrapheneOS还带有完整的固件更新和签名构建因此完全支持验证性启动。
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" }
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
### DivestOS
!!! recommendation
![DivestOS标志](assets/img/android/divestos.svg){ align=right }
**DivestOS**是 [LineageOS](https://lineageos.org/)的一个软分叉。
DivestOS从LineageOS继承了许多[支持的设备](https://divestos.org/index.php?page=devices&base=LineageOS)。 它有签名的构建使得在一些非Pixel设备上可以有[验证的启动](https://source.android.com/security/verifiedboot)。
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" }
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
!!! 推荐
DivestOS的固件更新 [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS)和质量控制在其支持的设备中各不相同。 我们仍然推荐GrapheneOS这取决于你设备的兼容性。 对于其他设备DivestOS是一个不错的选择。
并非所有支持的设备都有验证启动,有些设备的验证启动性能比其他设备好。
## 安卓设备
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner.
A few more tips regarding Android devices and operating system compatibility:
- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details!
### Google Pixel
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
!!! recommendation
[谷歌Pixel 6](assets/img/android/google-pixel.png){ align=right }
众所周知,**谷歌Pixel**设备具有良好的安全性,并适当支持[验证启动](https://source.android.com/security/verifiedboot),即使在安装自定义操作系统时也是如此。
从**Pixel 6**和**6 Pro**开始Pixel设备将获得至少5年的安全更新保证确保其使用寿命比其他竞争OEM厂商通常提供的2-4年要长得多。
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company.
A few more tips for purchasing a Google Pixel:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
## 常规应用程序
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
### Shelter
!!! recommendation
![Shelter logo](assets/img/android/shelter.svg){ align=right }
* *Shelter* *是一款应用程序可帮助您利用Android的工作配置文件功能隔离或复制设备上的应用程序。
Shelter支持阻止联系人跨档案搜索并通过默认文件管理器([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui))跨档案共享文件。
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="源代码" }
[:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=贡献 }
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
!!! 推荐
推荐使用Shelter而不是 [Insular](https://secure-system.gitlab.io/Insular/)和 [Island](https://github.com/oasisfeng/island),因为它支持[联系人搜索屏蔽](https://secure-system.gitlab.io/Insular/faq.html)。
当使用Shelter时你完全信任它的开发者因为Shelter作为一个[设备管理员](https://developer.android.com/guide/topics/admin/device-admin)来创建工作档案,它可以广泛地访问存储在工作档案中的数据。
### Auditor
!!! recommendation
![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right }
* *Auditor* * 是一款利用硬件安全功能为[支持的设备](https://attestation.app/about#device-support) 提供设备完整性监控的应用程序。 目前它只适用于GrapheneOS和设备的库存操作系统。
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/about#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="源代码" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title="贡献" } downloads "下载"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
Auditor performs attestation and intrusion detection by:
- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*.
- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
- The *auditor* records the current state and configuration of the *auditee*.
- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
- You will be alerted to the change.
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
### Secure Camera
!!! recommendation
![Secure 摄像头标志](assets/img/android/secure_camera.svg#only-light){ align=right }
![Secure 摄像头标志](assets/img/android/secure_camara-dark#only-dark){ aligh=right }
**Secure Camera** 是一个专注于隐私和安全的相机应用,它可以捕捉图像、视频和二维码。 CameraX供应商扩展肖像、HDR、夜视、面部修饰和自动也在可用设备上得到支持。
[:octicons-repo-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/GrapheneOS/Camera#privacy-policy){ .card-link title="隐私政策" }
[:octicons-code-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="源代码" }
[](){ .card-link title="贡献" } downloads "下载"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
Main privacy features include:
- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
- Microphone permission not required unless you want to record sound
!!! note
目前,元数据没有从视频文件中删除,但这是计划中的。
图像方向元数据未被删除。 如果你启用位置(在安全相机中),**也不会被删除。 如果你以后想删除,你将需要使用一个外部应用程序,如 [ExifEraser]data-redaction.md#exiferaser)。
### 安全的PDF查看器Secure PDF Viewer
!!! recommendation
![安全PDF浏览器标志](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
![安全PDF浏览器标志](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
**安全PDF浏览器**是一个基于 [pdf.js]https://en.wikipedia.org/wiki/PDF.js的PDF浏览器不需要任何权限。 该PDF被送入一个 [sandboxed]https://en.wikipedia.org/wiki/Sandbox_(software_development) [webview]https://developer.android.com/guide/webapps/webview。 这意味着它不需要权限就能直接访问内容或文件。
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)是用来强制要求WebView内的JavaScript和造型属性完全是静态内容。
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="源代码" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=贡献 }
??? downloads "下载"
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
## 获取应用程序
### GrapheneOS应用商店
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
### 奥罗拉商店Aurora Store
The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
!!! recommendation
![Aurora Store徽标](assets/img/android/aurora-store.webp){ align=right }
* *Aurora Store* *是Google Play Store客户端无需Google帐户、Google Play服务或microG即可下载应用程序。
[:octicons-home-16: 主页](https://auroraoss.com/){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="源代码" }
??? 下载
- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
### 手动使用RSS通知
For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
#### GitHub
On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
`https://github.com/GrapheneOS/Camera/releases.atom`
#### GitLab
On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
#### Verifying APK Fingerprints
If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
1. 安装 [Java JDK](https://www.oracle.com/java/technologies/downloads/)。
2. 下载 [Android Studio命令行工具](https://developer.android.com/studio#command-tools)。
3. 解压缩下载的存档:
```bash
unzip commandlinetools-*.zip
cd cmdline-tools
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. 运行签名验证命令。
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. 然后,所产生的哈希值可以与另一个来源进行比较。 一些开发商如Signal [,在其网站上显示了指纹](https://signal.org/android/apk/)。
```bash
Signer #1 certificate DN: CN=GrapheneOS
Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
### F-Droid
![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages.
Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust.
Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method.
!!! note
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### 服务供应商
- 它必须是开源软件。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.
- Must receive regular security patches within 0-5 days of release.
- Must **not** be "rooted" out of the box.
- Must **not** enable Google Play Services by default.
- Must **not** require system modification to support Google Play Services.
### 设备
- Must support at least one of our recommended custom operating systems.
- Must be currently sold new in stores.
- Must receive a minimum of 5 years of security updates.
- Must have dedicated secure element hardware.
### 应用程序
- Applications on this page must not be applicable to any other software category on the site.
- General applications should extend or replace core system functionality.
- Applications should receive regular updates and maintenance.

BIN
i18n/zh/assets/img/account-deletion/exposed_passwords.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
i18n/zh/assets/img/android/rss-apk-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
i18n/zh/assets/img/android/rss-apk-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
i18n/zh/assets/img/android/rss-changes-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
i18n/zh/assets/img/android/rss-changes-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

131
i18n/zh/assets/img/how-tor-works/tor-encryption-dark.svg Normal file
View File

@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1600" height="1100" version="1.1" viewBox="0 0 423.33 291.04">
<g transform="translate(-27.597 12.24)">
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.16 40.67 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.16 40.67 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.17 191.2 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.17 191.2 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<g transform="translate(1.454e-4,7.6627)" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" letter-spacing="0px" stroke-width=".43334" word-spacing="0px">
<text transform="scale(.96575 1.0355)" x="42.045822" y="83.470764" style="line-height:125%" xml:space="preserve">
<tspan x="42.045822" y="83.470764">
<tspan x="42.045822" y="83.470764" fill="#ffffff" stroke-width=".43334">Your</tspan>
</tspan>
<tspan x="42.045822" y="96.437141">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="68.014885" y="6.9863148" style="line-height:125%" xml:space="preserve">
<tspan x="68.014885" y="6.9863148" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Sending data to a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="78.399231" y="152.36726" style="line-height:125%" xml:space="preserve">
<tspan x="78.399231" y="152.36726" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Receiving data from a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="42.06218" y="230.09454" style="line-height:125%" xml:space="preserve">
<tspan x="42.06218" y="230.09454">
<tspan x="42.06218" y="230.09454" fill="#ffffff" stroke-width=".43334">Your<tspan fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334"/></tspan>
</tspan>
<tspan x="42.06218" y="243.06091">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="230.25807" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="223.78017" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="223.78017" y="230.25807" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.03897" y="230.24173" style="line-height:125%" xml:space="preserve">
<tspan x="312.03897" y="230.24173" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="363.96078" y="228.85168" style="line-height:125%" xml:space="preserve">
<tspan x="363.96078" y="228.85168" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="369.14478" y="83.850639" style="line-height:125%" xml:space="preserve">
<tspan x="369.14478" y="83.850639" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="85.257019" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="226.64198" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="226.64198" y="85.257019" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.49686" y="85.077118" style="line-height:125%" xml:space="preserve">
<tspan x="312.49686" y="85.077118" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
</g>
<g transform="translate(1.454e-4,7.6627)" fill="#fff" fill-rule="evenodd">
<path d="m61.737 44.199v-0.88053h74.686v0.88053z"/>
<path d="m136.03 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m162.02 44.199v-0.88053h54.629v0.88053z"/>
<path d="m216.26 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m242.25 44.199v-0.88053h54.629v0.88053z"/>
<path d="m296.49 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m322.48 44.199v-0.88053h54.629v0.88053z"/>
<path d="m376.72 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m382.65 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m328.42 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m302.43 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m248.19 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m222.2 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m167.96 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m141.97 193.86v0.88052h-74.686v-0.88052z"/>
<path d="m67.675 197.48-5.9382-3.1834 5.9382-3.1835z"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

131
i18n/zh/assets/img/how-tor-works/tor-encryption.svg Normal file
View File

@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1600" height="1100" version="1.1" viewBox="0 0 423.33 291.04">
<g transform="translate(-27.597 12.24)">
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.16 40.67 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.16 40.67 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.17 191.2 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.17 191.2 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<g transform="translate(1.454e-4,7.6627)" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" letter-spacing="0px" stroke-width=".43334" word-spacing="0px">
<text transform="scale(.96575 1.0355)" x="42.045822" y="83.470764" style="line-height:125%" xml:space="preserve">
<tspan x="42.045822" y="83.470764">
<tspan x="42.045822" y="83.470764" stroke-width=".43334">Your</tspan>
</tspan>
<tspan x="42.045822" y="96.437141">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="68.014885" y="6.9863148" style="line-height:125%" xml:space="preserve">
<tspan x="68.014885" y="6.9863148" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Sending data to a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="78.399231" y="152.36726" style="line-height:125%" xml:space="preserve">
<tspan x="78.399231" y="152.36726" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Receiving data from a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="42.06218" y="230.09454" style="line-height:125%" xml:space="preserve">
<tspan x="42.06218" y="230.09454">
<tspan x="42.06218" y="230.09454" stroke-width=".43334">Your<tspan fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334"/></tspan>
</tspan>
<tspan x="42.06218" y="243.06091">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="230.25807" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="223.78017" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="223.78017" y="230.25807" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.03897" y="230.24173" style="line-height:125%" xml:space="preserve">
<tspan x="312.03897" y="230.24173" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="363.96078" y="228.85168" style="line-height:125%" xml:space="preserve">
<tspan x="363.96078" y="228.85168" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="369.14478" y="83.850639" style="line-height:125%" xml:space="preserve">
<tspan x="369.14478" y="83.850639" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="85.257019" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="226.64198" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="226.64198" y="85.257019" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.49686" y="85.077118" style="line-height:125%" xml:space="preserve">
<tspan x="312.49686" y="85.077118" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
</g>
<g transform="translate(1.454e-4,7.6627)" fill-rule="evenodd">
<path d="m61.737 44.199v-0.88053h74.686v0.88053z"/>
<path d="m136.03 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m162.02 44.199v-0.88053h54.629v0.88053z"/>
<path d="m216.26 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m242.25 44.199v-0.88053h54.629v0.88053z"/>
<path d="m296.49 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m322.48 44.199v-0.88053h54.629v0.88053z"/>
<path d="m376.72 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m382.65 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m328.42 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m302.43 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m248.19 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m222.2 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m167.96 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m141.97 193.86v0.88052h-74.686v-0.88052z"/>
<path d="m67.675 197.48-5.9382-3.1834 5.9382-3.1835z"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

79
i18n/zh/assets/img/how-tor-works/tor-path-dark.svg Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1530" height="850" version="1.1" viewBox="0 0 404.81 224.9">
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788h-20.41" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 24.896c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 24.862c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941v0" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 24.919c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 24.885c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 114.54c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 116.1c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 114.54c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 116.1c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m354.66 86.912 24.741 46.225h-49.46z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m354.66 86.912 24.741 46.225h-49.46l24.719-46.225" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<g fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" letter-spacing="0px" stroke-width=".58923" word-spacing="0px">
<text transform="scale(.96579 1.0354)" x="23.469173" y="145.54295" style="line-height:125%" xml:space="preserve">
<tspan x="23.469173" y="145.54295">Your</tspan>
<tspan x="23.469173" y="163.17372">Device</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="94.823898" y="62.191856" style="line-height:125%" xml:space="preserve">
<tspan x="94.823898" y="62.191856" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="174.41086" y="148.45462" style="line-height:125%" xml:space="preserve">
<tspan x="174.41086" y="148.45462" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="264.44427" y="60.726738" style="line-height:125%" xml:space="preserve">
<tspan x="264.44427" y="60.726738" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="300.70557" y="145.66537" style="line-height:125%" xml:space="preserve">
<tspan x="300.70557" y="145.66537" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">PrivacyGuides.org</tspan>
</tspan>
</text>
</g>
<g transform="matrix(1,0,0,-1,78.4,132.26)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(158.59,1.3477)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,245.51,139.58)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(-3.4347 -1.3434)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

225
i18n/zh/assets/img/how-tor-works/tor-path-hidden-service-dark.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(97,107,243);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(218,85,92);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

225
i18n/zh/assets/img/how-tor-works/tor-path-hidden-service.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(62,44,177);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(208,26,36);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

79
i18n/zh/assets/img/how-tor-works/tor-path.svg Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1530" height="850" version="1.1" viewBox="0 0 404.81 224.9">
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788h-20.41" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 24.896c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 24.862c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941v0" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 24.919c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 24.885c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 114.54c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 116.1c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 114.54c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 116.1c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m354.66 86.912 24.741 46.225h-49.46z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m354.66 86.912 24.741 46.225h-49.46l24.719-46.225" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<g font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" letter-spacing="0px" stroke-width=".58923" word-spacing="0px">
<text transform="scale(.96579 1.0354)" x="23.469173" y="145.54295" style="line-height:125%" xml:space="preserve">
<tspan x="23.469173" y="145.54295">Your</tspan>
<tspan x="23.469173" y="163.17372">Device</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="94.823898" y="62.191856" style="line-height:125%" xml:space="preserve">
<tspan x="94.823898" y="62.191856" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="174.41086" y="148.45462" style="line-height:125%" xml:space="preserve">
<tspan x="174.41086" y="148.45462" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="264.44427" y="60.726738" style="line-height:125%" xml:space="preserve">
<tspan x="264.44427" y="60.726738" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="300.70557" y="145.66537" style="line-height:125%" xml:space="preserve">
<tspan x="300.70557" y="145.66537" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">PrivacyGuides.org</tspan>
</tspan>
</text>
</g>
<g transform="matrix(1,0,0,-1,78.4,132.26)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(158.59,1.3477)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,245.51,139.58)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(-3.4347 -1.3434)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
i18n/zh/assets/img/multi-factor-authentication/fido.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 130 KiB

BIN
i18n/zh/assets/img/multi-factor-authentication/yubico-otp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 115 KiB

BIN
i18n/zh/assets/img/qubes/qubes-trust-level-architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
i18n/zh/assets/img/qubes/r4.0-xfce-three-domains-at-work.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

81
i18n/zh/basics/account-creation.md Normal file
View File

@@ -0,0 +1,81 @@
---
title: "账户创建"
icon: 'material/account-plus'
description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private.
---
人们经常不假思索地注册服务。 也许它是一个流媒体服务,这样你就可以看到每个人都在谈论的新节目,或者一个为你最喜欢的快餐店提供折扣的账户。 无论情况如何,你应该考虑现在和以后对你的数据的影响。
你所使用的每一项新服务都有风险。 数据泄露;向第三方披露客户信息;流氓雇员访问数据;所有这些都是在提供你的信息时必须考虑的可能性。 你需要确信你可以信任该服务,这就是为什么我们不建议将有价值的数据存储在任何东西上,除了最成熟和经过战斗考验的产品。 这通常意味着提供E2EE并经过加密审计的服务。 审计增加了对产品的保证,即产品的设计没有由缺乏经验的开发者造成的明显的安全问题。
在一些服务上删除账户也可能很困难。 有时 [覆盖与一个账户相关的数据](account-deletion.md#overwriting-account-information) ,但在其他情况下,该服务将保留整个账户的变化历史。
## 用户协议和隐私政策
服务条款是你在使用服务时同意遵守的规则。 对于较大的服务,这些规则通常由自动系统执行。 有时这些自动系统会犯错误。 例如你可能因为使用VPN或VOIP号码而被禁止或被锁定在某些服务的账户中。 对这种禁令提出上诉往往很困难,而且也涉及到一个自动程序,并不总是成功。 这将是我们不建议使用Gmail的电子邮件作为例子的原因之一。 电子邮件对于访问你可能已经注册的其他服务至关重要。
隐私政策是该服务说他们将如何使用你的数据,它值得阅读,以便你了解你的数据将如何被使用。 一个公司或组织可能在法律上没有义务遵守政策中的所有内容(这取决于司法管辖区)。 我们建议对你当地的法律有一些了解,以及他们允许供应商收集什么。
我们建议寻找特定的术语,如 "数据收集"、"数据分析"、"cookies"、"广告 "或 "第三方 "服务。 有时你可以选择不收集数据或不分享你的数据,但最好是选择一个从一开始就尊重你的隐私的服务。
请记住,你也将你的信任寄托在该公司或组织身上,他们会遵守自己的隐私政策。
## 身份验证方法
通常有多种注册账户的方式,每种方式都有各自的好处和缺点。
### 电子邮件和密码
创建新账户最常见的方式是通过电子邮件地址和密码。 当使用这种方法时,你应该使用一个密码管理器,并遵循 [有关密码的最佳实践](passwords-overview.md)。
!!! tip
你也可以用你的密码管理器来组织其他认证方法 只需添加新条目并填写相应的字段,你可以为安全问题或备份钥匙等事项添加注释。
你将负责管理你的登录凭证。 为了增加安全性,你可以在你的账户上设置 [MFA](multi-factor-authentication.md)。
[推荐的密码管理器](../passwords.md ""){.md-button}
#### 邮箱别名
如果你不想把你的真实电子邮件地址提供给一个服务,你可以选择使用一个别名。 我们在我们的电子邮件服务推荐页面上对它们进行了更详细的描述。 本质上,别名服务允许你生成新的电子邮件地址,将所有电子邮件转发到你的主地址。 这可以帮助防止跨服务的追踪,并帮助你管理有时伴随着注册过程的营销电子邮件。 这些可以根据它们被发送到的别名自动过滤。
如果一项服务被黑客攻击,你可能会开始收到钓鱼或垃圾邮件到你用来注册的地址。 为每项服务使用独特的别名,可以帮助准确识别什么服务被黑。
[推荐的电子邮件别名服务](../email.md#email-aliasing-services ""){.md-button}
### 单点登录
!!! note
我们讨论的是个人使用的单点登录,而不是企业用户。
单点登录SSO是一种认证方法允许你在不分享很多信息的情况下注册一个服务。 只要你在注册表上看到类似于 "用 *提供商名称*"的内容就是SSO。
当你在一个网站上选择单点登录时它会提示你的SSO供应商的登录页面之后你的账户就会被连接起来。 你的密码不会被分享,但一些基本信息会被分享(你可以在登录请求中查看)。 每次你想登录同一个账户时,都需要这个过程。
主要的优点是:
- **安全性**:没有卷入 [数据泄露的风险](https://en.wikipedia.org/wiki/Data_breach) ,因为网站不储存你的凭证。
- **易用性**:多个账户由一个登录账号管理。
但也有弊端:
- **隐私**SSO供应商会知道你使用的服务。
- **集中化**如果你的SSO账户被泄露或你无法登录所有与之相连的其他账户都会受到影响。
SSO在那些你可以从服务之间的深度整合中获益的情况下可以特别有用。 例如这些服务中的一个可能为其他服务提供SSO。 我们的建议是将SSO限制在你需要的地方用 [MFA](multi-factor-authentication.md)来保护主账户。
所有使用SSO的服务将和你的SSO账户一样安全。 例如如果你想用硬件密钥保护一个账户但该服务不支持硬件密钥你可以用硬件密钥保护你的SSO账户现在你的所有账户基本上都有硬件MFA。 但值得注意的是SSO账户上的弱认证意味着与该登录方式相关的任何账户也会很弱。
### 手机号
我们建议避免使用那些需要电话号码才能注册的服务。 一个电话号码可以在多个服务中识别你的身份,根据数据共享协议,这将使你的使用情况更容易被追踪,特别是当这些服务之一被破坏时,因为电话号码通常是 **,而不是** 加密。
如果可以的话,你应该避免提供你的真实电话号码。 有些服务会允许使用VOIP号码但是这些号码往往会触发欺诈检测系统导致账户被锁定所以我们不建议重要账户使用这种号码。
在许多情况下,你将需要提供一个可以接收短信或电话的号码,特别是在国际购物时,以防你的订单在边境检查时出现问题。 服务机构使用你的号码作为验证方法是很常见的;不要因为你想耍小聪明,给了一个假的号码,而让自己被锁定在一个重要的账户之外。
### 用户名和密码
有些服务允许你不使用电子邮件地址进行注册,只要求你设置一个用户名和密码。 这些服务在与VPN或Tor结合使用时可以提供更多的匿名性。 **请记住,对于这些账户,如果你忘记了你的用户名或密码,很可能没有办法恢复你的账户**

62
i18n/zh/basics/account-deletion.md Normal file
View File

@@ -0,0 +1,62 @@
---
title: "删除帐户"
icon: '资料/账户-删除'
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
---
随着时间的推移,很容易积累一些在线账户,其中许多账户你可能不再使用。 删除这些未使用的账户是找回隐私的一个重要步骤,因为休眠账户很容易受到数据泄露的影响。 数据泄露是指一项服务的安全性受到损害,受保护的信息被未经授权的人查看、传输或窃取。 不幸的是,而今数据泄露 [太过于常见](https://haveibeenpwned.com/PwnedWebsites) ,因此保持良好的数字卫生是将它们对你生活的影响降到最低的最好方法。 本指南的目标就是引导您经由令人讨厌的帐户删除过程来优化你的线上生活,这些过程通常采用了 [欺骗性设计](https://www.deceptive.design/)使得其变得更加困难。
## 查找旧帐户
### 密码管理器
如果您有一个贯穿整个数字生活来使用的密码管理器,这个部分将非常简单。 通常情况下,它们内置有检测你的凭证是否在数据泄露中被暴露的功能--例如Bitwarden的 [数据泄露报告](https://bitwarden.com/blog/have-you-been-pwned/)。
<figure markdown>
![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png)
</figure>
即使你以前没有明确使用过密码管理器,你也有可能在不知不觉中使用了你的浏览器或手机中的密码管理器。 例如。 [火狐密码管理器](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [谷歌密码管理器](https://passwords.google.com/intro) 和 [Edge密码管理器](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)。
桌面平台通常也有一个密码管理器,可以帮助你恢复你忘记的密码。
- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
- macOS [Passwords](https://support.apple.com/en-us/HT211145)
- iOS [Passwords](https://support.apple.com/en-us/HT211146)
- LinuxGnome Keyring可以通过 [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) 或 [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)访问。
### DNS
如果你过去没有使用密码管理器,或者你认为你有从未被添加到密码管理器的账户,另一个选择是搜索印象里当时注册用的电子邮箱。 在你的电子邮件客户端,搜索关键词,如 "验证 "或 "欢迎"。 几乎每次您创建在线帐户时,注册的服务都会向您的电子邮箱发送验证链接或介绍性消息。 这可能是找到被遗忘的旧账户的一个好方法。
## 删除旧账户
### 登录
为了删除你的旧账户,你需要首先确保你能登录到这些账户。 同样,如果该账户是在你的密码管理器中,这一步很容易。 如果没有,你可以尝试猜测你的密码。 如果做不到这一点,通常可以选择重新获得你账户的访问权限,通常可以通过登录页面上的 "忘记密码 "链接获得。 也有可能你放弃的账户已经被删除了--有时服务机构会裁除所有旧账户。
当试图重新获得访问权时,如果网站返回错误信息说该电子邮件没有与一个账户相关联,或者你在多次尝试后从未收到重置链接,那么你在该邮箱地址下没有账户,应该尝试另一个地址。 如果你无法找出你使用的电子邮件地址,或者你不再能访问该电子邮件,你可以尝试联系该服务的客户支持。 很遗憾,我们无法保证您能够恢复对账号的访问权限。
### GDPR仅限欧洲经济区居民
欧洲经济区的居民在数据删除方面有额外的权利,具体见 [GDPR第17条](https://www.gdpr.org/regulation/article-17.html)。 如果适用于你,请阅读任何特定服务的隐私政策,以找到关于如何行使你的删除权的信息。 阅读隐私政策可能被证明是重要的,因为一些服务有一个 "删除账户 "的选项,它只是禁用你的账户,而要真正删除,你必须采取额外行动。 有时,实际删除可能涉及填写调查表、向服务的数据保护人员发送电子邮件,甚至证明你在欧洲经济区拥有住所。 如果你打算这么做, **不要** 覆盖账户信息--你作为欧洲经济区居民的身份可能被要求。 请注意服务的地点并不重要GDPR适用于任何为欧洲用户服务的人。 如果服务不尊重你的删除权,你可以联系你的国家的 [数据保护局](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) ,你可能有权获得金钱赔偿。
### 覆盖账户信息
在某些情况下,如果你打算放弃一个账户,用假数据覆盖账户信息可能是有意义的。 一旦你确定你可以登录,将你账户中的所有信息改为伪造的信息。 原因是许多网站会保留你以前的信息,即使是在删除账户后。 这一方法寄希望于他们能用你输入的最新数据来覆盖以前的信息。 但是,无法保证不会使用以前的信息进行备份。
对于账户的电子邮件,可以通过你选择的供应商创建一个新的备用电子邮件账户,或者使用 [电子邮件别名服务创建一个别名](/email/#email-aliasing-services)。 一旦完成,您可以删除备用电子邮件地址。 我们建议不要使用临时电子邮件供应商,因为很多时候这类临时电子邮件有可能被重新激活。
### 删除
你可以查看 [JustDeleteMe](https://justdeleteme.xyz) ,了解关于删除特定服务的账户的说明。 有些网站会慷慨地提供“删除帐户”选项,而其他网站则会迫使您与客服代表交谈。 删除过程可能因网站而异,在一些网站上无法删除账户。
对于不允许删除账户的服务,最好的办法是像前面提到的那样伪造你的所有信息,加强账户安全。 要做到这一点,请启用 [MFA](multi-factor-authentication.md) 和提供的任何额外安全功能。 同样,将密码更改为随机生成的最大允许大小( [密码管理器](/passwords/#local-password-managers) 对此很有用)。
如果你对所有你关心的信息都被删除感到满意,你可以安全地忘记这个账户。 如果没有,把凭证与你的其他密码存放在一起,偶尔重新登录以重置密码可能是一个好主意。
即使你能够删除一个账户,也不能保证你的所有信息都会被删除。 事实上,一些公司被法律要求保留某些信息,特别是与金融交易有关的信息。 当涉及到网站和云服务时,你的数据会发生什么大多是你无法控制的。
## 避免新账户
老话说,"上医治未病"。 每当你觉得被诱惑去注册一个新账户时,问问自己,"我真的需要这个吗? 没有账户,我可以完成我需要的东西吗?" 删除一个账户往往比创建一个账户要难得多。 而且,即使在删除或改变你的账户信息后,可能还有一个来自第三方的缓存版本,如 [Internet Archive](https://archive.org/)。 当你能够避免诱惑时--你未来的自己会感谢你的。

94
i18n/zh/basics/common-misconceptions.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: "常见误区"
icon: 'material/robot-confused'
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
schema:
-
"@context": https://schema.org
"@type": FAQPage
mainEntity:
-
"@type": Question
name: Is open source software inherently secure?
acceptedAnswer:
"@type": Answer
text: |
Whether the source code is available and how software is licensed does not inherently affect its security in any way. Open-source software has the potential to be more secure than proprietary software, but there is absolutely no guarantee this is the case. When you evaluate software, you should look at the reputation and security of each tool on an individual basis.
-
"@type": Question
name: Can shifting trust to another provider increase privacy?
acceptedAnswer:
"@type": Answer
text: |
在讨论像VPN这样的解决方案时我们经常谈到 "转移信任"它将你对ISP的信任转移到VPN供应商身上。 While this protects your browsing data from your ISP specifically, the VPN provider you choose still has access to your browsing data: Your data isn't completely secured from all parties.
-
"@type": Question
name: Are privacy-focused solutions inherently trustworthy?
acceptedAnswer:
"@type": Answer
text: |
仅仅关注一个工具或供应商的隐私政策和营销,会让你看不到它的弱点。 当你在寻找一个更私人的解决方案时,你应该确定根本的问题是什么,并为这个问题找到技术解决方案。 例如您可能希望避免使用Google云端硬盘因为它允许Google访问您的所有数据。 The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like Cryptomator) which provides E2EE on any cloud provider. 转换到一个 "注重隐私 "的供应商不实施E2EE并不能解决你的问题它只是将信任从谷歌转移到该供应商。
-
"@type": Question
name: How complicated should my threat model be?
acceptedAnswer:
"@type": Answer
text: |
我们经常看到人们描述的隐私威胁模型过于复杂。 通常情况下,这些解决方案包括许多不同的电子邮件账户或有许多移动部件和条件的复杂设置等问题。 The replies are usually answers to "What is the best way to do X?"
为自己寻找 "最佳 "解决方案并不一定意味着你要追求一个有几十种条件的无懈可击的解决方案--这些解决方案往往难以现实地发挥作用。 正如我们之前所讨论的,安全往往是以便利为代价的。
---
## “开源软件始终是安全的”或“专有软件更安全”
这些神话源于一些偏见,但软件产品的来源和许可并不以任何方式内在地影响其安全性。 ==开源软件 *有可能* 比专有软件更安全, 但对于这一点没有绝对保证。== 在你评估软件时,需要去逐一检查每个工具的声誉和安全性。
</em> 开源软件 *,可以由第三方进行审计,而且通常比专有的同类软件对潜在的漏洞更加透明。 它还允许你审查代码并禁用你自己发现的任何可疑功能。 然而, *,除非你这样做*,否则不能保证代码曾经被评估过,特别是对于较小的软件项目。 开放的开发过程有时也被利用,甚至在大型项目中引入新的漏洞。[^1]</p>
从另一个角度看,专利软件的透明度较低,但这并不意味着它不安全。 主要的专利软件项目可以由内部和第三方机构进行审计,而独立的安全研究人员仍然可以通过逆向工程等技术找到漏洞。
为了避免决策出现偏差, *,你要评估你所使用的软件的隐私和安全标准,这一点至关重要*
## "转移信任可以增加隐私"
在讨论像VPN这样的解决方案时我们经常谈到 "转移信任"它将你对ISP的信任转移到VPN供应商身上。 虽然这可以保护你的浏览数据不被你的ISP *,特别是*但你选择的VPN供应商仍然可以访问你的浏览数据。你的数据并不是完全不受各方保护的。 这意味着:
1. 在选择将信任转移给一个供应商时,你必须谨慎行事。
2. 你仍然应该使用其他技术如E2EE来完全保护你的数据。 仅仅是不信任一个供应商而信任另一个供应商,并不能保证你的数据安全。
## "以隐私为重点的解决方案本质上是值得信赖的"
仅仅关注一个工具或供应商的隐私政策和营销,会让你看不到它的弱点。 当你在寻找一个更私人的解决方案时,你应该确定根本的问题是什么,并为这个问题找到技术解决方案。 例如您可能希望避免使用Google云端硬盘因为它允许Google访问您的所有数据。 这种情况下的根本问题是缺乏E2EE所以你应该确保你切换到的供应商确实实现了E2EE或者使用一个工具如 [Cryptomator](../encryption.md#cryptomator-cloud)在任何云供应商上提供E2EE。 转换到一个 "注重隐私 "的供应商不实施E2EE并不能解决你的问题它只是将信任从谷歌转移到该供应商。
你所选择的供应商的隐私政策和商业惯例是非常重要的,但应该被认为是次要的,因为对你的隐私的技术保证。当信任一个供应商根本不是一个要求时,你不应该把信任转移到另一个供应商身上。
## "复杂的是更好的"
我们经常看到人们描述的隐私威胁模型过于复杂。 通常情况下,这些解决方案包括许多不同的电子邮件账户或有许多移动部件和条件的复杂设置等问题。 答案通常是“做 *×*的最佳方式是什么?”。
为自己寻找 "最佳 "解决方案并不一定意味着你要追求一个有几十种条件的无懈可击的解决方案--这些解决方案往往难以现实地发挥作用。 正如我们之前所讨论的,安全往往是以便利为代价的。 下面,我们提供一些提示。
1. ==行动需要服务于一个特定的目的:==思考如何用最少的行动完成你想要的东西。
2. ==消除人类的失败点:==我们会失败,会累,会忘记事情。 为了维护安全,避免依赖你必须记住的手动条件和流程。
3. ==为你的意图使用正确的保护水平。==我们经常看到所谓的执法或防传唤解决方案的建议。 这些往往需要专业知识,通常不是人们想要的。 如果你可以通过一个简单的疏忽轻易地去掉匿名,那么为匿名建立一个复杂的威胁模型就没有意义。
那么,如何看待这个问题?
最清晰的威胁模型之一是,部分人*,知道你是谁* ,而另一部分人不知道。 总有一些情况下你必须申报你的合法姓名,也有一些情况下你不需要这样做。
1. **已知身份** - 已知身份是用于必须申报姓名的事情。 有许多法律文件和合同都需要合法身份。 这可能包括开设银行账户、签署房产租赁合同、获得护照、进口物品时的海关申报,或以其他方式与你的政府打交道。 这些东西通常会导致信用卡、信用等级检查、账户号码,以及可能的实际地址等凭证。
我们不建议使用VPN或Tor来做这些事情因为你的身份已经通过其他方式被了解。
!!! tip
网购时,使用[快递柜](https://en.wikipedia.org/wiki/Parcel_locker)可以帮助你保持实际住址的隐私。
2. **未知身份** -未知身份可能是您经常使用的稳定化名。 它不是匿名的,因为它没有变化。 如果你是一个网络社区的一部分,你可能希望保留一个别人知道的角色。 这个化名不是匿名的,因为如果监测的时间足够长,关于主人的细节可以揭示进一步的信息,如他们的写作方式,他们对感兴趣的话题的一般知识,等等。
你可能希望为此使用VPN以掩盖你的IP地址。 金融交易更难掩盖。你可以考虑使用匿名的加密货币,如 [Monero](https://www.getmonero.org/)。 采用altcoin转移也可能有助于掩盖你的货币来源。 通常情况下交易所需要完成KYC了解你的客户然后才允许你将法币兑换成任何种类的加密货币。 当地见面会选项也可能是一种解决方案;然而这些往往更昂贵有时也需要KYC。
3. **匿名身份** - 即使有经验,匿名身份也很难长期维持。 它们应该是短期和短命的身份,定期轮换。
使用Tor可以帮助解决这个问题。 还值得注意的是,通过异步通信可以实现更大的匿名性。实时通信容易受到打字模式的分析(即超过一段文字,在论坛上分发,通过电子邮件等)。
[^1]: 其中一个明显的例子是 [2021年明尼苏达大学的研究人员将三个漏洞引入了Linux内核开发项目的事件](https://cse.umn.edu/cs/linux-incident)。

148
i18n/zh/basics/common-threats.md Normal file
View File

@@ -0,0 +1,148 @@
---
title: "常见威胁"
icon: '资料/视野'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
---
广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性== 你应该使用的工具和服务取决于你的目标。 你可能也有这些类别之外的特定威胁,这完全可以! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。
- <span class="pg-purple">:material-incognito: 匿名性</span> - 隔离你的线上活动和你的真实身份, 特别是要保护 *你的* 身份不被人揭露。
- <span class="pg-red">:material-target-account: 定向攻击</span> -防御专业黑客或恶意代理人获得,特别是 *你的* 数据或设备的访问权。
- <span class="pg-orange">:material-bug-outline: 被动攻击</span> - 防御诸如恶意软件、数据泄露和其他一些同时针对许多人的攻击。
- <span class="pg-teal">:material-server-network: 服务供应商</span> - 保护您的数据不受服务供应商的影响,例如,通过端到端加密使您的数据无法被服务器读取。
- <span class="pg-blue">:material-eye-outline: 大规模监控</span> - 防止政府机构、组织、网站和服务联合起来共同追踪你的活动。
- <span class="pg-brown">:material-account-cash: 监视资本主义</span> - 保护自己不受谷歌和Facebook等大型广告网络以及其他无数第三方数据收集者的影响
- <span class="pg-green">:material-account-search: 公开曝光</span> - 限制搜索引擎或一般公众在线访问到关于你的信息的能力。
- <span class="pg-blue-gray">:material-close-outline: 审查</span> - 避免信息的获取受到审查或者在网上的发言被审查。
其中一些威胁可能比其他威胁更重要,具体取决于您的关注点。 例如,一个能接触到有价值或关键数据的软件开发者可能主要关注 <span class="pg-red">:material-target-account: 定向攻击</span>,但除此之外,他们可能仍然希望保护自己的个人数据不被卷进 <span class="pg-blue">:material-eye-outline: 大规模监控</span> 计划。 同样,"普通人 "可能主要关心他们的个人数据的 <span class="pg-green">:material-account-search: ,公开曝光</span> ,但他们仍应警惕那些侧重于安全的问题,比如<span class="pg-orange">:material-bug-outline: ,被动攻击</span>,就像那些会影响到设备的恶意软件 。
## 匿名与隐私
<span class="pg-purple">:material-incognito: 匿名性</span>
匿名和隐私经常被混淆,但这是两个截然不同的概念。 隐私是你对如何使用和分享你的数据所做的一系列选择,而匿名则是将你的在线活动与你的现实生活身份完全脱离关系。
例如,举报人和记者可能会有一个相对极端的威胁模型,需要完全匿名。 这不仅是在隐藏他们所做的事情,他们有哪些数据,不被黑客或政府入侵,而且还完全隐藏他们是谁。 这意味着为了保护他们的匿名性、隐私或安全,他们可以牺牲任何形式的便利,因为他们的生命可能依赖于前者。 大多数普通人都不需要去这样做。
## 安全和隐私
<span class="pg-orange">:material-bug-outline: 被动攻击</span>
安全和隐私经常被混为一谈,因为你需要安全来获得任何形式的隐私。如果这些工具可以很容易地被攻击者利用并随后泄漏你的数据,那么无论再怎么看似隐私都无济于事。 然而,反之亦然;世界上最安全的服务 *不一定是* 私密的。 这方面最好的例子是将数据托付给谷歌,鉴于其规模,谷歌能够通过雇用行业领先的安全专家来保护他们的基础设施,从而最大限度地减少了安全事件。 尽管谷歌提供了非常安全的服务,但很少有人会认为他们在谷歌的免费消费者产品(Gmail、YouTube等) 中的数据是私有的。
当涉及到应用程序安全时,我们通常不知道(有时甚至无法知道)我们使用的软件是否是恶意的,或者在未来的某一天会不会变成恶意的。 即使是最值得信赖的开发人员,通常也不能保证他们的软件没有可能在以后被利用的严重漏洞。
为了最大限度地减少恶意软件可能造成的损害,您应该采用隔离方式进行安全防护。 这可以是使用不同的计算机进行不同的工作,使用虚拟机来分离不同的相关应用程序组,或者使用一个安全的操作系统,重点是要有应用程序沙盒和强制性的访问控制。
!!! tip
在应用程序沙盒方面,移动操作系统通常比桌面操作系统更安全。
应用程序无法获得根访问权限,只能访问您授予它们访问权限的系统资源。 桌面操作系统在成熟的沙箱方面通常比较落后。 ChromeOS具有与安卓类似的沙盒属性而macOS具有完整的系统权限控制和针对开发者可选的应用程序沙盒然而这些操作系统的确会将识别信息传输给各自的OEM。 Linux倾向于不向系统供应商提交信息但它对漏洞和恶意应用程序的保护很差。 这一点可以通过大量使用虚拟机或容器的专门发行版如Qubes OS得到一定程度的缓解。
<span class="pg-red">:material-target-account: 定向攻击</span>
针对特定用户的有针对性的攻击更加难以处理。 常见的攻击途径包括通过电子邮件发送恶意文件,利用浏览器和操作系统的漏洞,以及物理攻击。 如果您担心这一点,则可能需要采用更高级的威胁缓解策略。
!!! tip
**网络浏览器**、**电子邮件客户端**和**办公应用程序**在设计上通常都运行源自第三方的不可信代码。 运行多个虚拟机来将此类应用程序从主机系统中分离出来,以及彼此分离,是您可以使用的一种技术,以避免这些应用程序中的漏洞被利用,危及系统的其余部分。 例如Qubes OS或Windows上的Microsoft Defender Application Guard等技术提供了无缝执行此操作的便捷方法。
如果你担心 **物理攻击** 你应该使用具有安全验证启动实现的操作系统如Android、iOS、macOS、 [Windows带TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process)。 你还应该确保你的驱动器是加密的并且操作系统使用TPM或安全 [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) 或 [Element](https://developers.google.com/android/security/android-ready-se) ,以限制输入加密口令的重试速率。 你应该避免与你不信任的人分享你的电脑,因为大多数桌面操作系统没有按用户单独加密数据。
## 来自服务提供商的隐私
<span class="pg-teal">:material-server-network: 服务提供商</span>
我们生活在一个几乎所有东西都与互联网相连的世界里。 我们的 "私人 "信息、电子邮件、社交互动通常存储在某个服务器上。 通常,当您向某人发送消息时,该消息会存储在服务器上,当您的朋友想要阅读该消息时,服务器会将其显示给他们。
这样做的明显问题是,服务提供商(或入侵服务器的黑客)可以随时随地查看你的 "私人 "对话,而你却对此一无所知。 这适用于许多常见服务如短信、Telegram、Discord等。
值得庆幸的是,可以通过在发送到服务器之前就对您与收件人之间的通信进行端到端加密来缓解此问题。 只要服务提供者不能获得任何一方的私钥,就能保证你的信息的保密性。
!!! 注释“关于基于web的加密的说明”
在实践中,不同的端到端加密实现的有效性各不相同。 [Signal](../real-time-communication.mdsignal)这类应用程序在您的设备本地运行,并且应用程序副本在不同的安装下保持相同。 如果服务提供商在他们的应用程序中设置后门,试图窃取你的私钥,这可以在未来通过逆向工程检测出来。
另一方面基于Web的端到端加密实现如Proton Mail的webmail或Bitwarden的web vault依赖于服务器动态地向浏览器提供JavaScript代码来处理加密操作。 一个恶意的服务器可以针对一个特定的用户向他们发送恶意的JavaScript代码来窃取他们的加密密钥而用户是很难注意到这样的事情的。 即使用户注意到有人试图窃取他们的密钥,也很难证明是提供商试图这样做,因为服务器可以选择向不同的用户提供不同的网络客户端。
因此,当依赖端到端加密时,你应该尽可能选择使用本地应用程序而不是网络客户端。
即使有端对端加密,服务提供商仍然可以根据 **元数据**,对你进行剖析,而这些元数据通常不受保护。 虽然服务提供商无法阅读您的消息以查看您所说的内容,但他们仍然可以观察到您正在与谁通话、您给他们发送消息的频率以及您通常活跃的时间等情况。 对元数据的保护是相当不常见的,如果你关心这一点,应该密切关注你所使用的软件的技术文档,看看是否有任何元数据最小化或保护。
## 大规模监控计划
<span class="pg-blue">:material-eye-outline: 大规模监控</span>
大规模监控是指对许多或所有特定人群进行监控的工作。 它通常是指像[Edward Snowden在2013披露](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))的那一类政府项目。
!!! 摘要“监测地图”
如果你想了解更多关于监视方法以及它们在你的城市是如何实施的,你也可以看看[电子前沿基金会](https://atlasofsurveillance.org/)的[监视地图]。
In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
政府经常为大规模监控项目辩护,认为这是打击恐怖主义和防止犯罪的必要手段。 然而,它侵犯人权,最常被用来不成比例地针对少数群体和持不同政见者等。
!!! 引用 "美国公民自由联盟。 [*9/11的隐私教训。大规模监控不是前进的方向*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
面对[爱德华-斯诺登披露的政府项目,如 [PRISM]https://en.wikipedia.org/wiki/PRISM和 [Upstream]https://en.wikipedia.org/wiki/Upstream_collection],情报官员也承认,国家安全局多年来一直在秘密收集几乎每个美国人的电话记录--谁在给谁打电话,这些电话是什么时候打的,以及它们持续多长时间。 你应该考虑你的对手能观察到网络的哪些方面,以及你的行动是否有合理的可否认性。
尽管美国的大规模监控越来越多但政府发现像第215条这样的大规模监控计划在阻止实际犯罪或恐怖主义阴谋方面 "没有什么独特的价值",其努力主要是重复联邦调查局自己的目标监控计划。[^2]
尽管美国的大规模监控越来越多但政府发现像第215条这样的大规模监控计划在阻止实际犯罪或恐怖主义阴谋方面 "没有什么独特的价值",这份工作基本上只是在重复联邦调查局本身的目标监控计划。[^1]
- 你的IP地址
- 浏览器 Cookie
- 你提交给网站的数据
- 你的浏览器或设备指纹
- 支付方式的关联
\ [此列表并非详尽无遗]。
如果你担心大规模的监控项目,你可以使用一些策略,比如将你的在线身份进行分隔,与其他用户混在一起,或者尽可能地避免提供身份信息。
<span class="pg-brown">:material-account-cash: 监视资本主义</span>
> 监视资本主义是一种以获取个人数据和将个人数据商品化为核心,从而以此营利的经济体系。[^2]
确保您的数据私密性的最佳方法是首先不要将其放在外面。 删除你在网上发现的关于自己的信息是你为了恢复隐私可以采取的最佳初步措施之一。 使用内容拦截器等工具来限制对其服务器的网络请求,并阅读你使用的服务的隐私政策,可以帮助你避免许多基本的对手(尽管它不能完全防止跟踪)。[^4]
在你分享信息的网站上,检查你账户的隐私设置以限制该数据的传播范围是非常重要的。 例如,如果您的帐户具有“隐私模式” ,请启用此功能以确保您的帐户不会被搜索引擎索引,并且不会被未经您事先审核的人查看。 对企业数据收集最有力的保护是尽可能地加密或混淆你的数据,使不同的供应商难以将数据相互关联并建立你的档案。
## 限制公共信息
<span class="pg-green">:material-account-search: 公开曝光</span>
保持数据私密性的最佳方法是首先不要将其公开。 删除你在网上发现的不需要的信息是你可以采取的最好的第一步,以重新获得你的隐私。
- [查看我们的账户删除指南 :material-arrow-right-drop-circle:](account-deletion.md)
极权主义政府、网络管理员和服务提供商都可以在不同程度上进行在线审查,以控制用户的言论和用户可以获得的信息。 这些过滤互联网的行为将永远与言论自由的理想不相容。
随着Twitter和Facebook等平台对公众需求、市场压力和政府机构的压力做出让步企业平台的审查制度也越来越普遍。 政府可以向企业隐蔽,例如白宫 [要求删除](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) 某个挑衅性的YouTube视频也可以是公开的例如中国政府要求企业遵守严格的审查制度。
## 避免审查
<span class="pg-blue-gray">:material-close-outline: 审查</span>
包括极权主义政府、网络管理员和服务提供商在内的行为者都可以(在不同程度上)进行网上审查。 这些控制通讯和限制获取信息的努力,总是与言论自由的人权不相容。[^5]
企业平台的审查制度越来越普遍因为像Twitter和Facebook这样的平台屈服于公众需求、市场压力和政府机构的压力。 政府可以向企业隐蔽,例如白宫 [要求删除](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) 某个挑衅性的YouTube视频也可以是公开的例如中国政府要求企业遵守严格的审查制度。
关注审查制度威胁的人可以使用像 [Tor](../advanced/tor-overview.md) 这样的技术来规避审查制度,并支持像 [Matrix](../real-time-communication.md#element)这样的抗审查通信平台,该平台没有一个可以任意关闭账户的集中式账户管理机构。
!!! tip
虽然逃避审查本身很容易,但隐藏你正在做的事实可能非常有问题。
你应该考虑你的对手可以观察到网络的哪些方面,以及你的行动是否有合理的可否认性。 例如,使用[加密DNS](.../advanced/dns-overview.md#what-is-encrypted-dns)可以帮助你绕过初级的、基于DNS的审查系统但它不能真正向ISP隐藏你正在访问的内容。 VPN或Tor可以帮助向网络管理员隐藏你正在访问的内容但不能隐藏你首先在使用这些网络。 可插拔的传输工具如Obfs4proxy、Meek或Shadowsocks可以帮助你逃避阻挡普通VPN协议或Tor的防火墙但你的规避尝试仍然可以被探测或[深度包检查](https://en.wikipedia.org/wiki/Deep_packet_inspection)等方法发现。
你必须始终考虑试图绕过审查制度的风险,潜在的后果,以及你的对手可能有多复杂。 你应该谨慎地选择软件,并有一个备份计划,以防被发现。
[^1]: 美国隐私和公民自由监督委员会。 [关于根据第215条进行的电话记录计划的报告](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^2]: 维基百科: [监控资本主义](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^3]: 维基百科。 [*监视资本主义*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^4]: "[列举坏事](https://www.ranum.com/security/computer_security/editorials/dumb/)"(或 "列出我们知道的所有坏事"),正如许多广告拦截器和防病毒程序所做的那样,无法充分保护你免受新的和未知的威胁,因为它们还没有被添加到过滤器列表中。 你还应该采用其他缓解技术。
[^5]: 联合国。 [*世界人权宣言》*](https://www.un.org/en/about-us/universal-declaration-of-human-rights)。

41
i18n/zh/basics/email-security.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: 电子邮件安全
icon: material/email
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
---
电子邮件在默认情况下是一种不安全的通信形式。 你可以用OpenPGP等工具来提高你的电子邮件的安全性这些工具为你的邮件增加了端对端加密功能但OpenPGP与其他消息应用程序的加密相比仍有一些缺点而且由于电子邮件的设计方式一些电子邮件数据永远无法得到固有的加密。
因此,电子邮件最好用于接收来自你在线注册的服务的交易性邮件(如通知、验证邮件、密码重置等),而不是用于与他人交流。
## 电子邮件加密概述
在不同的电邮供应商之间为电子邮件添加端到端加密的标准方法是使用OpenPGP。 OpenPGP标准有不同的实现方式最常见的是 [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) 和 [OpenPGP.js](https://openpgpjs.org)。
有另一种标准受到商业界的欢迎,称为 [S/MIME](https://en.wikipedia.org/wiki/S/MIME),然而,它需要一个由 [证书颁发机构](https://en.wikipedia.org/wiki/Certificate_authority) 不是所有的证书颁发机构都颁发S/MIME证书颁发的证书。 它在 [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) 和 [Outlook for Web 或 Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480)得到支持。
即使你使用OpenPGP它也不支持 [前向加密](https://en.wikipedia.org/wiki/Forward_secrecy),这意味着如果你或收件人的私钥被盗,所有在之前使用它加密的信息都将被暴露。 这就是为什么我们推荐 [即时通讯工具](../real-time-communication.md) ,比起电子邮件,它尽可能更好地在人与人之间的通信中实现前向保密性。
### 哪些电子邮件客户端支持端到端加密?
允许你使用IMAP和SMTP等标准访问协议的电子邮件提供商可以与我们推荐的任何 [电子邮件客户端一起使用](../email-clients.md)。 根据认证方法如果供应商或电子邮件客户端不支持OATH或桥接应用这可能会导致安全性下降因为 [多因素认证](/basics/multi-factor-authentication/) ,不可能使用普通密码认证。
### 我如何保护我的私钥?
智能卡(如 [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) 或 [Nitrokey](https://www.nitrokey.com))通过从运行电子邮件/网络邮件客户端的设备(手机、平板电脑、计算机等)接收加密的电子邮件信息来工作。 然后,该信息被智能卡解密,解密后的内容被送回设备。
在智能卡上进行解密是很有利的,这样可以避免将你的私钥暴露给某个被攻破的设备。
## 电子邮件元数据概述
电子邮件元数据存储在电子邮件的 [信息标题](https://en.wikipedia.org/wiki/Email#Message_header) ,包括一些你可能已经看到的可见标题,如: `To`, `From`, `Cc`, `Date`, `Subject`。 许多电子邮件客户和供应商还包括一些隐藏的标题,可以揭示有关你的账户的信息。
客户端软件可以使用电子邮件元数据来显示信息来自谁,以及什么时间收到的。 服务器可能使用它来确定电子邮件必须发送到哪里,其中还有一些不那么透明的 [其他目的](https://en.wikipedia.org/wiki/Email#Message_header) 。
### 谁可以查看电子邮件元数据?
电子邮件元数据通过 [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) ,保护其不受外界观察者的影响,但它仍然能够被你的电子邮件客户端软件(或网络邮件)和任何将你的信息转发给任何收件人(包括你的电子邮件供应商)的服务器看到。 有时,电子邮件服务器也会使用第三方服务来防止垃圾邮件,这些服务一般也能接触到你的邮件。
### 为什么元数据不能被端到端加密?
电子邮件元数据对于电子邮件最基本的功能(它从哪里来,又要到哪里去)至关重要。 E2EE最初没有内置于电子邮件协议中而是需要像OpenPGP这样的附加软件。 因为OpenPGP信息仍然要与传统的电子邮件供应商合作它不能对电子邮件元数据进行加密只能对信息主体本身进行加密。 这意味着即使使用OpenPGP外部观察者也可以看到你的信息的很多信息如你给谁发电子邮件主题行你什么时候发电子邮件等等。

165
i18n/zh/basics/multi-factor-authentication.md Normal file
View File

@@ -0,0 +1,165 @@
---
title: "多因认证"
icon: '资料/双因认证'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
---
**多因素认证** 是一种安全机制,除了输入用户名(或电子邮件)和密码外,还需要其他步骤。 最常见的方法可能是你需要从短信或应用程序中收到限时代码。
通常,如果黑客(或对手)能够找出您的密码,那么他们就能够访问密码所属的帐户。 有MFA的账户迫使黑客同时拥有密码你 *知道*的东西)和你的设备(你 *拥有*的东西),比如你的手机。
MFA方法的安全性各不相同但都是基于同样的前提攻击者越是难以攻破的MFA方法就越好。 举例说来MFA方法按由弱到强的顺序包括短信、电子邮件代码、应用程序推送通知、TOTP、Yubico OTP和FIDO。
## MFA方法的比较
### 短信或电子邮件MFA
通过短信或电子邮件接收OTP代码这种MFA方法保护帐户的力度比较弱。 通过电子邮件或短信获取代码会破坏掉“你 *拥有*”这个理念, 因为黑客可以通过各种方式 [接管您的电话号码](https://en.wikipedia.org/wiki/SIM_swap_scam) 或者获得您的电子邮件访问权限,而根本不需要实际访问您的设备。 如果一个未经授权的人得以进入你的电子邮箱,他们将能够重设你的密码并且获得验证码,这会让他们完全掌控你的账户。
### 推送通知
推送通知进行MFA的形式是向你手机上的应用程序发送一条信息要求你确认新账户的登录。 这种方法比短信或电子邮件好得多,因为如果没有已经登录的设备,攻击者通常无法获得这些推送通知,这意味着他们需要先攻破你的其他设备之一。
我们都会犯错,您有可能会不小心地接受登录尝试。 推送通知登录授权通常一次发送至您 *所有* 的设备如果您有许多设备会扩大MFA代码的可用性。
推送通知MFA的安全性既取决于应用程序的质量也取决于服务组件以及你有多信任该应用程序的开发者。 安装这样一个应用程序可能也会要求你授予侵入性的权限,比如允许访问你设备上的其他数据。 不同于好的TOTP生成器应用程序个别应用程序还需要你为每项服务准备一个特定的应用程序而且可能不需要密码就可以打开。
### 基于时间的一次性密码TOTP
TOTP是目前最常见的MFA形式之一。 当你设置TOTP时一般要求你扫描一个 [二维码](https://en.wikipedia.org/wiki/QR_code) ,与你打算使用的服务建立一个"[共享密钥](https://en.wikipedia.org/wiki/Shared_secret)" 。 共享密钥在身份验证器应用程序的数据中得到保护,有时还会受到密码保护。
然后,时限代码可以由共享密钥和当前时间派生。 由于代码只在很短的时间内有效,在无法获得共享密钥的情况下,对手无法生成新的代码。
如果你有一个支持TOTP的硬件安全密钥如YubiKey与 [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)),我们建议你将 "共享密钥 "存储在硬件上。 YubiKey等硬件正是为了使 "共享密钥 "难以提取和复制而开发的。 YubiKey也没有连接到互联网这与带有TOTP应用程序的手机不同。
与 [WebAuthn](#fido-fast-identity-online)不同TOTP不提供对 [网络钓鱼](https://en.wikipedia.org/wiki/Phishing) 或重放攻击的保护。 如果对手从你那里获得一个有效的代码他们可以随意使用直到它过期一般为60秒
对手可以建立一个网站来模仿官方服务试图欺骗你提供你的用户名、密码和当前的TOTP代码。 如果对手随后使用这些记录下来的凭证,他们可能能够登录到真正的服务并劫持该账户。
虽然不完美但TOTP对大多数人来说是足够安全的即使不支持使用 [硬件安全密钥](/multi-factor-authentication/#hardware-security-keys) 一个[认证器应用程序](/multi-factor-authentication/#authenticator-apps) 仍然是一个不错的选择。
### 硬件安全密钥
YubiKey将数据存储在防篡改的固态芯片上如果不经过昂贵的实验室级别的取证程序用非破坏性的方式是 [不可获取的](https://security.stackexchange.com/a/245772)。
这些密钥通常是多功能的,并提供许多验证方法。 以下是最常见的几种情况。
#### Yubico OTP
Yubico OTP是一种通常在硬件安全密钥中实现的认证协议。 当你决定使用Yubico OTP时密钥将产生一个公共ID、一个私人ID和一个密钥然后上传到Yubico OTP服务器。
在登录网站时,你所需要做的就是用物理方式触摸安全钥匙。 安全键将模拟键盘,并将一次性密码打印到密码区。
然后该服务将把一次性密码转发给Yubico OTP服务器进行验证。 在密钥和Yubico的验证服务器上都会递增计数器。 OTP只能使用一次当认证成功后计数器会增加这可以防止OTP的重复使用。 Yubico提供了一份关于这个过程的 [详细文件](https://developers.yubico.com/OTP/OTPs_Explained.html) 。
<figure markdown>
![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png)
</figure>
与TOTP相比使用Yubico OTP有一些好处和坏处。
Yubico验证服务器是一个基于云的服务你需要相信Yubico在安全地存储数据而不是对你进行分析。 与Yubico OTP相关的公共ID在每个网站上都被复用这可能有助于第三方对你进行行为素描。 与TOTP一样Yubico OTP不提供防钓鱼功能。
如果你的威胁模型要求你为不同的网站准备不同的身份, **,不要** 在这些网站上使用有相同的硬件安全密钥的Yubico OTP因为每个安全密钥具有唯一的公共ID。
#### FIDO快速在线身份认证
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) 包括许多标准首先是U2F后来是 [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) 其中包括web标准 [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)。
U2F和FIDO2指的是 [客户端到验证器协议](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol),这是安全密钥和计算机(如笔记本电脑或手机)之间的协议。 它带有WebAuthn作为补充WebAuthn是用来对你试图登录的网站"信赖方")进行认证的组件。
WebAuthn是第二因素身份验证中的最安全、最私密的形式。 虽然身份验证体验类似于Yubico OTP ,但密钥不会打印一次性密码并使用第三方服务器进行验证。 相反,它使用 [公钥加密技术](https://en.wikipedia.org/wiki/Public-key_cryptography) 进行认证。
<figure markdown>
![FIDO](../assets/img/multi-factor-authentication/fido.png)
</figure>
当你创建一个账户时,公钥被发送到该服务,然后当你登录时,该服务将要求你用你的私钥 "签署 "一些数据。 这样做的好处是,服务中没有存储任何密码数据,因此没有任何东西可供对手窃取。
这个演示文稿讨论了密码身份验证的历史、隐患如密码复用以及FIDO2和 [WebAuthn](https://webauthn.guide) 标准的相关内容。
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/aMo4ZlWznao?local=true" title="FIDO2和WebAuthn如何阻止账户被接管" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
与任何MFA方法相比 FIDO2和WebAuthn都具有更加卓越的安全性和隐私性。
通常对于web服务使用的WebAuthn是 [W3C建议](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))的一部分。 它使用公钥身份验证比Yubico OTP和TOTP方法中使用的共享密文更安全因为它包括身份验证期间的来源名称通常是域名。 提供认证是为了保护您免受网络钓鱼攻击,因为它可以帮助您确定您使用的是真实的服务,而不是伪造的副本。
与Yubico OTP不同 WebAuthn不使用任何公共ID ,因此密钥 **不能** 在不同的网站之间被识别。 它也不使用任何第三方云服务器进行认证。 所有的通信都是在钥匙和你正在登录的网站之间完成的。 FIDO还有会在使用时递增的计数器以防止会话复用和密钥克隆。
如果一个网站或服务支持WebAuthn的认证强烈建议你使用它而不是任何其他形式的MFA。
## 一般建议
我们提出以下一般性建议:
### 我应该选择哪种方法?
当配置你的MFA方法时请记住它的安全程度只相当于你所用的最弱的那种方法。 这意味着您必须仅使用最佳的MFA方法。 例如如果你已经在使用TOTP你应该禁用电子邮件和短信MFA。 如果你已经在用FIDO2/WebAuthn就不应该再在你的账户上同时使用Yubico OTP或TOTP。
### 备份
你应该始终为你的MFA方法准备备份。 硬件安全钥匙可能会丢失、被盗或仅仅是随着时间的推移停止工作。 建议你准备一对而不是仅一个硬件安全钥匙,它们要对你的账户有相同的访问权限。
当使用TOTP和验证器应用程序时请确保备份您的恢复密钥或应用程序本身或将 "共享密文"复制到不同手机上的另一个应用程序实例或加密容器中(例如 [VeraCrypt](../encryption.md#veracrypt))。
### 初始设置
购买安全密钥时,请务必更改默认凭据,为密钥设置密码保护,并在密钥支持时启用触摸确认。 像YubiKey这样的产品有多个接口每个接口都有独立的证书所以你应该去检查每个接口并为它们全都设置保护。
### 电子邮件和短信
如果你必须使用电子邮件进行MFA请确保电子邮件账户本身有适当的MFA方法来保护。
如果您使用短信MFA 请使用那些不允许未经授权的电话号码切换的运营商或使用提供类似安全性的专用VoIP号码以避免 [SIM交换攻击](https://en.wikipedia.org/wiki/SIM_swap_scam)。
[我们推荐的MFA工具](../multi-factor-authentication.md ""){.md-button}
## MFA适用的更多场合
除了保护你的网站登录之外多因素认证还可以用来保护你的本地登录、SSH密钥甚至是密码数据库。
### Windows 系统
Yubico有一个专用的 [凭据提供程序](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) 为本地Windows帐户的用户名+密码登录流程添加质询-响应身份验证步骤。 如果你有一个支持质询-响应验证的YubiKey, 请看 [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), 该指南允许您在Windows计算机上设置MFA
### mac系统
macOS [原生支持](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 使用智能卡PIV进行认证。 如果你有一张支持PIV接口的智能卡或硬件安全钥匙如YubiKey我们建议你按照你的智能卡/硬件安全供应商的文档为你的macOS电脑设置第二要素认证。
Yubico有一个指南 [在macOS中把YubiKey作为智能卡使用](https://support.yubico.com/hc/en-us/articles/360016649059) 可以帮助你在macOS上设置YubiKey。
设置智能卡/安全密钥后,我们建议在终端中运行此命令:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
```
该命令将阻止对手在计算机启动时绕过MFA。
### Linux系统
!!! 推荐
如果你的系统的主机名改变了如由于DHCP的原因你将无法登录。 在遵循本指南之前,为您的计算机设置正确的主机名至关重要。
Linux上的 `pam_u2f` 模块可以在大多数流行的Linux发行版上为登录提供双因素认证。 如果你有一个支持U2F的硬件安全密钥你可以为你的登录设置MFA认证。 Yubico有一个指南 [Ubuntu Linux登录指南 - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) ,它应该适用于任何发行版。 然而,软件包管理器的命令--如 `apt-get`--和软件包名称可能不同。 本指南 **不** 适用于Qubes OS。
### Qubes操作系统
Qubes OS支持使用YubiKeys进行质询-响应身份验证。 如果您有一个支持质询-响应身份验证的YubiKey如果您想在Qubes OS上设置MFA请查看Qubes OS的 [YubiKey文档](https://www.qubes-os.org/doc/yubikey/)。
### SSH
#### 硬件安全密钥
可以用多种不同的流行的硬件安全密钥验证方法来设置SSH MFA。 我们建议你查看Yubico的 [文档](https://developers.yubico.com/SSH/) 了解如何设置。
#### 基于时间的一次性密码TOTP
SSH MFA也可以使用TOTP进行设置。 DigitalOcean提供了一个教程 [如何在Ubuntu 20.04上为SSH设置多因素认证](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04)。 无论哪个发行版,大多数东西都应该是一样的,但是软件包管理器命令--例如 `apt-get`--和软件包名称可能不同。
### KeePass (和KeePassXC)
KeePass和KeePassXC数据库可以使用质询响应或HOTP作为第二因素身份验证进行保护。 Yubico为KeePass提供了一份文件 [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) ,在 [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) 网站上也有一份。

111
i18n/zh/basics/passwords-overview.md Normal file
View File

@@ -0,0 +1,111 @@
---
title: "密码简介"
icon: 'material/form-textbox-password'
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
---
密码是我们日常数字生活的重要组成部分。 我们用它们来保护我们的账户、我们的设备和我们的秘密。 尽管密码可能是挡在觊觎我们私人信息的对手前的唯一屏障,但人们并没有在密码上花很多心思,这往往导致使用的密码很容易被猜出或被破解。
## 最佳实践
### 为每项服务使用独立的密码
想象一下;你用同一个电子邮件和相同的密码在 注册了多个在线服务的账户。 只要这些服务提供商有一个是恶意的,或者他们的服务出现数据泄露,使你的密码以明文形式暴露出来,那么坏人只需要在多个流行的服务中尝试这个电子邮件和密码的组合,就能得手。 密码有多强根本不重要,因为那个密码他们已经拿到了。
这被称为[凭据填充](https://en.wikipedia.org/wiki/Credential_stuffing), 这也是坏人攻破你帐户的最常见方式之一。 为了避免这种情况,确保你从不复用你的密码。
### 使用随机生成的密码
==你 **绝不**应该依靠自己去想出一个好密码 == 我们建议使用[随机生成的密码](#passwords) 或者 [diceware短语](#diceware) ,它们的熵值需要足够大,才能保护你的帐户和设备。
所有我们 [推荐的密码管理器](../passwords.md) 都有一个你可以使用的内置密码生成器。
### 轮换密码
除非你有理由相信它已被泄露,否则应避免过于频繁地更改你必须记住的密码(比如密码管理器的主密码),因为过于频繁地更改密码提高了你忘记密码的风险。
而那些你不需要记住的密码(如存储在密码管理器内的密码),如果你的 [威胁模型](threat-modeling.md) 有需求,我们建议每隔几个月对重要账户(尤其是不使用多因认证的账户)进行检查并更改其密码,以防它们在尚未公开的数据泄露事件中被泄露。 大多数密码管理器允许你为你的密码设置一个到期日,使之更容易管理。
!!! 提示 "检查数据泄露情况"
如果你的密码管理器允许你检查被泄露的密码,请确保这样做,并及时更改任何可能在数据泄露中被泄露的密码。 你还可以在[新闻聚合器](.../news-aggregators.md)的帮助下关注[Have I Been Pwned's Latest Breaches feed]https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches
## 创建强密码
### 密码
很多服务在涉及到密码时都有一定的标准,包括最小或最大长度,以及可以使用哪些特殊字符(如果有的话)。 你应该使用你的密码管理器的内置密码生成器,通过包括大写和小写字母、数字和特殊字符,创建当前服务所允许的尽可能长和复杂的密码。
如果你需要一个可以记住的密码,我们推荐[diceware口令](#diceware)。
### Diceware口令
Diceware是一种创建密码的方法这种密码容易记忆但很难猜到。
当你需要记忆或手动输入你的凭证时Diceware口令是一个很好的选择例如你的密码管理器的主密码或你的设备的加密密码。
一个diceware口令的例子是`viewable fastness reluctant squishy seventeen shown pencil`.
要使用真正的骰子生成一个diceware口令请遵循以下步骤。
!!! note
这里的说明步骤假定你使用[EFF的大型词汇表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)来生成口令,每个词需要掷五个骰子。 其他词表可能需要更多或更少的回合,也可能需要不同数量的词来实现相同的熵值。
1. 掷一个六面体的骰子五次,每次掷完都记下数字。
2. 举个例子,假设你掷出 `2-5-2-6-6`。 通过 [EFF的大词表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) ,寻找与 `25266`相对应的词。
3. 你可以得到这个词 `encrypt` 把这个词写下来。
4. 重复这个过程,直到你的口令有你所需要的字数,你应该用空格来分隔每个词。
!!! 警告 “重要”
你**不**应该重新生成单词,来得到一个吸引你的单词组合。 这个过程应该是完全随机的。
如果你没有或者不愿意使用真正的骰子,你可以使用你的密码管理器的内置密码生成器,因为除了常规密码之外,大多数密码管理器都有生成骰子密码的选项。
我们建议使用 [EFF的大型词表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) ,以生成你的二维码密码,因为它提供了与原始列表完全相同的安全性,同时包含更容易记忆的单词。 There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
??? 注:"解释熵和二维码密码的强度"
为了演示diceware密码短语有多强我们将使用前面提到的七个单词密码短语`'viewable fastnesssquishy seventeen showed pencil'`和[EFF的大单词列表]https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)为例。
确定双关口令强度的一个指标是它的熵值有多少。 双关口令中每个字的熵计算为$\text{log}_2(\text{WordsInList})$,口令的整体熵计算为$\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$。
因此,上述列表中的每个词都会产生~12.9比特的熵($\text{log}_2(7776)$),而由它衍生出的七个词的口令有~90.47比特的熵($\text{log}_2(7776^7)$)。
[EFF的大词表](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)包含7776个独特的词。 要计算可能的口令数量,我们所要做的就是$\text{WordsInList}^\text{WordsInPhrase}$,或者在我们的例子中,$7776^7$。
让我们换一个角度来看:使用[EFF 's large wordlist] https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt )的七个单词密码是~ 1,719,070,799,748,422,500,000,000,000个可能的密码之一。
平均而言需要尝试所有可能的组合中的50%来猜测你的短语。 考虑到这一点即使你的对手每秒能够猜出1,000,000,000,000次他们仍然需要27,255,689年才能猜出你的口令。 即使以下情况属实,情况也是如此:
- 你的对手知道你使用了diceware方法。
- 你的对手知道你使用的具体词表。
- 你的对手知道你的口令包含多少个字。
总而言之,当你需要一些既容易记住 *,又特别强大的* Diceware密码是你最好的选择。
## 存储密码
### 生产力工具
存储密码的最佳方式是使用密码管理器。 它们允许你将密码存储在文件或云中,并以单一的主密码保护它们。 这样一来,你只需记住一个强密码,就可以访问其余的密码。
有许多好的选择,包括基于云的和本地的。 选择我们推荐的密码管理器之一,并使用它在你的所有账户中建立强大的密码。 我们建议用一个至少由七个词组成的 [diceware](#diceware) 口令来保护你的密码管理器。
[推荐的密码管理器列表](../passwords.md ""){.md-button}
!!! 警告 "不要把你的密码和TOTP令牌放在同一个密码管理器中"
如果您将TOTP用作任何帐户的 [多因素身份验证](../multi-factor-authentication.md) 方法请勿在密码管理器中存储这些令牌、它们的任何备份代码或TOTP秘密本身那样会抵消掉多因认证的益处。
你应该使用专门的[TOTP应用程序].../multi-factor-authentication.md/#authenticator-apps来代替。
此外,我们不建议在您的密码管理器中存储用于一次性恢复的代码。 它们应当单独存储在,例如离线存储设备上的加密容器中。
### 备份
你应该在多个存储设备或云存储提供商上存储 [加密的](../encryption.md) 密码备份。 如果你的主要设备或你正在使用的服务发生意外,这可以帮助你访问你的密码。

110
i18n/zh/basics/threat-modeling.md Normal file
View File

@@ -0,0 +1,110 @@
---
title: "威胁模型"
icon: '资料/目标账户'
description: 在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。
---
在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。 每件事都是一种权衡:越是安全的东西,一般来说限制性越强或越不方便,等等。 人们经常会发现这些推荐的工具最大的问题就是太难于上手使用!
如果你想使用**最安全**的工具,你就必须牺牲很多*的可用性*。 即使如此,==没有什么是完全安全的。== 有 **高度**安全 ,但从来没有**完全**安全。 这就是为什么威胁模型很重要。
**那么,威胁模型到底是什么?**
==威胁模型是一份清单,列出那些对你的安全/隐私工作最有可能的威胁。== 由于不可能防御**每个**攻击(者),你应该把重点放在 **最有可能的** 威胁上。 在计算机安全方面,威胁是指可能破坏你保持隐私和安全的努力的事件。
专注于与你有关的威胁,缩小你对所需保护的思考范围,这样你就可以选择适合工作的工具。
## 创建你的威胁模型
为了确定你所珍视的东西可能发生什么,并确定你需要从谁那里保护它们,你应该回答这五个问题。
1. 我想保护什么?
2. 我想保护它免受谁的伤害?
3. 它有多大的可能性需要保护?
4. 如果我失败了,后果有多严重?
5. 我愿意付出多少代价来防止这些潜在的后果?
### 我想保护什么?
一个 "资产 "是你重视并想保护的东西。 在数字安全方面, ==一项资产通常是某种信息。== 例如,你的电子邮件、联系人名单、即时消息、位置和文件都是可能的资产。 你的设备本身也可能是资产。
*列出你的资产清单:你保存的数据,它被保存在哪里,谁可以访问它,以及有什么东西可以阻止其他人访问。*
### 我想保护它免受谁的伤害?
要回答这个问题,重要的是要确定你或你的信息可能是谁的目标。 ==对您的资产构成威胁的个人或实体就是"对手"。==举例来说对手可能有你的老板,你的前合伙人,你的商业竞争对手,你的政府或公共网络上的黑客。
*列出一份名单,包含你的对手或那些可能想要掌握你的资产的人。 你的名单可能包括个人、政府机构或公司。*
根据你的对手是谁,在某些情况下,这份名单你可能需要在完成安全规划后把它销毁。
### 它有多大的可能性需要保护?
==风险是指对特定资产的特定威胁实际发生的可能性。==它与能力密不可分。 尽管你的手机运营商有获得你全部数据的能力,但他们把你的隐私数据发布到网上来损害你名誉的风险是很低的。
区分一件事情是否有可能发生和这件事情发生的概率是很重要的。 比如说,你的建筑物当然有可能面临倒塌的威胁,但是发生这一威胁的风险在旧金山 (地震频发) 比在斯德哥尔摩 (地震不频发) 要大得多。
评估风险既是一个个人的也是一个主观的过程。 许多人认为某些威胁是不可接受的,无论它们发生的可能性有多大,因为仅仅是威胁的存在就不值得付出代价。 在另一些情形下,如果威胁不值一提,即使风险再高人们也可能会忽略掉它们。
*写一下你认为哪些威胁是严重的,以及哪些太罕见或者太无足轻重(或者太难对付) 所以不必关注。*
### 如果我失败了,后果有多严重?
对手有很多方法来获取你的数据。 比如,对手可以通过网络读取你的私人通讯,或者可以删除或者破坏你的数据。
==对手们的动机大相径庭,他们的策略也各不相同。==为了阻止一个揭露警察暴力的视频的传播,政府可能只会简单地删除或者降低这个视频的可得性。 相比之下,一个政治对手可能想要在你不知情的情况下获取你的机密并公之于众。
安全规划还需要你考虑,假设对手成功获取到你的某项资产, 这所能够导致的最差结果是什么。 为了确定这一点,你应该考虑你的对手的能力。 例如,您的手机运营商能够获取你全部的通话记录。 一个开放Wi-Fi网络上的骇客能够获取你的未加密通讯。 你的政府可能拥有更强大的能力。
*写一下你的对手想要用你的私人数据做什么。*
### 我愿意付出多少代价来防止这些潜在的后果?
==没有完美的安全选项。==每个人的优先级,关注点或者对资源的获取能力都不相同。 你的风险评估能够让你规划合适你自己的策略,在便捷,成本和隐私之间取得平衡。
比如说,一个国安案件当事人的代理律师,可能会愿意付出大得多的努力来保护案件有关的通讯,比如说使用加密邮箱;而一个通常只是给女儿发有趣的猫咪视频的母亲往往就不太愿意这么做。
*写下那些能够帮你减弱针对你的那些威胁的可行选项。 标注一下可能会存在的金融,技术或者社会方面的局限。*
### 自己试一下:保护你的财物
这些问题可以适用于各种各样的情况,无论是线上还是线下。 作为这些问题的通用示范,让我们建立一个计划来保护你的房子和财产。
**我想保护什么? (或者, *你有什么值得保护的东西?*)**
:
你的资产可能包括珠宝、电子产品、重要文件或照片。
**我想保护它免受谁的伤害?**
:
你的对手可能包括窃贼、室友或客人。
**它需要我保护的可能性有多大?**
:
你的社区是否有入室盗窃的历史? 你的室友或客人的可信度如何? 你的对手有哪些能力? 你应该考虑哪些风险?
**如果我失败了,后果有多严重?**
:
你的房子里有什么东西是无可替代的吗? 你有时间或金钱来更换这些东西吗? 你是否有为家中物品购买失窃险?
**为了防止这些后果,你愿意付出多大的代价?**
:
你愿意为敏感文件买一个保险箱吗? 你能买得起高质量的锁吗? 你有时间在当地银行开一个保险柜,把你的贵重物品放在那里吗?
只有当你问过自己这些问题后,你才能评估要采取什么措施。 即使你的财物很值钱,如果破门而入的概率很低,那么你可能也不会在锁上投入太多的钱。 但是,如果破门而入的概率很高,你最好去买市面上最高质量的锁,并考虑增加一个安全系统。
制定安全计划将帮助你了解你所特有的威胁,并评估你的资产、对手们及其能力,还有你所面临的风险的可能性大小。
## 延伸阅读
对于希望增加网上隐私和安全的人来说,我们汇编了一份我们的访问者面临的常见威胁或访问者的目标的清单,以给你一些启发,并且展示了一些我们的基础建议。
- [常见的目标和威胁 :material-arrow-right-drop-circle:](common-threats.md)
## 资料来源
- [EFF 监控自我防卫: 你的安全计划](https://ssd.eff.org/en/module/your-security-plan)

77
i18n/zh/basics/vpn-overview.md Normal file
View File

@@ -0,0 +1,77 @@
---
title: VPN概述
icon: 资料/vpn
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
---
虚拟专用网络是一种将你的网络末端延伸到世界其他地方的方式。 ISP可以看到进入和离开你的网络终端设备即调制解调器的互联网流量。
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
VPN可以提供帮助因为它可以将信任转移到世界其他地方的服务器上。 因此ISP只看到你连接到了VPN而对你传入的活动一无所知。
## 我应该使用VPN吗
**是的**除非你已经在使用Tor。 VPN做两件事将风险从你的互联网服务提供商转移到vpn本身并从第三方服务中隐藏你的IP。
VPN不能对你的设备和VPN服务器之间连接之外的数据进行加密。 VPN供应商可以像你的ISP一样看到并修改你的流量。 而且没有办法以任何方式验证VPN供应商的 "无记录 "政策。
然而假如IP没有泄露他们的确可以向第三方服务隐藏您的实际IP。 它们可以帮助您融入其他人并减轻基于IP的跟踪。
## 什么时候我不应该使用VPN
在你使用你的 [已知身份的情况下使用VPN](common-threats.md#common-misconceptions) ,不太可能是有用的。
这样做可能会触发垃圾邮件和欺诈检测系统,例如,如果你要登录银行的网站。
## 那加密呢?
VPN供应商提供的加密是在你的设备和他们的服务器之间。 它保证这个特定的链接是安全的。 这比使用未加密的代理更上一层楼,因为网络上的对手可以截获你的设备和上述代理之间的通信,并修改它们。 然而,你的应用程序或浏览器与服务提供商之间的加密并不由这种加密处理。
为了保持你在你访问的网站上的实际操作的私密性和安全性你必须使用HTTPS。 这将使你的密码、会话令牌和查询不被VPN供应商发现。 考虑在你的浏览器中启用 "HTTPS everywhere",以减轻降级攻击,如 [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf)。
## 我是否应该使用带有VPN的加密DNS
除非你的VPN供应商托管加密的DNS服务器否则 **,不要用**。 使用DOH/DOT或任何其他形式的加密DNS与第三方服务器将只是增加了更多的实体信任对改善你的隐私/安全 **根本没用**。 你的VPN供应商仍然可以根据IP地址和其他方法看到你访问的网站。 你现在不是只信任你的VPN供应商而是同时信任VPN供应商和DNS供应商。
推荐加密DNS的一个常见原因是它有助于防止DNS欺骗。 然而,你的浏览器应该已经在检查 [TLS证书](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) 与 **HTTPS** ,并警告你。 如果你没有使用 **HTTPS**那么对手仍然可以直接修改你的DNS查询以外的任何东西最终结果将没有什么不同。
更不必说, **你不应该共用Tor和加密DNS**。 这将把你所有的DNS请求定向到某个单一连接并允许加密DNS提供商对你进行去匿名化。
## 我应该共用Tor *和* VPN吗
通过将Vpn与Tor一起使用您基本上创建了一个永久的入口节点而且还通常附有资金相关的跟踪线索。 这没有为你带来额外的好处,同时大大增加了连接的攻击面。 如果您希望向ISP或政府隐藏Tor使用情况 Tor有内置的解决方案 Tor桥。 [阅读更多关于Tor桥和为什么使用VPN是没有必要的](tor-overview.md)。
## 那如果我需要匿名呢?
VPN不能提供匿名性。 你的VPN供应商仍然会看到你的真实IP地址而且往往有一个可以直接关联到你的资金线索。 您不能依赖“无日志记录”策略来保护您的数据。 使用 [Tor](https://www.torproject.org/) 来代替。
## 提供Tor节点的VPN供应商怎么样
不要使用该功能。 使用Tor的意义在于你无需信任你的VPN供应商。 目前Tor只支持 [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) 协议。 [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (用于 [WebRTC](https://en.wikipedia.org/wiki/WebRTC) 音频和视频共享,新的[HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) 协议等), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) 和其他数据包将被丢弃。 为了弥补这一点VPN供应商通常会将所有非TCP数据包通过其VPN服务器你的第一跳进行路由。 [ProtonVPN](https://protonvpn.com/support/tor-vpn/)就是这种情况。 此外在使用这种Tor over VPN设置时 您无法控制其他重要的Tor功能例如 [目的地址隔离](https://www.whonix.org/wiki/Stream_Isolation) (对您访问的每个域名使用不同的Tor线路)。
该功能应被视为访问Tor网络的一种便捷方式而不是为了保持匿名。 为了获得适当的匿名性请使用Tor浏览器、TorSocks或Tor网关。
## VPN何时有用
VPN在各种情况下仍可能对您有用例如:
1. **仅仅** 向您的Internet服务提供商隐藏流量。
1. 向你的ISP和反盗版组织隐藏你的下载如torrent
1. 向第三方网站和服务隐藏你的IP防止基于IP的跟踪。
对于这样的情况或者如果你有其他令人信服的理由我们上面列出的VPN供应商是我们认为最值得信赖的人。 然而使用VPN供应商仍然意味着你在 *信任* 该供应商。 几乎在任何其他情况下,你都应该使用一个**由设计保证的** 安全工具如Tor。
## 资料来源及延伸阅读
1. [VPN -一个非常危险的叙事 ](https://schub.io/blog/2019/04/08/very-precarious-narrative.html)作者:丹尼斯·舒伯特( Dennis Schubert
1. [Tor网络概述](../advanced/tor-overview.md)
1. [IVPN隐私指南](https://www.ivpn.net/privacy-guides)
1. ["我需要一个VPN吗"](https://www.doineedavpn.com)这是由IVPN开发的一个工具通过帮助个人决定VPN是否适合他们来挑战咄咄逼人的VPN营销。
## VPN的相关信息
- [VPN和隐私审查网站的问题](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
- [免费VPN应用调查](https://www.top10vpn.com/free-vpn-app-investigation/)
- [揭开隐蔽VPN所有者的面纱101个VPN产品仅由23家公司运营](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [这家中国公司秘密地在24个流行的应用程序背后寻求危险的权限](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)

68
i18n/zh/calendar.md Normal file
View File

@@ -0,0 +1,68 @@
---
title: "VPN供应商"
icon: material/calendar
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
---
日历包含一些最敏感的数据;使用静态实现E2EE的产品以防止提供商读取它们。
## Tutanota
!!! recommendation
![Tutanota标志](assets/img/calendar/tutanota.svg#only-light){ align=right }
![Tutanota标志](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right }
**Tutanota**在其支持的平台上提供免费和加密的日历。 功能包括所有数据的自动E2EE共享功能导入/导出功能,多因素认证,以及 [more]https://tutanota.com/calendar-app-comparison/)。
多个日历和扩展的共享功能仅限于付费用户。
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/faq#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="源代码" }
[:octicons-heart-16:](https://tutanota.com/community){ .card-link title="贡献" } 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
- [:simple-windows11: Windows](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/com.tutanota.Tutanota)
- [:octicons-browser-16: Web](https://mail.tutanota.com/)
## Proton CalendarProton 日历)
!!! recommendation
[Proton](aassets/img/calendar/proton-calendar.svg)}=right }
**Proton Calendar** 是一个通过网络或移动客户提供给Proton成员的加密日历服务。 功能包括所有数据的自动E2EE共享功能导入/导出功能,多因素认证,以及 [more]https://proton.me/support/proton-calendar-guide/)。 免费级别上的人可以使用单个日历而付费用户可以创建多达20个日历。 扩展的分享功能也仅限于付费用户。
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/support/proton-calendar-guide#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="源代码" }
[](){ .card-link title="贡献" } 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
- [:octicons-browser-16: Web](https://calendar.proton.me)
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Qualifications
- 必须与E2EE同步并存储信息以确保数据对服务提供者不可见。
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- 如果适用的话,应该与本地操作系统的日历和联系人管理应用程序集成。

99
i18n/zh/cloud.md Normal file
View File

@@ -0,0 +1,99 @@
---
title: "路由器固件"
icon: material/file-cloud
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
---
许多云存储供应商需要你完全信任他们不会查看你的文件。 The alternatives listed below eliminate the need for trust by implementing secure E2EE.
If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
??? 问题 "寻找Nextcloud"
Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
## Proton DriveProton 云盘)
!!! recommendation
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
**Proton Drive** is a Swiss encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/support/drive#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="源代码" }
[](){ .card-link title="贡献" } 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: Web](https://apps.apple.com/app/id1509667851)
The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states:
> Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
## Tresorit
!!! recommendation
![Tresorit logo](assets/img/cloud/tresorit.svg){ align=right }
**Tresorit** is a Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.
[:octicons-home-16: Homepage](https://tresorit.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.tresorit.com/hc/en-us){ .card-link title=Documentation}
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id722163232)
- [:simple-windows11: Windows](https://tresorit.com/download)
- [:simple-apple: macOS](https://tresorit.com/download)
- [:simple-linux: Linux](https://tresorit.com/download)
Tresorit has received a number of independent security audits:
- [2022](https://tresorit.com/blog/tresorit-receives-iso-27001-certification/): ISO/IEC 27001:2013[^1] Compliance [Certification](https://www.certipedia.com/quality_marks/9108644476) by TÜV Rheinland InterCert Kft
- [2021](https://tresorit.com/blog/fresh-penetration-testing-confirms-tresorit-security/): Penetration Testing by Computest
- This review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.
- Computest discovered two vulnerabilities which have been resolved.
- [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture/): Penetration Testing by Ernst & Young.
- This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf).
- Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorits data confidentiality claims."
They have also received the Digital Trust Label, a certification from the [Swiss Digital Initiative](https://www.swiss-digital-initiative.org/digital-trust-label/) which requires passing [35 criteria](https://digitaltrust-label.swiss/criteria/) related to security, privacy, and reliability.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Requirements
- 使用端到端加密
- 必须提供免费计划或试用期进行测试。
- 必须支持TOTP或FIDO2多因素认证或Passkey登录。
- 必须提供一个支持基本文件管理功能的网络界面。
- 必须允许所有文件/文档的轻松导出。
- 必须使用标准的、经过审计的加密技术。
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- 客户端应是开源的。
- 客户端应由独立的第三方对其进行全面的审计。
- 应提供Linux、Android、Windows、macOS和iOS的本地客户端。
- 这些客户端应该与云存储供应商的本地操作系统工具集成如iOS上的Files应用集成或Android上的DocumentsProvider功能。
- 应支持与其他用户轻松分享文件。
- 应在网络界面上至少提供基本的文件预览和编辑功能。
[^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services.

53
i18n/zh/cryptocurrency.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: Cryptocurrency
icon: material/bank-circle
---
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
!!! 危险
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
## Monero
!!! recommendation
![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
- [Feather Wallet](https://featherwallet.org/) (Desktop)
- [Monerujo](https://www.monerujo.io/) (Android)
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another persons node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone elses Monero node over Tor or i2p.
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Cryptocurrency must provide private/untraceable transactions by default.

145
i18n/zh/data-redaction.md Normal file
View File

@@ -0,0 +1,145 @@
---
title: "日历/联系人同步"
icon: material/tag-remove
description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share.
---
共享文件时,请务必删除关联的元数据。 图像文件通常包括 [Exif](https://en.wikipedia.org/wiki/Exif) 数据。 照片有时甚至包括文件元数据中的GPS坐标。
## 电脑版
### MAT2
!!! recommendation
![MAT2标志](assets/img/data-redaction/mat2.svg){ align=right }
**MAT2**是免费软件,它允许从图像、音频、洪流和文件类型中删除元数据。 [KDE]它通过[Nautilus的扩展](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus)提供命令行工具和图形用户界面, [GNOME](https://www.gnome.org)的默认文件管理器和 [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin)的默认文件管理器(https://kde.org)。
在Linux上存在一个由MAT2驱动的第三方图形工具[Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner),并[在Flathub上提供](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner)。
[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title="文档"}
[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="源代码" } 。
??? 下载
- [:simple-windows11: Windows](https://pypi.org/project/mat2)
- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
- [:simple-linux: Linux](https://pypi.org/project/mat2)
- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
## Android
### ExifEraser (安卓系统)
!!! recommendation
![ExifEraser标志](assets/img/data-redaction/exiferaser.svg) { align=right }
**ExifEraser**是一个现代的、无权限的图像元数据删除应用程序适用于Android。
它目前支持JPEG、PNG和WebP文件。
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="源代码" }
[:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title=贡献 }
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser)
- [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser)
- [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases)
被删除的元数据取决于图像的文件类型。
* **JPEG**: ICC Profile、Exif、Photoshop Image Resources和XMP/ExtendedXMP元数据如果存在将被删除。
* **PNG**ICC Profile、Exif和XMP元数据如果存在将被删除。
* **WebP**ICC Profile、Exif和XMP元数据如果存在将被删除。
在处理完图像后ExifEraser会向你提供一份完整的报告说明每张图像中到底有哪些被删除。
该应用程序提供多种方法来消除图像中的元数据。 名称:
* 你可以用ExifEraser分享另一个应用程序的图像。
* 通过应用程序本身,你可以选择一张图片,一次选择多张图片,甚至是整个目录。
* 它有一个 "相机 "选项,它使用你的操作系统的相机应用程序来拍摄照片,然后它将元数据从照片中删除。
* 它允许你将照片从另一个应用程序拖入ExifEraser当它们都以分屏模式打开时。
* 最后,它允许你从剪贴板上粘贴图片。
### Metapho (iOS)
!!! recommendation
![Metapho标志](assets/img/data-redaction/metapho.jpg){ align=right }
**Metapho**是一个简单而干净的照片元数据查看器,如日期、文件名、大小、相机型号、快门速度和位置。
[:octicons-home-16: 首页](https://zininworks.com/metapho){ .md-button .md-button--primary }
[:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="隐私政策" } 。
??? 下载
- [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352)
### PrivacyBlur
!!! recommendation
![PrivacyBlur标志](assets/img/data-redaction/privacyblur.svg) { align=right }
**PrivacyBlur**是一个免费的应用程序,它可以在网上分享之前模糊图片的敏感部分。
[:octicons-home-16: 主页](https://privacyblur.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="隐私政策" }
[:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=文档}
[:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="源代码" }
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
- [:simple-appstore: Web](https://apps.apple.com/us/app/privacyblur/id1536274106)
!!! 推荐
您应该* *从不* *使用模糊来编辑[图片中的文本](https://bishopfox.com/blog/unredacter-tool-never-pixelation)。 如果你想编辑图像中的文本,在文本上画一个方框。 为此,我们建议使用[Pocket Paint]https://github.com/Catrobat/Paintroid等应用程序。
## Command-line
### ExifTool
!!! recommendation
![ExifTool标志](assets/img/data-redaction/exiftool.png){ align=right }
**ExifTool**是原始的perl库和命令行应用程序用于读取、写入和编辑各种文件格式JPEG、TIFF、PNG、PDF、RAW等的元信息Exif、IPTC、XMP等
它通常是其他Exif删除应用程序的一个组成部分并且在大多数Linux发行库中。
[:octicons-home-16: 主页](https://exiftool.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=文档}
[:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="源代码" }
[:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title="贡献" }
??? 下载
- [:simple-windows11: Windows](https://exiftool.org)
- [:simple-apple: macOS](https://exiftool.org)
- [:simple-linux: Linux](https://exiftool.org)
!!! 例子 "从一个文件目录中删除数据"
```bash
exiftool -all= *.file_extension
```
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- 为开源操作系统开发的应用程序必须是开源的。
- 应用程序必须是免费的,不应包括广告或其他限制。

412
i18n/zh/desktop-browsers.md Normal file
View File

@@ -0,0 +1,412 @@
---
title: "电脑浏览器"
icon: material/laptop
description: These web browsers provide stronger privacy protections than Google Chrome.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Desktop Browser Recommendations
url: "./"
relatedLink: "../mobile-browsers/"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Mullvad Browser
image: /assets/img/browsers/mullvad_browser.svg
url: https://mullvad.net/en/browser
applicationCategory: Web Browser
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Firefox火狐浏览器
image: /assets/img/browsers/firefox.svg
url: https://firefox.com
sameAs: https://en.wikipedia.org/wiki/Firefox
applicationCategory: Web Browser
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
sameAs: https://en.wikipedia.org/wiki/Brave_(web_browser)
applicationCategory: Web Browser
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
subjectOf:
"@type": WebPage
url: "./"
---
这些是我们目前推荐的用于标准/非匿名浏览的桌面网络浏览器和配置。 We recommend [Mullvad Browser](#mullvad-browser) if you are focused on strong privacy protections and anti-fingerprinting out of the box, [Firefox](#firefox) for casual internet browsers looking for a good alternative to Google Chrome, and [Brave](#brave) if you need Chromium browser compatibility.
如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 We make some configuration recommendations on this page, but all browsers other than Tor Browser will be traceable by *somebody* in some manner or another.
## Mullvad Browser
!!! recommendation
![Mullvad Browser logo](assets/img/browsers/mullvad_browser.svg){ align=right }
**Mullvad Browser** is a version of [Tor Browser](tor.md#tor-browser) with Tor network integrations removed, aimed at providing Tor Browser's anti-fingerprinting browser technologies to VPN users. It is developed by the Tor Project and distributed by [Mullvad](vpn.md#mullvad), and does **not** require the use of Mullvad's VPN.
[:octicons-home-16: Homepage](https://mullvad.net/en/browser){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/mullvad-browser){ .card-link title="Source Code" }
??? downloads
- [:simple-windows11: Windows](https://mullvad.net/en/download/browser/windows)
- [:simple-apple: macOS](https://mullvad.net/en/download/browser/macos)
- [:simple-linux: Linux](https://mullvad.net/en/download/browser/linux)
Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings/). Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
### Anti-Fingerprinting
**Without** using a [VPN](vpn.md), Mullvad Browser provides the same protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) as other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
==For the strongest anti-fingerprinting protection, we recommend using Mullvad Browser in conjunction **with** a VPN==, whether that is Mullvad or another recommended VPN provider. When using a VPN with Mullvad Browser, you will share a fingerprint and a pool of IP addresses with many other users, giving you a "crowd" to blend in with. This strategy is the only way to thwart advanced tracking scripts, and is the same anti-fingerprinting technique used by Tor Browser.
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically [don't recommend](#extensions) adding *additional* browser extensions, these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
### Private Browsing Mode
Mullvad Browser operates in permanent private browsing mode, meaning your history, cookies, and other site data will always be cleared every time the browser is closed. Your bookmarks, browser settings, and extension settings will still be preserved.
This is required to prevent advanced forms of tracking, but does come at the cost of convenience and some Firefox features, such as Multi-Account Containers. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise don't work properly in Mullvad Browser, and Mullvad Browser for general browsing.
### Mullvad Leta
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly (which is why it is limited to paying subscribers), however because of this limitation it is possible for Mullvad to correlate search queries and Mullvad VPN accounts. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox火狐浏览器
!!! recommendation
![火狐标志](assets/img/browsers/firefox.svg){ align=right }
**火狐浏览器**提供强大的隐私设置,如[增强型跟踪保护](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop),它可以帮助阻止各种[类型的跟踪](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks)。
[:octicons-home-16: 主页](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/firefox/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://firefox-source-docs.mozilla.org/){ .card-link title=文档}
[:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="源代码" }
[:octicons-heart-16:](https://donate.mozilla.org/){ .card-link title="贡献" }
??? 下载
- [:simple-windows11: Windows](https://www.mozilla.org/firefox/windows)
- [:simple-apple: macOS](https://www.mozilla.org/firefox/mac)
- [:simple-linux: Linux](https://www.mozilla.org/firefox/linux)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.firefox)
!!! 警告
Firefox在从Mozilla网站的下载中包括一个独特的 [下载令牌](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) 并使用Firefox中的遥测技术来发送该令牌。 </strong> 该令牌是 **,不包括在 [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/)的版本中。</p>
### 推荐配置
这些选项可以在 :material-menu: → **设置** → **隐私 & 安全**中找到。
##### 增强跟踪保护
- [x] 选择 **严格的** 增强跟踪保护
这可以通过阻止社交媒体追踪器、指纹脚本(注意,这并不能保护你 *所有* 指纹、加密器、跨网站追踪cookies和其他一些追踪内容来保护你。 ETP可以防止许多常见的威胁但它并不阻止所有的跟踪途径因为它的设计对网站的可用性影响最小甚至没有影响。
##### 关闭时消毒
如果你想在特定的网站上保持登录状态,你可以在 **Cookies和网站数据****管理例外情况中允许例外。**
- [x] 勾选 **当Firefox关闭时删除cookies和网站数据**
这可以保护您免受持久性cookies的影响但不能保护您免受在任何一个浏览会话中获得的cookies的影响。 启用该功能后只需重新启动火狐浏览器就可以轻松清理浏览器的cookies。 如果你希望在你经常访问的特定网站上保持登录状态,你可以在每个网站的基础上设置例外。
##### 搜索建议
- [ ] 取消勾选 **提供搜索建议**
搜索建议功能可能在你的地区无法使用。
搜索建议将你在地址栏中输入的所有内容发送到默认的搜索引擎,而不管你是否提交了实际的搜索。 禁用搜索建议可以让你更精确地控制你向搜索引擎供应商发送的数据。
##### 遥测
- [ ] 取消勾选 **允许火狐浏览器向Mozilla发送技术和互动数据**
- [ ] 取消勾选 **允许Firefox安装和运行研究**
- [ ] 取消勾选 **允许火狐代表您发送积压的崩溃报告**
> 火狐浏览器会向我们发送有关您的火狐浏览器版本和语言、设备操作系统和硬件配置、内存、有关崩溃和错误的基本信息以及更新、安全浏览和激活等自动处理结果的数据。 当火狐浏览器向我们发送数据时您的IP地址会被暂时收集作为我们服务器日志的一部分。
此外,火狐账户服务还收集 [一些技术数据](https://www.mozilla.org/en-US/privacy/firefox/#firefox-accounts)。 如果你使用Firefox账户你可以选择退出。
1. 在 accounts.firefox.com</a>上打开你的
配置文件设置。</li>
2 取消勾选 **数据收集和使用** > **帮助改进火狐账户**</ol>
##### HTTPS-Only 模式
- [x] 选择 **启用所有窗口的纯HTTPS-Only模式**
这可以防止你无意中以纯文本的HTTP方式连接到一个网站。 现在没有HTTPS的网站已经不多见了所以这对你的日常浏览应该没有什么影响。
### 火狐同步
[火狐浏览器同步](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) 使您的浏览数据历史记录、书签等可以在您的所有设备上访问并通过E2EE进行保护。
### Arkenfox (advanced)
!!! tip "Use Mullvad Browser for advanced anti-fingerprinting"
[Mullvad Browser](#mullvad-browser) provides the same anti-fingerprinting protections as Arkenfox out of the box, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Arkenfox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
[Arkenfox项目](https://github.com/arkenfox/user.js) 为Firefox提供了一套精心考虑的选项。 如果你 [决定](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) 使用Arkenfox有几个 [选项](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) 是主观严格的和/或可能导致一些网站不能正常工作-- [,你可以很容易地改变](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) 以满足你的需要。 我们 **,强烈建议** ,阅读其完整的 [wiki](https://github.com/arkenfox/user.js/wiki)。 Arkenfox还能支持 [容器](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users)。
Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing.
## Brave
!!! recommendation
![Brave标识](assets/img/browsers/brave.svg){ align=right }
**Brave浏览器**包括一个内置的内容拦截器和[隐私功能](https://brave.com/privacy-features/),其中许多功能都是默认启用的。
Brave是建立在Chromium网络浏览器项目之上的所以它应该有熟悉的感觉而且网站兼容性问题最小。
[:octicons-home-16: 首页](https://brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="洋葱服务" }
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://support.brave.com/){ .card-link title="文档"}
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="源代码" }
??? 下载注释
- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
- [:simple-windows11: Windows](https://brave.com/download/)
- [:simple-apple: macOS](https://brave.com/download/)
- [:simple-linux: Linux](https://brave.com/linux/) (1)
1. 我们建议不要使用Flatpak版本的Brave因为它用Flatpak的沙箱代替了Chromium的沙箱效果较差。 此外该软件包并非由Brave Software, Inc.维护。
### 推荐配置
这些选项可以在 :material-menu: → **设置**中找到。
##### 盾
Brave在其 [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) 功能中包括一些防指纹的措施。 我们建议将这些选项配置为 [,在你访问的所有页面上全局](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-)。
Shields的选项可以根据需要在每个站点的基础上进行降级但在默认情况下我们建议设置以下内容。
<div class="annotate" markdown>
- [x] 选择**防止网站根据我的语言偏好对我进行指纹识别**
- [x] 选择跟踪器和广告拦截下的**攻击性**
? warning "Use default filter lists"
Brave允许你在内部`brave://adblock`页面中选择额外的内容过滤器。 我们建议不要使用这个功能;相反,保留默认的过滤列表。 使用额外的列表会使你从其他Brave用户中脱颖而出如果Brave中存在漏洞恶意规则被添加到你使用的列表中也可能增加攻击面。
- [x] (可选)选择**屏蔽脚本**1
- [x] 在屏蔽指纹下选择**严格的,可能会破坏网站**。
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
##### 社交媒体图标
- [ ] 取消勾选所有社交媒体组件
##### 隐私和安全
<div class="annotate" markdown>
- [x] 在[WebRTC IP处理策略]下选择**禁用非代理的UDP**(https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc
- [ ] 取消勾选 **使用谷歌服务推送消息**
- [ ] 取消勾选 **允许保留隐私的产品分析P3A**
- [ ] 取消勾选 **自动向Brave发送每日使用情况的Ping***。[] 取消勾选 **自动向Brave发送每日使用情况的ping**
- [] 取消勾选 **自动发送诊断报告**
- [x] 在**安全**菜单中选择 **始终使用安全连接**
- [] 取消勾选 **使用Tor的私人窗口** (1)
!!! 提示 "关闭时消毒 "
- [x] 在*Cookies和其他网站数据*菜单中选择**关闭所有窗口时清除cookies和网站数据**
如果你希望在你经常访问的特定网站上保持登录状态,你可以在*自定义行为*部分中按网站设置例外。
</div>
1. Brave是 **,而不是** 对指纹的抵抗力不如Tor浏览器而且使用Brave和Tor的人要少得多所以你会脱颖而出。 在需要强大的匿名性的地方 [](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) ,使用 [Tor浏览器](tor.md#tor-browser)。
##### 扩展程序
**Extensions**,禁用你不使用的内置扩展程序。
- [ ] 取消勾选 **Hangouts**
- [] 取消勾选 **WebTorrent**
##### Web3
<div class="annotate" markdown>
- [x] Select **Disabled** on Method to resolve IPFS resources (1)
</div>
1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
##### 附加设置
Under the *System* menu
<div class="annotate" markdown>
- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1)
</div>
1. This option is not present on all platforms.
### Brave 同步
[Brave 同步](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) 允许你的浏览数据历史记录、书签等在你所有的设备上访问而不需要账户并以E2EE进行保护。
## 其它资源
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. However, uBlock Origin may prove useful if you value content blocking functionality.
### uBlock Origin
!!! recommendation
![uBlock Origin标识](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin**是一个流行的内容阻止器,可以帮助你阻止广告、跟踪器和指纹脚本。
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title="文档"}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="源代码" }
??? 下载
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
##### 其它列表
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Requirements
- 它必须是开源软件。
- Supports automatic updates.
- Receives engine updates in 0-1 days from upstream release.
- Available on Linux, macOS, and Windows.
- 为使浏览器更加尊重隐私所需的任何改变都不应该对用户体验产生负面影响。
- Blocks third-party cookies by default.
- Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Includes built-in content blocking functionality.
- Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)).
- Supports Progressive Web Apps.
PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because you benefit from your browser's regular security updates.
- Does not include add-on functionality (bloatware) that does not impact user privacy.
- Does not collect telemetry by default.
- Provides open-source sync server implementation.
- Defaults to a [private search engine](search-engines.md).
### 扩展标准
- 不得复制内置浏览器或操作系统的功能。
- 必须直接影响用户隐私,即不能简单地提供信息。
[^1]:
Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/).

183
i18n/zh/desktop.md Normal file
View File

@@ -0,0 +1,183 @@
---
title: "Android 应用"
icon: simple/linux
description: 由于隐私保护和软件自由Linux发行版被普遍推荐。
---
由于隐私保护和软件自由Linux发行版被普遍推荐。 如果你还没有使用Linux下面是我们建议尝试的一些发行版以及一些适用于许多Linux发行版的一般隐私和安全改进提示。
- [安卓概况 :material-arrow-right-drop-circle:](os/linux-overview.md)
## 传统发行版
### Fedora WorkstationFedora 工作站)
!!! recommendation
![Fedora标志](assets/img/linux-desktop/fedora-workstation.svg) { align=right }
**Fedora Workstation**是我们为刚接触Linux的人推荐的发行版。 Fedora通常在其他发行版之前采用较新的技术例如 [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org)。 这些新技术往往伴随着安全、隐私和总体可用性的改进。
[:octicons-home-16: 主页](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=文档}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=贡献 }
Fedora有一个半滚动的发布周期。 虽然有些软件包如 [GNOME](https://www.gnome.org) 被冻结到下一个 Fedora 版本,但大多数软件包(包括内核)在整个发行期都会频繁更新。 每个Fedora版本都支持一年每6个月发布一个新版本。
### openSUSE Tumbleweed
!!! recommendation
![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensus-tumbleweed.svg){ align=right }
**openSUSE Tumbleweed**是一个稳定的滚动发布版本。
openSUSE Tumbleweed 有一个 [事务性更新](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) 系统,使用 [Btrfs](https://en.wikipedia.org/wiki/Btrfs) 和 [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) 来确保快照在出现问题时可以回滚。
[:octicons-home-16: 主页](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=文档}
[:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=贡献 }
Tumbleweed采用的是滚动发布模式每次更新都是以快照的形式发布。 当你升级你的系统时,会下载一个新的快照。 每个快照都要通过一系列的自动测试,由 [openQA](https://openqa.opensuse.org) ,以确保其质量。
### Arch Linux
!!! recommendation
![Arch标志](assets/img/linux-desktop/archlinux.svg){ align=right }
**Arch Linux**是一个轻量级的、自己动手的DIY发行版意味着你只得到你所安装的东西。 更多信息见他们的 [FAQ]https://wiki.archlinux.org/title/Frequently_asked_questions
[:octicons-home-16: 主页](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=文档}
[:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=贡献 }
Arch Linux有一个滚动的发布周期。 没有固定的发布时间表,软件包的更新非常频繁。
作为一个 DIY 发行版,您需要 [自行设置并维护您的](os/linux-overview.md#arch-based-distributions) 系统。 Arch有一个 [官方安装程序](https://wiki.archlinux.org/title/Archinstall) ,使安装过程更容易一些。
[Arch Linux的很大一部分软件包](https://reproducible.archlinux.org) ,都是 [,可复制的](https://reproducible-builds.org)。
## 不变的发行版
### Fedora Silverblue
!!! recommendation
![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ align=right }。
**Fedora Silverblue**和**Fedora Kinoite**是Fedora的不可改变的变体非常注重容器工作流程。 Silverblue配有 [GNOME]https://www.gnome.org/桌面环境而Kinoite配有 [KDE]https://kde.org/)。 Silverblue和Kinoite遵循与Fedora Workstation相同的发布时间表受益于同样的快速更新并与上游保持非常紧密的联系。
[:octicons-home-16: 主页](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=文档}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=贡献 }
Silverblue(和Kinoite)与Fedora Workstation不同它们用一个更先进的替代品 [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/),取代了 [DNF](https://fedoraproject.org/wiki/DNF) 软件包管理。 `rpm-ostree` 软件包管理器的工作方式是为系统下载一个基本镜像,然后在一个 [git](https://en.wikipedia.org/wiki/Git)-like commit tree中叠加软件包。 当系统更新时,会下载一个新的基本图像,覆盖物将被应用于该新图像。
更新完成后,你将重新启动系统进入新的部署。 `rpm-ostree` 保持系统的两个部署,这样如果在新的部署中出现问题,你可以很容易地回滚。 还可以根据需要选择钉更多的部署。
[Flatpak](https://www.flatpak.org) 是这些发行版上的主要软件包安装方法,因为 `rpm-ostree` 只是为了在基础镜像上叠加那些不能留在容器内的软件包。
作为Flatpaks的替代方案可以选择 [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) ,创建 [Podman](https://podman.io) 容器与主机操作系统共享主目录模仿传统的Fedora环境这对有眼光的开发者来说是一个 [有用的功能](https://containertoolbx.org)。
### NixOS
!!! recommendation
![NixOS标志](assets/img/linux-desktop/nixos.svg){ align=right }
NixOS是一个基于Nix软件包管理器的独立发行版注重可重复性和可靠性。
[:octicons-home-16: 主页](https://nixos.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=文档}
[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=贡献 }
NixOS的软件包管理器将每个软件包的每个版本保存在 **Nix商店的不同文件夹中**。 由于这个原因,你可以在你的系统上安装同一软件包的不同版本。 在包的内容被写入文件夹后,该文件夹被变成只读。
NixOS还提供了原子式更新首先它下载或构建新一代系统的软件包和文件然后切换到它。 有不同的方法来切换到新一代你可以告诉NixOS在重启后激活它或者你可以在运行时切换到它。 你也可以 *测试* ,在运行时切换到新的一代,但不把它设置为当前系统的一代。 如果在更新过程中出现了什么问题,你可以直接重新启动,并自动返回到你的系统的工作版本。
Nix软件包管理器使用一种纯粹的函数式语言--它也被称为Nix--来定义软件包。
[Nixpkgs](https://github.com/nixos/nixpkgs) 软件包的主要来源包含在一个GitHub仓库中。 你也可以用同样的语言定义你自己的包,然后轻松地将它们纳入你的配置中。
Nix是一个基于源代码的软件包管理器如果在二进制缓存中没有预置的可用软件包Nix将直接使用其定义从源代码中构建软件包。 它在一个沙盒式的 *纯* 环境中构建每个软件包,该环境尽可能地独立于主机系统,从而使二进制文件可以重现。
## 以匿名为重点的发行版
### Whonix
!!! recommendation
![Whonix标志](assets/img/linux-desktop/whonix.svg){ align=right }
**Whonix**是基于 [Kicksecure](https://www.whonix.org/wiki/Kicksecure)一个注重安全的Debian分叉。 它的目的是在互联网上提供隐私、安全和匿名性。 Whonix最好与[Qubes OS]#qubes-os一起使用。
[:octicons-home-16: 主页](https://www.whonix.org/){ .md-button .md-button--primary }
[:simple-torbrowser:](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="洋葱服务" }
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=文档}
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=贡献 }
Whonix旨在作为两个虚拟机运行一个 "工作站 "和一个Tor "网关"。 工作站的所有通信都必须通过Tor网关。 这意味着即使工作站被某种恶意软件入侵真实的IP地址仍然是隐藏的。
它的一些功能包括Tor流隔离 [按键匿名化](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak) [加密的交换](https://github.com/Whonix/swap-file-creator),以及一个加固的内存分配器。
Whonix的未来版本可能包括 [全系统AppArmor策略](https://github.com/Whonix/apparmor-profile-everything) 和 [沙盒应用程序启动器](https://www.whonix.org/wiki/Sandbox-app-launcher) ,以完全限制系统上的所有进程。
[Whonix最好与Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers)Qubes-Whonix与其他管理程序相比有各种 [,缺点](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581)。
### Tails
!!! recommendation
![Tails标志](assets/img/linux-desktop/tails.svg){ align=right }
**Tails**是一个基于Debian的实时操作系统它通过Tor路由所有的通信它可以从DVD、U盘或SD卡安装在几乎任何电脑上启动。 它使用 [Tor]tor.md来保护隐私和匿名同时规避审查制度而且在关闭电源后它不会在其使用的计算机上留下任何痕迹。
[:octicons-home-16: 主页](https://tails.boum.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=文档}
[:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=贡献 }
Tails由于具有失忆功能意味着没有任何东西被写入磁盘对于反取证来说是非常好的然而它并不是像Whonix那样的加固发行版。 它缺乏Whonix所具有的许多匿名和安全功能而且更新频率更低每六周才更新一次。 被恶意软件入侵的Tails系统可能会绕过透明代理允许用户去匿名化。
Tails默认在Tor浏览器中包括 [uBlock Origin](desktop-browsers.md#ublock-origin) 这有可能使对手更容易对Tails用户进行指纹识别。 [Whonix](desktop.md#whonix) 虚拟机可能更加防漏,然而它们不是失忆的,这意味着数据可能会从你的存储设备中恢复。
在设计上Tails是为了在每次重启后完全重置自己。 加密的 [持久性存储](https://tails.boum.org/doc/persistent_storage/index.en.html) ,可以配置为在重启之间存储一些数据。
## 以安全为重点的发行版
### Qubes操作系统
!!! recommendation
![Qubes OS标志](assets/img/qubes/qubes_os.svg){ align=right }
**Qubes OS**是一个开源的操作系统,旨在为桌面计算提供强大的安全性。 Qubes基于Xen、X窗口系统和Linux可以运行大多数Linux应用程序并使用大多数Linux驱动程序。
[:octicons-home-16: 主页](https://www.qubes-os.org/){ .md-button .md-button--primary }
[:material-arrow-right-drop-circle: 概述](os/qubes-overview.md){ .md-button .md-button--primary }
[:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="洋葱头服务" }
[:octicons-eye-16:](https://www.qubes-os.org/privacy/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://www.qubes-os.org/doc/){ .card-link title="文档" }
[:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="源代码" }
[:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=贡献 }
Qubes OS是一个基于Xen的操作系统旨在通过安全的虚拟机VM为桌面计算提供强大的安全性也被称为 *Qubes*
Qubes OS操作系统通过将子系统如网络、USB等和应用程序隔离在独立的虚拟机中来保证计算机的安全。 如果系统的一个部分被破坏,额外的隔离可能会保护系统的其他部分。 更多详情请见Qubes [FAQ](https://www.qubes-os.org/faq/)。
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我们推荐的操作系统。
- 必须是开源的。
- 必须定期接受软件和Linux内核的更新。
- Linux发行版必须支持 [Wayland](os/linux-overview.md#Wayland)。
- 在安装过程中必须支持全盘加密。
- 不得将定期发布的信息冻结1年以上。 我们 [,不建议将](os/linux-overview.md#release-cycle) "长期支持 "或 "稳定 "的发行版用于桌面使用。
- 必须支持各种各样的硬件。

139
i18n/zh/dns.md Normal file
View File

@@ -0,0 +1,139 @@
---
title: "DNS解析器"
icon: material/dns
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
---
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. 加密的DNS不会帮助你隐藏任何浏览活动。
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
## 推荐的供应商
| DNS供应商 | 隐私政策 | 协议 | 日志记录 | ECS | 筛选 |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------ | --- | ----------------------------------------------------------------------------------------------------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | 一些[^1] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | 一些[^2] | No | 基于服务器的选择。 |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | 可选[^3] | No | 基于服务器的选择。 |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT | 可选[^5] | 可选 | 基于服务器的选择。 |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | 一些[^6] | 可选 | 基于服务器的选择,默认为恶意软件拦截。 |
## 标准
**请注意,我们与我们推荐的任何项目都没有关系。** 除了 [我们的标准标准](about/criteria.md),我们还制定了一套明确的要求,使我们能够提供客观的建议。 我们建议你在选择使用一个项目之前熟悉这个清单,并进行自己的研究以确保它是你的正确选择。
!!! 例如 "本节是新的"
我们正在努力为我们网站的每个部分建立确定的标准,这可能会有变化。 如果你对我们的标准有任何疑问,请[在我们的论坛上提问](https://discuss.privacyguides.net/latest),如果这里没有列出,不要以为我们在做推荐时没有考虑到什么。 当我们推荐一个项目时,有许多因素被考虑和讨论,而记录每一个因素是一项正在进行的工作。
- 必须支持 [DNSSEC](advanced/dns-overview.md#what-is-dnssec)。
- [QNAME最小化](advanced/dns-overview.md#what-is-qname-minimization).
- 允许 [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) 被禁用。
- 倾向于 [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) 支持或地理转向支持。
## 本地操作系统支持
### 安卓
安卓9及以上系统支持通过TLS的DNS。 这些设置可以在下面找到。 **设置** &rarr; **网络 & 互联网** &rarr; **私人DNS**
### 苹果设备
最新版本的iOS、iPadOS、tvOS和macOS同时支持DoT和DoH。 通过 [配置文件](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) ,或通过 [DNS设置API](https://developer.apple.com/documentation/networkextension/dns_settings),这两种协议都得到了本地支持。
在安装配置文件或使用DNS设置API的应用程序后可以选择DNS配置。 如果VPN处于激活状态在VPN隧道内的解析将使用VPN的DNS设置而不是你整个系统的设置。
#### 已签名的配置文件
苹果公司没有为创建加密的DNS配置文件提供本地接口。 [安全DNS配置文件创建者](https://dns.notjakob.com/tool.html) 是一个非官方的工具用于创建你自己的加密DNS配置文件然而它们将不会被签署。 签名的档案是首选;签名验证了档案的来源,有助于确保档案的完整性。 绿色的 "已验证 "标签被赋予已签署的配置文件。 关于代码签名的更多信息,见 [关于代码签名](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)。 ** [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html)、 [NextDNS](https://apple.nextdns.io)和 [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/)提供了签名的配置文件**。
!!! 信息
`systemd-resolved`许多Linux发行版使用它来进行DNS查询但还不[支持DoH](https://github.com/systemd/systemd/issues/8639)。 如果你想使用DoH你需要安装一个代理如 [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy)和[配置它](https://wiki.archlinux.org/title/Dnscrypt-proxy)从你的系统解析器接收所有的DNS查询并通过HTTPS转发。
## 加密DNS代理
加密的DNS代理软件为 [未加密的DNS](advanced/dns-overview.md#unencrypted-dns) 解析器提供一个本地代理转发。 通常情况下,它被用于那些不支持 [加密DNS的平台](advanced/dns-overview.md#what-is-encrypted-dns)。
### RethinkDNS
!!! recommendation
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS标志](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
**RethinkDNS**是一个开源的Android客户端支持 [DNS-over-HTTPS]advanced/dns-overview.md#dns-over-https-doh、 [DNS-over-TLS]advanced/dns-overview.md#dns-over-tls-dot、 [DNSCrypt]advanced/dns-overview.md#dnscrypt和DNS Proxy同时还可以缓存DNS响应本地记录DNS查询也可以作为防火墙使用。
[:octicons-home-16: 主页](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=文档}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="源代码" }
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
### dnscrypt-代理
!!! recommendation
![dnscrypt-proxy标志](assets/img/dns/dnscrypt-proxy.svg) { align=right }
**dnscrypt-proxy**是一个DNS代理支持 [DNSCrypt]advanced/dns-overview.md#dnscrypt [DNS-over-HTTPS]advanced/dns-overview.md#dns-over-https-doh以及[Anonymized DNS]https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS
!!! 警告 "匿名DNS功能不会[***](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)匿名化其他网络流量。"
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title="贡献" }
??? 下载
- [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
## 自我托管的解决方案
自我托管的DNS解决方案对于在智能电视和其他物联网设备等受控平台上提供过滤非常有用因为不需要客户端软件。
### AdGuard Home
!!! recommendation
![AdGuard Home标识](assets/img/dns/adguard-home.svg){ align=right }
**AdGuard Home**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。
AdGuard Home有一个精致的网络界面可以查看洞察力和管理被阻止的内容。
[:octicons-home-16: 主页](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="隐私政策" }
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=文档}
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="源代码" }
### Pi-hole
!!! recommendation
! [Pi-hole标志](assets/img/dns/pi-hole.svg){ align=right }
**Pi-hole**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。
Pi-hole被设计为在Raspberry Pi上托管但它并不局限于这种硬件。 该软件具有一个友好的网络界面,可以查看洞察力和管理封锁的内容。
[:octicons-home-16: 主页](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=文档}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="源代码" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="贡献" }
[^1]: AdGuard存储其DNS服务器的汇总性能指标即对特定服务器的完整请求数、被阻止的请求数和处理请求的速度。 他们还保留并存储了过去24小时内请求的域名数据库。 "我们需要这些信息来识别和阻止新的追踪者和威胁。" "我们还记录了这个或那个追踪器被封锁的次数。 我们需要这些信息来从我们的过滤器中删除过时的规则"。 [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare只收集和存储发送到1.1.1.1解析器的有限DNS查询数据。 1.1.1.1解析器服务不记录个人数据而且大部分有限的非个人识别的查询数据只存储25小时。 [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D只记录具有自定义DNS配置文件的高级解析器。 自由解析器不记录数据。 [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad的DNS服务对Mullvad VPN的订阅者和非订阅者都适用。 他们的隐私政策明确声称他们不会以任何方式记录DNS请求。 [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS可以在选择加入的基础上提供见解和日志记录功能。 你可以为你选择保留的任何日志选择保留时间和日志存储位置。 如果没有特别要求,就不记录数据。 [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9收集了一些数据用于威胁监测和应对。 然后,这些数据可能被重新混合和共享,例如为了安全研究的目的。 Quad9不会收集或记录IP地址或其他他们认为可以识别个人身份的数据。 [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)

238
i18n/zh/email-clients.md Normal file
View File

@@ -0,0 +1,238 @@
---
title: "笔记"
icon: material/email-open
description: These email clients are privacy-respecting and support OpenPGP email encryption.
---
Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft.
??? warning "Email does not provide forward secrecy"
When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email.
OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy:
[Real-time Communication](real-time-communication.md){ .md-button }
## Cross-Platform
### Thunderbird
!!! recommendation
![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ align=right }
**Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation.
[:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" }
??? downloads
- [:simple-windows11: Windows](https://www.thunderbird.net)
- [:simple-apple: macOS](https://www.thunderbird.net)
- [:simple-linux: Linux](https://www.thunderbird.net)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird)
#### 推荐配置
We recommend changing some of these settings to make Thunderbird a little more private.
这些选项可以在 :material-menu: → **设置** → **隐私 & 安全**中找到。
##### Web Content
- [ ] Uncheck **Remember websites and links I've visited**
- [ ] Uncheck **Accept cookies from sites**
##### 遥测
- [ ] Uncheck **Allow Thunderbird to send technical and interaction data to Mozilla**
#### Thunderbird-user.js (advanced)
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js).
## Platform Specific
### Apple Mail (macOS)
!!! recommendation
![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right }
**Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption.md#gpg-suite), which adds the ability to send PGP-encrypted email.
[:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation}
### Canary Mail (iOS)
!!! recommendation
![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right }
**Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954)
- [:simple-windows11: Windows](https://canarymail.io/downloads.html)
!!! 推荐
Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
### FairEmail (Android)
!!! recommendation
![FairEmail logo](assets/img/email-clients/fairemail.svg){ align=right }
**FairEmail** is a minimal, open-source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage.
[:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
- [:simple-github: GitHub](https://github.com/M66B/FairEmail/releases)
### GNOME Evolution (GNOME)
!!! recommendation
![Evolution logo](assets/img/email-clients/evolution.svg){ align=right }
**Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started.
[:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
[:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gnome.Evolution)
### K-9 Mail (Android)
!!! recommendation
![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right }
**K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html) Thunderbird client for Android.
[:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" }
[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
- [:simple-github: GitHub](https://github.com/k9mail/k-9/releases)
!!! 推荐
When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738).
### Kontact (KDE)
!!! recommendation
![Kontact logo](assets/img/email-clients/kontact.svg){ align=right }
**Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client.
[:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? downloads
- [:simple-linux: Linux](https://kontact.kde.org/download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.kontact)
### Mailvelope (Browser)
!!! recommendation
![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ align=right }
**Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
[:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
??? downloads
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
### NeoMutt (CLI)
!!! recommendation
![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right }
**NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features.
NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable.
[:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://neomutt.org/guide/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.paypal.com/paypalme/russon/){ .card-link title=Contribute }
??? downloads
- [:simple-apple: macOS](https://neomutt.org/distro)
- [:simple-linux: Linux](https://neomutt.org/distro)
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Qualifications
- 为开源操作系统开发的应用程序必须是开源的。
- Must not collect telemetry, or have an easy way to disable all telemetry.
- Must support OpenPGP message encryption.
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should be open-source.
- Should be cross-platform.
- Should not collect any telemetry by default.
- Should support OpenPGP natively, i.e. without extensions.
- Should support storing OpenPGP encrypted emails locally.

503
i18n/zh/email.md Normal file
View File

@@ -0,0 +1,503 @@
---
title: "Email Services"
icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
---
电子邮件实际上是使用任何在线服务的必需品,但我们不建议使用它进行人与人之间的对话。 与其使用电子邮件与他人联系,不如考虑使用支持前向保密的即时通讯媒介。
[推荐的即时通讯工具](real-time-communication.md ""){.md-button}
对于其他一切,我们根据可持续的商业模式和内置的安全和隐私功能,推荐各种电子邮件供应商。
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
## OpenPGP 兼容服务
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. 例如Proton Mail用户可以向Mailbox.org用户发送E2EE信息或者你可以从支持OpenPGP的互联网服务中收到OpenPGP加密的通知。
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
</div>
!!! 警告
当使用像OpenPGP这样的E2EE技术时电子邮件仍然会有一些元数据没有在电子邮件的标题中进行加密。 阅读更多关于[电子邮件元数据](basics/email-security.md#email-metadata-overview)。
OpenPGP也不支持转发保密这意味着如果你或收件人的私钥被盗所有以前用它加密的信息都会暴露。 [如何保护我的私钥?](basics/email-security.md#how-do-i-protect-my-private-keys)
### Proton Mail
!!! recommendation
! [Proton Mail徽标] (assets/img/email/protonmail.svg) {align = right}
* * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 他们自**2013年**以来一直在运作。 Proton公司总部位于瑞士日内瓦。 他们的免费计划中账户一开始开始有500MB的存储空间。
[:octicons-home-16: 首页](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="洋葱服务" }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title="文档"}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="源代码" }
??? 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail)。 ndroid)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905)
- [:simple-github: GitHub](https://github. om/ProtonMail/proton-mail-android/releases)
- [:simple-windows11: Windows](https://proton.me/mail/bridge#download)
- [:simple-apple: macOS](https://proton. e/mail/bridge#download)
- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
- [:octicons-browser-16: Web](https://mail.proton.me)
免费账户有一些限制,如不能搜索正文,不能访问 [Proton Mail Bridge](https://proton.me/mail/bridge),这是使用 [推荐的桌面电子邮件客户端](email-clients.md) 如Thunderbird所需要的。 付费帐户包括Proton Mail Bridge等功能额外的存储空间和自定义域支持。 2021年11月9日 [Securitum](https://research.securitum.com)为Proton Mail的应用程序提供了一份 [的证明信](https://proton.me/blog/security-audit-all-proton-apps)。
如果你有 "Proton Unlimited"、" Business "或 "Visionary "计划,你还可以免费获得 [SimpleLogin](#simplelogin) Premium。
</strong> Proton Mail有内部碰撞报告他们 **,不与第三方分享。 这可以在以下方面禁用。 **设置** > **转到设置** > **帐户** > **安全和隐私** > **发送崩溃报告**</p>
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
#### :material-check:{ .pg-green } Private Payment Methods
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
#### :material-check:{ .pg-green } Account Security
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) and [hardware security keys](https://proton.me/support/2fa-security-key) using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two factor authentication first.
#### :material-check:{ .pg-green } Data Security
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). 使用零访问加密的数据只有你才能访问。
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. 支持零访问加密的联系人字段,如电话号码,会用挂锁图标表示。
#### :material-check:{ .pg-green } Email Encryption
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. 给其他Proton Mail账户的邮件是自动加密的用OpenPGP密钥给非Proton Mail地址加密可以在账户设置中轻松启用。 They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). 这使得不使用Proton Mail的人可以轻松找到Proton Mail账户的OpenPGP密钥实现跨供应商的E2EE。
#### :material-information-outline:{ .pg-blue } Account Termination
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. 30天后你的账户将成为欠费账户不会收到来信。 在此期间,您将继续收到账单。
#### :material-information-outline:{ .pg-blue } Additional Functionality
Proton Mail提供9.99欧元/月的 "无限 "账户除了提供多个账户、域名、别名和500GB的存储空间外还能访问Proton VPN。
Proton Mail不提供数字遗留功能。
### Mailbox.org
!!! recommendation
![Mailbox.org标志](assets/img/email/mailboxorg.svg){ align=right }
**Mailbox.org**是一个专注于安全、无广告、并由100%环保能源私人提供的电子邮件服务。 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 账户开始时有2GB的存储空间可根据需要升级。
[:octicons-home-16: 首页](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title="文件"}
?? 下载
- [:octicons-browser-16: Web](https://login.mailbox.org)
#### :material-check:{ .pg-green } Custom Domains and Aliases
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
#### :material-check:{ .pg-green } Private Payment Methods
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. 然而他们确实接受邮寄现金、向银行账户支付现金、银行转账、信用卡、贝宝和几个德国特有的处理器Paydirekt和Sofortüberweisung。
#### :material-check:{ .pg-green } Account Security
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
#### :material-check:{ .pg-green } Email Encryption
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
#### :material-information-outline:{ .pg-blue } Account Termination
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
#### :material-information-outline:{ .pg-blue } Additional Functionality
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
## More Providers
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
<div class="grid cards" markdown>
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>
### StartMail
!!! recommendation
![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right }
![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right }
**StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
[:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
??? downloads
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
#### :material-check:{ .pg-green } Custom Domains and Aliases
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
#### :material-check:{ .pg-green } Account Security
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
#### :material-information-outline:{ .pg-blue } Data Security
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
#### :material-check:{ .pg-green } Email Encryption
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
#### :material-information-outline:{ .pg-blue } Account Termination
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
#### :material-information-outline:{ .pg-blue } Additional Functionality
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
StartMail does not offer a digital legacy feature.
### Tutanota
!!! recommendation
![Tutanota logo](assets/img/email/tutanota.svg){ align=right }
**Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
[:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609)
- [:simple-github: GitHub](https://github.com/tutao/tutanota/releases)
- [:simple-windows11: Windows](https://tutanota.com/#download)
- [:simple-apple: macOS](https://tutanota.com/#download)
- [:simple-linux: Linux](https://tutanota.com/#download)
- [:octicons-browser-16: Web](https://mail.tutanota.com/)
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
#### :material-information-outline:{ .pg-blue } Private Payment Methods
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
#### :material-check:{ .pg-green } Account Security
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
#### :material-check:{ .pg-green } Data Security
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
#### :material-information-outline:{ .pg-blue } Email Encryption
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
#### :material-information-outline:{ .pg-blue } Account Termination
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
#### :material-information-outline:{ .pg-blue } Additional Functionality
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
Tutanota doesn't offer a digital legacy feature.
## Email Aliasing Services
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
<div class="grid cards" markdown>
- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
</div>
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly.
- Replies are sent from the alias address, shielding your real email address.
They also have a number of benefits over "temporary email" services:
- Aliases are permanent and can be turned on again if you need to receive something like a password reset.
- Emails are sent to your trusted mailbox rather than stored by the alias provider.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
### AnonAddy
!!! recommendation
![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
**AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
[:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
Notable free features:
- [x] 20 Shared Aliases
- [x] Unlimited Standard Aliases
- [ ] No Outgoing Replies
- [x] 2 Recipient Mailboxes
- [x] Automatic PGP Encryption
### SimpleLogin
!!! recommendation
![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
[:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
- [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free.
Notable free features:
- [x] 10 Shared Aliases
- [x] Unlimited Replies
- [x] 1 Recipient Mailbox
## Self-Hosting Email
Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable.
### Combined software solutions
!!! recommendation
![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute }
!!! recommendation
![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
For a more manual approach we've picked out these two articles:
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017)
## Criteria
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
### 技术
We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.
**符合条件的最低要求。**
- Encrypts email account data at rest with zero-access encryption.
- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
**Best Case:**
- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption.
- Integrated webmail E2EE/PGP encryption provided as a convenience.
- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com`
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support.
- Catch-all or alias functionality for those who own their own domains.
- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
### 隐私
We prefer our recommended providers to collect as little data as possible.
**符合条件的最低要求。**
- Protect sender's IP address. Filter it from showing in the `Received` header field.
- Don't require personally identifiable information (PII) besides a username and a password.
- Privacy policy that meets the requirements defined by the GDPR
- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/).
**Best Case:**
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
### 安全性
Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members.
**符合条件的最低要求。**
- Protection of webmail with 2FA, such as TOTP.
- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://www.hardenize.com/), [testssl.sh](https://testssl.sh/), or [Qualys SSL Labs](https://www.ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
- A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy.
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
- Website security standards such as:
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains.
- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt.
**Best Case:**
- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name).
- [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
- Website security standards such as:
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
### Trust
You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
**符合条件的最低要求。**
- Public-facing leadership or ownership.
**Best Case:**
- Public-facing leadership.
- Frequent transparency reports.
### Marketing
With the email providers we recommend we like to see responsible marketing.
**符合条件的最低要求。**
- Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
Must not have any marketing which is irresponsible:
- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
- Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
**Best Case:**
- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc.
### Additional Functionality
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.

356
i18n/zh/encryption.md Normal file
View File

@@ -0,0 +1,356 @@
---
title: "加密软件"
icon: material/file-lock
description: 对数据进行加密是控制谁能访问数据的唯一方法。 These tools allow you to encrypt your emails and any other files.
---
对数据进行加密是控制谁能访问数据的唯一方法。 如果你目前没有对你的硬盘、电子邮件或文件使用加密软件,你应该在这里挑选一个选项。
## 多平台
这里列出的选项是多平台的,对于创建你的数据的加密备份非常好。
### Cryptomator (云)
!!! recommendation
![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right }
**Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. 它允许你创建存储在虚拟驱动器上的保险库,其中的内容被加密并与你的云存储供应商同步。
[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- [:simple-android: Android](https://cryptomator.org/android)
- [:simple-windows11: Windows](https://cryptomator.org/downloads)
- [:simple-apple: macOS](https://cryptomator.org/downloads)
- [:simple-linux: Linux](https://cryptomator.org/downloads)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
Cryptomator使用AES-256加密对文件和文件名进行加密。 Cryptomator不能加密元数据如访问、修改和创建时间戳也不能加密文件和文件夹的数量和大小。
Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS.
Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target/), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture/), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices/) for use in further detail.
### Picocrypt (File)
!!! recommendation
![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right }
**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt使用安全的XChaCha20密码和Argon2id密钥推导功能来提供高水平的安全。 它使用Go的标准x/crypto模块来实现其加密功能。
[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
### VeraCrypt (磁盘)
!!! recommendation
![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right }
![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right }
**VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. 它可以在一个文件中创建一个虚拟的加密磁盘,加密一个分区,或者用启动前的认证来加密整个存储设备。
[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.
When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher.
Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit).
## OS Full Disk Encryption
Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor).
### BitLocker
!!! recommendation
![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right }
**BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/).
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites.
??? example "Enabling BitLocker on Windows Home"
To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module.
1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style":
```
powershell Get-Disk
```
2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`:
```
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**.
4. Login with your admin account and type this in the command prompt to start encryption:
```
manage-bde -on c: -used
```
5. Close the command prompt and continue booting to regular Windows.
6. Open an admin command prompt and run the following commands:
```
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
!!! tip
Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data.
### FileVault
!!! recommendation
![FileVault logo](assets/img/encryption-software/filevault.png){ align=right }
**FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery.
### Linux Unified Key Setup
!!! recommendation
![LUKS logo](assets/img/encryption-software/luks.png){ align=right }
**LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers.
[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
??? example "Creating and opening encrypted containers"
```
dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
sudo cryptsetup luksFormat /path-to-file
```
#### Opening encrypted containers
We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface.
```
udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0
```
!!! note "Remember to back up volume headers"
We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with:
```
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
```
## Browser-based
Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device.
### hat.sh
!!! recommendation
![hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ align=right }
![hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ align=right }
**Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies.
[:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary }
[:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" }
## Command-line
Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script).
### Kryptor
!!! recommendation
![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right }
**Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG.
[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.kryptor.co.uk)
- [:simple-apple: macOS](https://www.kryptor.co.uk)
- [:simple-linux: Linux](https://www.kryptor.co.uk)
### Tomb
!!! recommendation
![Tomb logo](assets/img/encryption-software/tomb.png){ align=right }
**Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work).
[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
## OpenPGP
OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options.
When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf).
!!! tip "Use future defaults when generating a key"
When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/):
```bash
gpg --quick-gen-key alice@example.com future-default
```
### GNU Privacy Guard
!!! recommendation
![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right }
**GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government.
[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
- [:simple-apple: macOS](https://gpgtools.org)
- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
### GPG4win
!!! recommendation
![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right }
**GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005.
[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
### GPG Suite
!!! note
We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices.
!!! recommendation
![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right }
**GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS.
We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support.
[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
??? downloads
- [:simple-apple: macOS](https://gpgtools.org)
### OpenKeychain
!!! recommendation
![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right }
**OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015).
[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Qualifications
- Cross-platform encryption apps must be open-source.
- File encryption apps must support decryption on Linux, macOS, and Windows.
- External disk encryption apps must support decryption on Linux, macOS, and Windows.
- Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively.
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave.
- File encryption apps should have first- or third-party support for mobile platforms.

147
i18n/zh/file-sharing.md Normal file
View File

@@ -0,0 +1,147 @@
---
title: "加密软件"
icon: material/share-variant
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
---
Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
## 文件共享
### Send
!!! recommendation
![Send logo](assets/img/file-sharing-sync/send.svg){ align=right }
**Send** is a fork of Mozillas discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee/). You can use other public instances, or you can host Send yourself.
[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server:
```bash
ffsend upload --host https://send.vis.ee/ FILE
```
### OnionShare
!!! recommendation
![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right }
**OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files.
[:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
??? downloads
- [:simple-windows11: Windows](https://onionshare.org/#download)
- [:simple-apple: macOS](https://onionshare.org/#download)
- [:simple-linux: Linux](https://onionshare.org/#download)
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must not store decrypted data on a remote server.
- 它必须是开源软件。
- Must either have clients for Linux, macOS, and Windows; or have a web interface.
## FreedomBox
!!! recommendation
![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right }
**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host.
[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
[:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute }
## File Sync
### Nextcloud (Client-Server)
!!! recommendation
![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right }
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
- [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients)
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
!!! 危险
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
### Syncthing (P2P)
!!! recommendation
![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right }
**Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS.
[:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
[:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
- [:simple-windows11: Windows](https://syncthing.net/downloads/)
- [:simple-apple: macOS](https://syncthing.net/downloads/)
- [:simple-linux: Linux](https://syncthing.net/downloads/)
- [:simple-freebsd: FreeBSD](https://syncthing.net/downloads/)
- [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/)
- [:simple-netbsd: NetBSD](https://syncthing.net/downloads/)
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
#### Minimum Requirements
- Must not require a third-party remote/cloud server.
- 它必须是开源软件。
- Must either have clients for Linux, macOS, and Windows; or have a web interface.
#### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Has mobile clients for iOS and Android, which at least support document previews.
- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android.

94
i18n/zh/financial-services.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: Financial Services
icon: material/bank
---
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
## Payment Masking Services
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
!!! tip "Check your current bank"
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
### Privacy.com (US)
!!! recommendation
![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right }
![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right }
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
### MySudo (US, Paid)
!!! recommendation
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
- Cards must not require you to provide accurate billing address information to the merchant.
## Gift Card Marketplaces
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
### Cake Pay
!!! recommendation
![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right }
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
### CoinCards
!!! recommendation
![CakePay logo](assets/img/financial-services/coincards.svg){ align=right }
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
- No ID requirement.

267
i18n/zh/frontends.md Normal file
View File

@@ -0,0 +1,267 @@
---
title: "文件共享"
icon: material/flip-to-front
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
---
有时,一些服务会用烦人的弹窗阻止你访问内容,以此来强迫你注册账户。 此时如果停用JavaScript网站也会崩溃。 这些前端应用可以帮助你绕过这些限制。
## 客户端
### Librarian
!!! recommendation
![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right }
![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right }
**Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable.
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
[:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
[:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
!!! 推荐
Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
!!! tip
Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
## Twitter
### Nitter
!!! recommendation
![Nitter logo](assets/img/frontends/nitter.svg){ align=right }
**Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable.
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
[:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
!!! tip
Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter).
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting.
When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
## TikTok
### ProxiTok
!!! recommendation
![ProxiTok logo](assets/img/frontends/proxitok.svg){ align=right }
**ProxiTok** is an open source frontend to the [TikTok](https://www.tiktok.com) website that is also self-hostable.
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
!!! tip
ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level.
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting ProxiTok, as other peoples' usage will be linked to your hosting.
When you are using a ProxiTok instance, make sure to read the privacy policy of that specific instance. ProxiTok instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
## YouTube
### FreeTube
!!! recommendation
![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://freetubeapp.io/#download)
- [:simple-apple: macOS](https://freetubeapp.io/#download)
- [:simple-linux: Linux](https://freetubeapp.io/#download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
!!! 推荐
When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. 它使用一个类似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)的网络来存储视频内容,并使用一个 [blockchain](https://wikipedia.org/wiki/Blockchain)来存储这些视频的索引。
### Yattee
!!! recommendation
![Yattee logo](assets/img/frontends/yattee.svg){ align=right }
**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS and macOS for [YouTube](https://youtube.com). When using Yattee, your subscription list are saved locally on your device.
You will need to take a few [extra steps](https://gonzoknows.com/posts/Yattee/) before you can use Yattee to watch YouTube, due to App Store restrictions.
[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute }
??? downloads
- [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629)
- [:simple-github: GitHub](https://github.com/yattee/yattee/releases)
!!! 推荐
When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. 它使用一个类似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)的网络来存储视频内容,并使用一个 [blockchain](https://wikipedia.org/wiki/Blockchain)来存储这些视频的索引。
By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
### LibreTube (Android)
!!! recommendation
![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right }
![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right }
**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.
LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well.
[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
??? downloads
- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases)
!!! 推荐
When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. 它使用一个类似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)的网络来存储视频内容,并使用一个 [blockchain](https://wikipedia.org/wiki/Blockchain)来存储这些视频的索引。
By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
### NewPipe (Android)
!!! 推荐备注
![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right }
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
Your subscription list and playlists are saved locally on your Android device.
[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
[:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings****Content****PeerTube instances**
!!! 警告
When using NewPipe, your IP address will be visible to the video providers used. 它使用一个类似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)的网络来存储视频内容,并使用一个 [blockchain](https://wikipedia.org/wiki/Blockchain)来存储这些视频的索引。
### Invidious
!!! recommendation
![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right }
![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right }
**Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
[:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
[:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
[:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
!!! 推荐
Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
!!! tip
Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we dont recommend logging into any accounts.
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
### Piped
!!! recommendation
![Piped logo](assets/img/frontends/piped.svg){ align=right }
**Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
Piped requires JavaScript in order to function and there are a number of public instances.
[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
[:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
!!! tip
Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we dont recommend logging into any accounts.
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
推荐的前端应用...
- 它必须是开源软件。
- 必须能够自托管。
- 必须向匿名用户提供所有基本的网站功能。
We only consider frontends for websites which are...
- 不启用Javascript就不能正常访问。

70
i18n/zh/index.md Normal file
View File

@@ -0,0 +1,70 @@
---
template: overrides/home.zh.html
hide:
- navigation
- toc
- 反馈
schema:
-
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
-
"@context": https://schema.org
"@type": WebSite
name: Privacy Guides
url: "https://www.privacyguides.org/"
sameAs:
- https://www.wikidata.org/wiki/Q111710163
potentialAction:
"@type": SearchAction
target:
"@type": EntryPoint
urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
query-input: required name=search_term_string
---
<!-- markdownlint-disable-next-line -->
## Why should I care?
##### “I have nothing to hide. Why should I care about my privacy?”
Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination).
You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human.
[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary}
## What should I do?
##### First, you need to make a plan
Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them.
==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan.
[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary}
---
## We need you! Here's how to get involved:
[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" }
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" }
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" }
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" }
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" }
[:material-information-outline:](about/index.md){ title="Learn more about us" }
[:material-hand-coin-outline:](about/donate.md){ title="Support the project" }
It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know.

17
i18n/zh/kb-archive.md Normal file
View File

@@ -0,0 +1,17 @@
---
title: KB Archive
icon: material/archive
description: Some pages that used to be in our knowledge base can now be found on our blog.
---
# Pages Moved to Blog
Some pages that used to be in our knowledge base can now be found on our blog:
- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
- [Linux - System Hardening](https://blog.privacyguides.org/2022/04/22/linux-system-hardening/)
- [Linux - Application Sandboxing](https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/)
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)

22
i18n/zh/meta/brand.md Normal file
View File

@@ -0,0 +1,22 @@
---
title: Branding Guidelines
---
The name of the website is **Privacy Guides** and should **not** be changed to:
<div class="pg-red" markdown>
- PrivacyGuides
- Privacy guides
- PG
- PG.org
</div>
The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
## Trademark
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.

46
i18n/zh/meta/git-recommendations.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: Git Recommendations
---
If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
## Enable SSH Key Commit Signing
You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
```
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Copy your SSH public key to your clipboard, for example:
```
pbcopy < ~/.ssh/id_ed25519.pub
# Copies the contents of the id_ed25519.pub file to your clipboard
```
3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard:
```
git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com'
```
Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
## Rebase on Git pull
Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo).
You can set this to be the default behavior:
```
git config --global pull.rebase true
```
## Rebase from `main` before submitting a PR
If you are working on your own branch, run these commands before submitting a PR:
```
git fetch origin
git rebase origin/main
```

89
i18n/zh/meta/uploading-images.md Normal file
View File

@@ -0,0 +1,89 @@
---
title: Uploading Images
---
Here are a couple of general rules for contributing to Privacy Guides:
## Images
- We **prefer** SVG images, but if those do not exist we can use PNG images
Company logos have canvas size of:
- 128x128px
- 384x128px
## Optimization
### PNG
Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image:
```bash
optipng -o7 file.png
```
### SVG
#### Inkscape
[Scour](https://github.com/scour-project/scour) all SVG images.
In Inkscape:
1. File Save As..
2. Set type to Optimized SVG (*.svg)
In the **Options** tab:
- **Number of significant digits for coordinates** > **5**
- [x] Turn on **Shorten color values**
- [x] Turn on **Convert CSS attributes to XML attributes**
- [x] Turn on **Collapse groups**
- [x] Turn on **Create groups for similar attributes**
- [ ] Turn off **Keep editor data**
- [ ] Turn off **Keep unreferenced definitions**
- [x] Turn on **Work around renderer bugs**
In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
- [x] Turn on **Embeded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
- [ ] Turn off **Format output with line-breaks and indentation**
- **Indentation characters** > Select **Space**
- **Depth of indentation** > **1**
- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
In the **IDs** tab:
- [x] Turn on **Remove unused IDs**
- [ ] Turn off **Shorten IDs**
- **Prefix shortened IDs with** > `leave blank`
- [x] Turn on **Preserve manually created IDs not ending with digits**
- **Preserve the following IDs** > `leave blank`
- **Preserve IDs starting with** > `leave blank`
#### CLI
The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
```bash
scour --set-precision=5 \
--create-groups \
--renderer-workaround \
--remove-descriptive-elements \
--enable-comment-stripping \
--enable-viewboxing \
--indent=space \
--nindent=1 \
--no-line-breaks \
--enable-id-stripping \
--protect-ids-noninkscape \
input.svg output.svg
```

87
i18n/zh/meta/writing-style.md Normal file
View File

@@ -0,0 +1,87 @@
---
title: Writing Style
---
Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt.
In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below.
## Writing for our audience
Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
### Address only what people want to know
People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
> Tell your audience why the material is important to them. Say, “If you want a research grant, heres what you have to do.” Or, “If you want to mine federal coal, heres what you should know.” Or, “If youre planning a trip to Rwanda, read this first.”
### Address people directly
We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
>
> When you use “you” to address users, they are more likely to understand what their responsibility is.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/)
### Avoid "users"
Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
## Organizing content
Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
- Mark important ideas with **bold** or *italics*.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/)
### Begin with a topic sentence
> If you tell your reader what theyre going to read about, theyre less likely to have to read your paragraph again. Headings help, but theyre not enough. Establish a context for your audience before you provide them with the details.
>
> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where youre going. Dont make readers hold a lot of information in their heads before getting to the point.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/)
## Choose your words carefully
> Words matter. They are the most basic building blocks of written and spoken communication. Dont complicate things by using jargon, technical terms, or abbreviations that people wont understand.
We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
>
> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
>
> And the original, using stronger, simpler words:
>
> > More night jobs would keep youths off the streets.
## Be concise
> Unnecessary words waste your audiences time. Great writing is like a conversation. Omit information that the audience doesnt need to know. This can be difficult as a subject matter expert so its important to have someone look at the information from the audiences perspective.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/)
## Keep text conversational
> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
>
> Verbs tell your audience what to do. Make sure its clear who does what.
### Use active voice
> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.”
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/)
### Use "must" for requirements
> - “must” for an obligation
> - “must not” for a prohibition
> - “may” for a discretionary action
> - “should” for a recommendation

224
i18n/zh/mobile-browsers.md Normal file
View File

@@ -0,0 +1,224 @@
---
title: "移动浏览器"
icon: material/cellphone-information
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Mobile Browser Recommendations
url: "./"
relatedLink: "../desktop-browsers/"
-
"@context": http://schema.org
"@type": MobileApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
applicationCategory: Web Browser
operatingSystem:
- 安卓
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": MobileApplication
name: Safari
image: /assets/img/browsers/safari.svg
url: https://www.apple.com/safari/
applicationCategory: Web Browser
operatingSystem:
- iOS
subjectOf:
"@type": WebPage
url: "./"
---
这些是我们当前推荐的移动网络浏览器以及标准/非匿名互联网浏览的配置。 如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 一般来说,我们建议将扩展程序保持在最低限度;它们在您的浏览器中具有特权访问权限,要求您信任开发人员,可以使您 [突出](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) [弱化](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) 站点隔离。
## 安卓
在安卓系统上火狐的安全性仍然低于基于Chromium的替代品。Mozilla的引擎 [GeckoView](https://mozilla.github.io/geckoview/),还没有支持 [网站隔离](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) 或启用 [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196)。
### Brave
!!! recommendation
![Brave标识](assets/img/browsers/brave.svg){ align=right }
**Brave浏览器**包括一个内置的内容拦截器和[隐私功能](https://brave.com/privacy-features/),其中许多功能都是默认启用的。
Brave是建立在Chromium网络浏览器项目之上的所以它应该有熟悉的感觉而且网站兼容性问题最小。
[:octicons-home-16: 首页](https://brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="洋葱服务" }
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="隐私政策" }
[:octicons-info-16:](https://support.brave.com/){ .card-link title="文档"}
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="源代码" }
??? downloads annotate
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
#### 推荐配置
Tor浏览器是匿名浏览互联网的唯一途径。 当您使用Brave时我们建议您更改以下设置以保护您的隐私不受某些方的侵害但除了 [Tor浏览器](tor.md#tor-browser) 之外的所有浏览器都可以在某些方面被 *个人* 追踪。
这些选项可以在 :material-menu: → **设置** → **Brave Shields & 隐私**中找到
##### 盾
Brave在其 [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) 功能中包括一些防指纹的措施。 我们建议将这些选项配置为 [,在你访问的所有页面上全局](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-)。
##### Brave shields global defaults
Shields的选项可以根据需要在每个站点的基础上进行降级但在默认情况下我们建议设置以下内容。
<div class="annotate" markdown>
- [x] Select **Aggressive** under Block trackers & ads
??? warning "Use default filter lists"
Brave允许你在内部`brave://adblock`页面中选择额外的内容过滤器。 我们建议不要使用这个功能;相反,保留默认的过滤列表。 使用额外的列表会使你从其他Brave用户中脱颖而出如果Brave中存在漏洞恶意规则被添加到你使用的列表中也可能增加攻击面。
- [x] Select **Upgrade connections to HTTPS**
- [x] Select **Always use secure connections**
- [x] (Optional) Select **Block Scripts** (1)
- [x] Select **Strict, may break sites** under **Block fingerprinting**
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
##### Clear browsing data
- [x] Select **Clear data on exit**
##### Social Media Blocking
- [ ] 取消勾选所有社交媒体组件
##### Other privacy settings
<div class="annotate" markdown>
- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [ ] Uncheck **Allow sites to check if you have payment methods saved**
- [ ] Uncheck **IPFS Gateway** (1)
- [x] Select **Close tabs on exit**
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
- [ ] Uncheck **Automatically send diagnostic reports**
- [ ] Uncheck **Automatically send daily usage ping to Brave**
</div>
1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
#### Brave 同步
[Brave 同步](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) 允许你的浏览数据历史记录、书签等在你所有的设备上访问而不需要账户并以E2EE进行保护。
## iOS
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
### Safari
!!! recommendation
![Safari logo](assets/img/browsers/safari.svg){ align=right }
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
#### 推荐配置
These options can be found in :gear: **Settings****Safari****Privacy and Security**.
##### Cross-Site Tracking Prevention
- [x] Enable **Prevent Cross-Site Tracking**
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
##### Privacy Report
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
Privacy Report is accessible via the Page Settings menu.
##### Privacy Preserving Ad Measurement
- [ ] Disable **Privacy Preserving Ad Measurement**
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
##### Always-on Private Browsing
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
- [x] Select **Private**
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpages address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
##### iCloud Sync
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**.
- [x] Turn On **Advanced Data Protection**
If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings****Safari****General****Downloads**.
### AdGuard
!!! recommendation
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162)
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Requirements
- Must support automatic updates.
- Must receive engine updates in 0-1 days from upstream release.
- 为使浏览器更加尊重隐私所需的任何改变都不应该对用户体验产生负面影响。
- Android browsers must use the Chromium engine.
- Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android.
- iOS browsers are limited to WebKit.
### 扩展标准
- 不得复制内置浏览器或操作系统的功能。
- 必须直接影响用户隐私,即不能简单地提供信息。

139
i18n/zh/multi-factor-authentication.md Normal file
View File

@@ -0,0 +1,139 @@
---
title: "Multi-Factor Authenticators"
icon: '资料/双因认证'
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
---
## 硬件安全密钥
### YubiKey
!!! recommendation
![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
[:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open-source.
For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
!!! warning
The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
### Nitrokey
!!! recommendation
![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
[:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation}
The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download).
For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
!!! 推荐
While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead.
!!! 推荐
Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware.
Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
#### Minimum Requirements
- Must use high quality, tamper resistant hardware security modules.
- Must support the latest FIDO2 specification.
- Must not allow private key extraction.
- Devices which cost over $35 must support handling OpenPGP and S/MIME.
#### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should be available in USB-C form-factor.
- Should be available with NFC.
- Should support TOTP secret storage.
- Should support secure firmware updates.
## Authenticator Apps
Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
### Aegis Authenticator (Android)
!!! recommendation
![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right }
**Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services.
[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
- [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
### Raivo OTP (iOS)
!!! recommendation
![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right }
**Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
[:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
[:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Source code must be publicly available.
- Must not require internet connectivity.
- Must not sync to a third-party cloud sync/backup service.
- **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.

172
i18n/zh/news-aggregators.md Normal file
View File

@@ -0,0 +1,172 @@
---
title: "多因素认证工具"
icon: material/rss
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
---
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
## Aggregator clients
### Akregator
!!! recommendation
![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right }
**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading.
[:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? downloads
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator)
### Feeder
!!! recommendation
![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
### Fluent Reader
!!! recommendation
![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right }
**Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md).
[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://hyliu.me/fluent-reader)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427)
### GNOME Feeds
!!! recommendation
![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right }
**GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
[:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
??? downloads
- [:simple-linux: Linux](https://gfeeds.gabmus.org/#install)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds)
### Miniflux
!!! recommendation
![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right }
![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right }
**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
[:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute }
### NetNewsWire
!!! recommendation
![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right }
**NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds.
[:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
- [:simple-apple: macOS](https://netnewswire.com)
### Newsboat
!!! recommendation
![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right }
**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
[:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- 它必须是开源软件。
- Must operate locally, i.e. must not be a cloud service.
## Social Media RSS Support
Some social media services also support RSS although it's not often advertised.
### Reddit
Reddit allows you to subscribe to subreddits via RSS.
!!! example
Replace `subreddit_name` with the subreddit you wish to subscribe to.
```text
https://www.reddit.com/r/{{ subreddit_name }}/new/.rss
```
### Twitter
Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS.
!!! example
1. Pick an instance and set `nitter_instance`.
2. Replace `twitter_account` with the account name.
```text
https://{{ nitter_instance }}/{{ twitter_account }}/rss
```
### YouTube
You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
!!! example
To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below:
```text
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
```

114
i18n/zh/notebooks.md Normal file
View File

@@ -0,0 +1,114 @@
---
title: "Notebooks"
icon: material/notebook-edit-outline
description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party.
---
Keep track of your notes and journalings without giving them to a third-party.
If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE.
## Cloud-based
### Joplin
!!! recommendation
![Joplin logo](assets/img/notebooks/joplin.svg){ align=right }
**Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.
[:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
[:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797)
- [:simple-github: GitHub](https://github.com/laurent22/joplin-android/releases)
- [:simple-windows11: Windows](https://joplinapp.org/#desktop-applications)
- [:simple-apple: macOS](https://joplinapp.org/#desktop-applications)
- [:simple-linux: Linux](https://joplinapp.org/#desktop-applications)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z).
### Standard Notes
!!! recommendation
![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right }
**Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf).
[:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450)
- [:simple-github: GitHub](https://github.com/standardnotes/app/releases)
- [:simple-windows11: Windows](https://standardnotes.com)
- [:simple-apple: macOS](https://standardnotes.com)
- [:simple-linux: Linux](https://standardnotes.com)
- [:octicons-globe-16: Web](https://app.standardnotes.com/)
### Cryptee
!!! recommendation
![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right }
![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right }
**Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.
[:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
??? downloads
- [:octicons-globe-16: PWA](https://crypt.ee/download)
Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information.
## Local notebooks
### Org-mode
!!! recommendation
![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right }
**Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools.
[:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Clients must be open-source.
- Any cloud sync functionality must be E2EE.
- Must support exporting documents into a standard format.
### Best Case
- Local backup/sync functionality should support encryption.
- Cloud-based platforms should support document sharing.

169
i18n/zh/os/android-overview.md Normal file
View File

@@ -0,0 +1,169 @@
---
title: Android概述
icon: simple/android
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
---
安卓是一个安全的操作系统,它有强大的[应用程序沙箱](https://source.android.com/security/app-sandbox)[启动时验证](https://source.android.com/security/verifiedboot)AVB以及一个强大的[权限](https://developer.android.com/guide/topics/permissions/overview)控制系统。
## 挑选安卓 ROM
你买到的安卓手机多半已经预装了能侵犯隐私的应用与服务,而这些服务并不属于 [AOSP](https://source.android.com/)。 例如 Google Play 服务:它有权访问你的文件、联系人、通话记录、短信、定位、相机、麦克风、硬件身份码等。且这些权限无法收回。 这类应用与服务扩大了你的设备的攻击面,也是安卓系统的各种隐私问题的源头。
换用一个不预装这类软件的安卓 ROM 可以解决这个问题。 不巧,很多安卓 ROM 不支持 AVB、回滚保护、系统更新、等这些关键的安全功能破坏了安卓的安全模型。 某些 ROM 发布的版本属于 [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) 构建版本。这个版本通过 [ADB](https://developer.android.com/studio/command-line/adb) 来提供 root 访问,并且为了支持调试,[放宽](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code)了 SELinux 规则。这进一步扩大了攻击面,弱化了安全模型。
在挑选安卓 ROM 时,理想的情况,是能找到坚持安卓安全模型的 ROM。 最起码的是,你选用的 ROM 应该提供生产版本(而非 `userdebug`版本)的构建,能支持 AVB、回滚保护、按时推送系统更新、把 SELinux 设为[强制模式](https://source.android.com/security/selinux/concepts#enforcement_levels)。 我们推荐的所有安卓 ROM 都满足上述标准。
[我们推荐的安卓 ROM :material-arrow-right-drop-circle:](../android.md ""){.md-button}
## 避免 Root
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) 安卓手机会大大降低安全性,因为它削弱了完整的 [安卓安全模型](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy)。 如果有一个被降低的安全性所帮助的漏洞,这可能会减少隐私。 常见的root方法涉及直接篡改启动分区使得它不可能成功地进行验证性启动。 需要root的应用程序也会修改系统分区这意味着验证启动将不得不保持禁用。 在用户界面上直接暴露root也增加了你的设备的 [攻击面](https://en.wikipedia.org/wiki/Attack_surface) ,并可能有助于 [特权升级](https://en.wikipedia.org/wiki/Privilege_escalation) 漏洞和SELinux政策的绕过。
广告拦截器,修改 [hosts文件](https://en.wikipedia.org/wiki/Hosts_(file)) AdAway和防火墙AFWall+),需要持续的根访问是危险的,不应该被使用。 它们也不是解决其预期目的的正确方法。 对于广告屏蔽,我们建议采用加密的 [DNS](../dns.md) 或 [VPN](../vpn.md) 服务器屏蔽解决方案。 RethinkDNS、TrackerControl和AdAway在非root模式下将占用VPN插槽通过使用本地环回VPN使你无法使用增强隐私的服务如Orbot或真正的VPN服务器。
AFWall+基于 [包过滤](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) 方法工作,在某些情况下可能会被绕过。
我们认为通过root手机所做的安全牺牲不值得那些应用程序的可疑隐私利益。
## 已验证的启动
[经过验证的启动](https://source.android.com/security/verifiedboot) ,是安卓安全模式的一个重要组成部分。 它能够保护您免受 [罪恶的](https://en.wikipedia.org/wiki/Evil_maid_attack) 攻击、恶意软件的持久性,并确保安全更新不能用 [回滚保护降级](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection)
安卓10及以上版本已经从全盘加密转向更灵活的 [基于文件的加密](https://source.android.com/security/encryption/file-based)。 你的数据使用独特的加密密钥进行加密,而操作系统文件则不被加密。
验证启动确保了操作系统文件的完整性,从而防止有物理访问权限的对手在设备上篡改或安装恶意软件。 在不太可能的情况下,如果恶意软件能够利用系统的其他部分并获得更高的特权访问,验证性启动将防止并在重启设备时恢复对系统分区的更改。
遗憾的是OEM厂商只有在其库存的安卓系统上才有义务支持验证性启动。 只有少数OEM厂商如谷歌支持在他们的设备上定制AVB密钥注册。 此外一些AOSP衍生产品如LineageOS或/e/ OS即使在对第三方操作系统有验证启动支持的硬件上也不支持验证启动。 我们建议你在</strong> 购买新设备之前,先查看支持 **。 不支持验证性启动的AOSP衍生产品是 **,不推荐**。</p>
许多原始设备制造商也有破碎的实施验证启动,你必须注意他们的营销之外。 例如Fairphone 3和4在默认情况下是不安全的因为 [股票引导程序信任公共AVB签名密钥](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11)。 这破坏了Fairphone设备上的验证引导因为系统将引导替代Android操作系统如/e/ [,而没有任何关于自定义操作系统使用的警告](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) 。
## 固件更新
固件更新是维护安全的关键,没有它们,你的设备就不可能是安全的。 原始设备制造商与他们的合作伙伴有支持协议,在有限的支持期内提供闭源组件。 这些内容详见每月的 [Android安全公告](https://source.android.com/security/bulletin)。
由于手机的组件,如处理器和无线电技术依赖于闭源组件,更新必须由各自的制造商提供。 因此,重要的是,你要在一个有效的支持周期内购买设备。 [高通公司](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) 和 [三星](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) 对其设备的支持期为4年而便宜的产品往往支持周期更短。 随着 [Pixel 6](https://support.google.com/pixelphone/answer/4457705)的推出谷歌现在制造自己的SoC他们将提供至少5年的支持。
不再受SoC制造商支持的EOL设备无法从OEM供应商或后市场Android分销商处获得固件更新。 这意味着这些设备的安全问题将继续得不到解决。
例如Fairphone在市场上宣传他们的设备可以获得6年的支持。 然而SoCFairphone 4上的高通骁龙750G的EOL日期要短得多。 这意味着高通公司为Fairphone 4提供的固件安全更新将在2023年9月结束无论Fairphone是否继续发布软件安全更新。
## Android 版本
重要的是,不要使用 [报废的](https://endoflife.date/android) 版本的Android。 较新版本的安卓系统不仅会收到操作系统的安全更新,也会收到重要的隐私增强更新。 例如, [在Android 10之前](https://developer.android.com/about/versions/10/privacy/changes),任何具有 [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) 权限的应用程序都可以访问你的手机的敏感和独特的序列号,如 [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity) [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier)你的SIM卡的 [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity),而现在他们必须是系统应用程序才能这样做。 系统应用只由OEM或安卓发行提供。
## Android 权限
[Android上的权限](https://developer.android.com/guide/topics/permissions/overview) ,让你控制哪些应用程序被允许访问。 谷歌定期在每个连续的版本中对权限系统进行 [改善](https://developer.android.com/about/versions/11/privacy/permissions)。 你安装的所有应用程序都是严格的 [沙箱](https://source.android.com/security/app-sandbox),因此,没有必要安装任何杀毒软件。
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
Android 10:
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
Android 11:
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
Android 12:
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
Android 13:
- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location.
- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.
An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need.
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
!!! 推荐
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
!!! note
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
## 媒体访问
相当多的应用程序允许你与他们 "共享 "一个文件进行媒体上传。 例如,如果你想在推特上发布一张图片,不要授予推特对你的 "媒体和照片 "的访问权,因为那时它就可以访问你所有的图片。 相反去你的文件管理器documentsUI按住图片然后与Twitter分享。
## 用户资料
多个用户配置文件可以在 **设置****系统****多个用户** 是Android中最简单的隔离方式。
通过用户个人资料,你可以对一个特定的个人资料施加限制,如:打电话、使用短信或在设备上安装应用程序。 每个用户资料使用自己的加密密钥进行加密,不能访问任何其他人的个人资料。 即使是设备所有者,如果不知道他们的密码,也不能查看其他人的个人资料。 多个个人资料是一种更安全的隔离方法。
## 工作身份
[工作配置文件](https://support.google.com/work/android/answer/6191949) 是隔离单个应用程序的另一种方式,可能比单独的用户配置文件更方便。
在没有企业MDM的情况下需要一个 **设备控制器** 应用程序,如 [Shelter](#recommended-apps) 以创建一个工作档案除非你使用的是包括一个自定义的Android操作系统。
该工作档案依赖于设备控制器来运作。 诸如 *文件穿梭**接触搜索封锁* 或任何种类的隔离功能必须由控制器实现。 你还必须完全信任设备控制器应用程序,因为它可以完全访问你在工作档案中的数据。
这种方法通常不如二级用户配置文件安全;但是,它确实允许你在工作和个人配置文件中同时运行应用程序的便利。
## VPN Killswitch
Android 7及更高版本支持VPN killswitch ,无需安装第三方应用程序即可使用。 如果VPN断开连接此功能可以防止泄漏。 可以在 :gear: **设置****网络 & 互联网****VPN** → :gear: → **阻止没有VPN的连接**
## 全局切换
现代安卓设备有全局切换键,用于禁用蓝牙和定位服务。 安卓12引入了相机和麦克风的切换功能。 在不使用时,我们建议禁用这些功能。 在重新启用之前,应用程序不能使用被禁用的功能(即使被授予个别许可)。
## 谷歌
如果你使用的是带有谷歌服务的设备无论是你的原生操作系统还是像GrapheneOS这样的安全沙盒式的操作系统你可以做一些额外的改变来改善你的隐私。 我们仍然建议完全避免使用谷歌服务,或者通过将 *Shelter* 等设备控制器与GrapheneOS的沙盒化谷歌游戏结合起来将谷歌游戏服务限制在特定的用户/工作档案中。
### 高级保护计划
如果你有一个谷歌账户,我们建议注册 [高级保护计划](https://landing.google.com/advancedprotection/)。 任何拥有两个或更多支持 [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) 的硬件安全密钥的人都可以免费使用。
高级保护计划提供增强的威胁监控,并支持:
- </strong> 更严格的双因素认证;例如,必须使用 [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **,不允许使用 [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) 和 [OAuth](https://en.wikipedia.org/wiki/OAuth)。</li>
- 只有谷歌和经过验证的第三方应用程序可以访问账户数据
- 在 Gmail 帐户上扫描收到的邮件以进行 [钓鱼](https://en.wikipedia.org/wiki/Phishing#Email_phishing) 尝试
- 更严格的 [安全的浏览器扫描](https://www.google.com/chrome/privacy/whitepaper.html#malware) 与谷歌浏览器
- 对丢失凭证的账户有更严格的恢复程序
如果你使用非沙盒式的Google Play服务在股票操作系统上很常见高级保护计划还带有 [额外的好处](https://support.google.com/accounts/answer/9764949?hl=en) ,例如。
- 不允许在Google Play商店、操作系统供应商的应用程序商店之外安装应用程序或通过 [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- 强制性的自动设备扫描与 [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- 警告你有未经验证的应用程序</ul>
### Google Play 系统更新
在过去,安卓系统的安全更新必须由操作系统供应商来提供。 从安卓10开始安卓变得更加模块化谷歌可以通过特权游戏服务推送安全更新 **一些** 系统组件。
如果你有一个以安卓10或以上系统出厂的EOL设备并且无法在你的设备上运行我们推荐的任何操作系统你很可能最好坚持使用你的OEM安卓安装而不是这里没有列出的操作系统如LineageOS或/e/ OS。 这将允许你从谷歌获得 **,一些** 安全修复,同时不会因为使用不安全的安卓衍生产品而违反安卓安全模式,增加你的攻击面。 我们仍然建议尽快升级到支持的设备。
### 广告 ID
所有安装了Google Play服务的设备都会自动生成一个 [广告ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) ,用于定向广告。 禁用此功能以限制收集到的关于你的数据。
在带有 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play)的安卓发行上,进入 :gear: **设置****应用程序****Sandboxed Google Play****谷歌设置****广告**,并选择 *删除广告 ID*
在拥有特权的谷歌游戏服务的安卓发行版上(如股票操作系统),该设置可能在几个位置之一。 查看
- :gear: **设置****谷歌****广告**
- :gear: **设置****隐私****广告**
你可以选择删除你的广告ID或者 *,选择退出基于兴趣的广告*这在安卓的OEM发行中是不同的。 如果呈现出删除广告ID的选项那是首选。 如果没有那么请确保选择退出并重新设置你的广告ID。
### SafetyNet和Play Integrity API
[安全网](https://developer.android.com/training/safetynet/attestation) 和 [Play Integrity APIs](https://developer.android.com/google/play/integrity) ,一般用于 [银行应用程序](https://grapheneos.org/usage#banking-apps)。 许多银行应用程序在GrapheneOS中使用沙盒游戏服务可以正常工作但是一些非金融应用程序有自己的粗略防篡改机制可能会失败。 GrapheneOS通过了 `basicIntegrity` 检查,但没有通过认证检查 `ctsProfileMatch`。 安卓8或更高版本的设备有硬件认证支持如果没有泄露的密钥或严重的漏洞就无法绕过。
至于谷歌钱包,我们不推荐这样做,因为他们的 [隐私政策](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en),其中规定如果你不希望你的信用等级和个人信息与联盟营销服务共享,你必须选择退出。

170
i18n/zh/os/linux-overview.md Normal file
View File

@@ -0,0 +1,170 @@
---
title: Linux概述
icon: simple/linux
description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
---
人们通常认为, [开源](https://en.wikipedia.org/wiki/Open-source_software) 软件本身是安全的,因为源代码是可用的。 预期社区验证会定期进行;但这并不总是 [案例](https://seirdy.one/posts/2022/02/02/floss-security/)。 It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
目前桌面Linux与它们的专利同行相比确实有一些可以更好地改进的地方例如
- 一个经过验证的启动链,如苹果的 [安全启动](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (有 [安全飞地](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)),安卓的 [验证启动](https://source.android.com/security/verifiedboot)ChromeOS的 [验证启动](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot)或微软Windows的 [启动过程](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) ,有 [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm)。 这些功能和硬件技术都可以帮助防止恶意软件的持续篡改或 [邪恶女仆的攻击](https://en.wikipedia.org/wiki/Evil_Maid_attack)
- 一个强大的沙箱解决方案,如在 [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html) [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md),和 [Android](https://source.android.com/security/app-sandbox)。 常用的Linux沙箱解决方案如 [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) 和 [Firejail](https://firejail.wordpress.com/) ,仍然有很长的路要走。
- 强大的 [漏洞缓解措施](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations)
尽管有这些缺点但如果你想桌面Linux发行版还是很不错的。
- 避免专有操作系统中经常出现的遥测现象
- 保持 [软件自由](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms)
- 有关注隐私的系统,如 [Whonix](https://www.whonix.org) 或 [Tails](https://tails.boum.org/)
我们的网站通常使用术语 "Linux "来描述桌面Linux发行版。 其他也使用Linux内核的操作系统如ChromeOS、Android和Qubes OS这里不作讨论。
[我们的Linux推荐 :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
## 选择您的发行版
并非所有的 Linux 发行版都是相同的。 虽然我们的Linux推荐页面并不是要成为你应该使用哪个发行版的权威来源但在选择使用哪个发行版时有几件事你应该记住。
### 发布周期
我们强烈建议你选择与稳定的上游软件版本接近的发行版,通常被称为滚动发行版。 这是因为冻结发布周期的发行版往往不更新软件包版本,并且在安全更新方面落后。
对于冻结的发行版,如 [Debian](https://www.debian.org/security/faq#handling),软件包维护者被要求回传补丁来修复漏洞,而不是将软件提升到上游开发者发布的 "下一个版本"。 </a> 有些安全补丁
,根本没有收到 [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (特别是不太流行的软件),因此在这种补丁模式下,不能进入发行版。 因此,小的安全修复有时会被推迟到下一个主要版本。</p>
我们不认为保留软件包和应用临时补丁是一个好主意,因为它偏离了开发者可能打算让软件工作的方式。 [理查德-布朗](https://rootco.de/aboutme/) ,有一个关于这个问题的介绍。
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/i8c0mg_mS7U?local=true" title="定期发布是错误的,为你的生活而滚动" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
### 传统vs原子更新
传统上Linux发行版的更新方式是依次更新所需的软件包。 如果在更新时发生错误传统的更新如基于Fedora、Arch Linux和Debian的发行版中使用的更新可能不太可靠。
原子更新发行版完全或根本不应用更新。 通常情况下,事务性更新系统也是原子性的。
事务性更新系统创建了一个快照,在应用更新之前和之后进行。 如果更新在任何时候失败(也许是由于电源故障),更新可以很容易地回滚到 "最后已知良好状态"。
原子更新法用于Silverblue、Tumbleweed和NixOS等不可变的发行版可以通过这种模式实现可靠性。 [Adam Šamalík](https://twitter.com/adsamalik) 提供了一个关于 `rpm-ostree` 如何与Silverblue一起工作的演讲。
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/-hpV5l-gJnQ?local=true" title="让我们试试Fedora Silverblue--一个不可改变的桌面操作系统! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
### “以安全为重点”的分发
通常在“以安全为中心”的发行版和“渗透测试”发行版之间存在一些混淆。 快速搜索“最安全的Linux发行版”通常会得到像Kali Linux Black Arch和Parrot OS这样的结果。 这些发行版是攻击性的渗透测试发行版,捆绑了测试其他系统的工具。 它们不包括任何 "额外的安全 "或用于常规使用的防御性缓解措施。
### 基于Arch的发行版
基于Arch的发行版不推荐给那些刚接触Linux的人无论哪个发行版因为它们需要定期进行 [系统维护](https://wiki.archlinux.org/title/System_maintenance)。 Arch没有底层软件选择的分发更新机制。 因此,你必须保持对当前趋势的了解,并在技术取代旧有做法时自行采用。
对于一个安全的系统你还应该有足够的Linux知识来为他们的系统正确设置安全如采用 [强制性访问控制](https://en.wikipedia.org/wiki/Mandatory_access_control) 系统,设置 [内核模块](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) 黑名单,硬化启动参数,操作 [sysctl](https://en.wikipedia.org/wiki/Sysctl) 参数,并知道他们需要哪些组件,如 [Polkit](https://en.wikipedia.org/wiki/Polkit)。
任何使用 [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **的人必须** 对他们从该服务中安装的PKGBUILD进行审计。 AUR软件包是社区制作的内容没有经过任何审查因此很容易受到软件供应链的攻击事实上在过去已经发生了 [](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/)。 AUR总是应该少用而且往往在各种网页上有很多不好的建议指导人们盲目地使用 [AUR帮助器](https://wiki.archlinux.org/title/AUR_helpers) ,而没有足够的警告。 类似的警告也适用于在基于Debian的发行版上使用第三方个人软件包档案PPAs或在Fedora上使用社区项目COPR
如果你对Linux有经验并希望使用基于Arch的发行版我们只推荐主线Arch Linux而不是它的任何衍生品。 我们特别建议不要使用这两种Arch衍生品。
- **Manjaro**: 这个发行版将软件包保留2周以确保他们自己的修改不会破坏而不是确保上游的稳定。 当使用AUR软件包时它们通常是根据Arch的软件库中最新的 [库构建的](https://en.wikipedia.org/wiki/Library_(computing))。
- **Garuda**: 他们使用 [Chaotic-AUR](https://aur.chaotic.cx/) 它自动地、盲目地从AUR编译软件包。 没有验证过程来确保AUR包不会受到供应链的攻击。
### Kicksecure
虽然我们强烈建议不要使用像Debian这样的过时的发行版但有一种基于Debian的操作系统已经被加固比典型的Linux发行版要安全得多。 [Kicksecure](https://www.kicksecure.com/)。 Kicksecure简单地说是一组脚本、配置和软件包可以大大减少 Debian 的攻击面。 它默认涵盖了大量的隐私和加固建议。
### Linux-libre内核和“Libre”发行版
</strong> 我们强烈建议 **不要使用Linux-libre内核因为它 [,删除了安全缓解措施](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) ,并且 [,出于意识形态的原因,抑制了内核对脆弱微码的警告](https://news.ycombinator.com/item?id=29674846)。</p>
## 一般建议
### 驱动器加密
大多数Linux发行版在其安装程序中都有一个选项用于启用 [LUKS](../encryption.md#linux-unified-key-setup) FDE。 如果在安装时没有设置这个选项,你将不得不备份你的数据并重新安装,因为加密是在 [磁盘分区](https://en.wikipedia.org/wiki/Disk_partitioning),但在 [文件系统](https://en.wikipedia.org/wiki/File_system) 被格式化之前应用。 我们还建议安全地删除你的存储设备。
- [安全数据清除 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
### Swap
考虑使用 [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) 或 [加密的交换空间](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) ,而不是未加密的交换空间,以避免敏感数据被推送到 [交换空间](https://en.wikipedia.org/wiki/Memory_paging)的潜在安全问题。 基于Fedora的发行版 [默认使用ZRAM](https://fedoraproject.org/wiki/Changes/SwapOnZRAM)。
### Wayland
我们建议使用支持 [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) 显示协议的桌面环境,因为它的开发考虑到了安全 [](https://lwn.net/Articles/589147/)。 其前身 [X11](https://en.wikipedia.org/wiki/X_Window_System)不支持GUI隔离允许所有窗口 [,记录屏幕、日志和注入其他窗口的输入](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html),使任何沙箱的尝试都是徒劳的。 虽然有一些选项可以做嵌套的X11比如 [Xpra](https://en.wikipedia.org/wiki/Xpra) 或 [Xephyr](https://en.wikipedia.org/wiki/Xephyr)但它们往往会带来负面的性能后果而且设置起来也不方便比起Wayland来并不可取。
幸运的是,常见的环境,如 [GNOME](https://www.gnome.org) [KDE](https://kde.org),以及窗口管理器 [Sway](https://swaywm.org) 都支持 Wayland。 一些发行版如Fedora和Tumbleweed默认使用它其他一些发行版可能在未来也会这样做因为X11处于 [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly)。 如果你使用的是这些环境之一,就像在桌面显示管理器中选择 "Wayland "会话一样简单([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)) 。
</strong> 我们建议 **反对使用没有Wayland支持的桌面环境或窗口管理器如CinnamonLinux Mint的默认、PantheonElementary OS的默认、MATE、Xfce和i3。</p>
### 专有固件(Microcode更新)
Linux发行版如那些 [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) 或DIYArch Linux不附带专有的 [微码](https://en.wikipedia.org/wiki/Microcode) 更新,而这些更新通常会修补漏洞。 这些漏洞的一些明显例子包括: [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), 以及其他 [硬件漏洞](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html)。
我们 **,强烈建议** 安装微码更新因为你的CPU在出厂时已经在运行专有的微码。 Fedora和openSUSE都有默认应用的微码更新。
### 更新
大多数Linux发行版会自动安装更新或提醒你这样做。 重要的是保持你的操作系统是最新的,这样当发现漏洞时,你的软件就会打上补丁。
一些发行版尤其是那些针对高级用户的发行版更加简陋希望你能自己做一些事情例如Arch或Debian。 这些将需要手动运行 "软件包管理器" (`apt`, `pacman`, `dnf`, 等等),以便接收重要的安全更新。
此外,一些发行版将不会自动下载固件更新。 为此,你将需要安装 [`fwupd`](https://wiki.archlinux.org/title/Fwupd)。
## 隐私调整
### MAC地址随机化
许多桌面Linux发行版Fedora、openSUSE等将自带 [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager)以配置以太网和Wi-Fi设置。
在使用NetworkManager时可以随机化 [](https://fedoramagazine.org/randomize-mac-address-nm/) [MAC地址](https://en.wikipedia.org/wiki/MAC_address)。 这在Wi-Fi网络上提供了更多的隐私因为它使你更难追踪你所连接的网络上的特定设备。 它并不是 [****](https://papers.mathyvanhoef.com/wisec2016.pdf) 让你匿名。
我们建议将设置改为 **随机** ,而不是 **稳定**,正如 [文章中建议的那样](https://fedoramagazine.org/randomize-mac-address-nm/)。
如果你使用 [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components),你需要设置 [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) ,这将启用 [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=)。
对以太网连接的MAC地址进行随机化的意义不大因为系统管理员可以通过查看你在 [网络交换机上使用的端口找到你](https://en.wikipedia.org/wiki/Network_switch)。 随机化Wi-Fi MAC地址取决于Wi-Fi固件的支持。
### 其他标识符
还有一些其他的系统标识符,你可能要小心对待。 你应该考虑一下,看看它是否适用于你的 [威胁模型](../basics/threat-modeling.md)。
- **主机名。** 你的系统的主机名是与你所连接的网络共享的。 你应该避免在你的主机名中包括像你的名字或操作系统这样的识别术语,而是坚持使用通用术语或随机字符串。
- **用户名。** 同样地,你的用户名在你的系统中以各种方式使用。 考虑使用 "用户 "这样的通用术语,而不是你的真实姓名。
- **机器ID**在安装过程中会生成一个独特的机器ID并存储在你的设备上。 考虑 [将其设置为一个通用的ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id)。
### 系统计数
Fedora 项目 [通过使用一个 [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) 变量而不是唯一的 ID 来计算](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) 有多少独特的系统访问它的镜像。 Fedora这样做是为了确定负载并在必要时为更新提供更好的服务器。
这个 [选项](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前默认是关闭的。 我们建议将 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以备将来启用它。 在使用 `rpm-ostree` 的系统上如Silverblue通过屏蔽 [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) 计时器来禁用 countme 选项。
openSUSE 还使用一个 [唯一的 ID](https://en.opensuse.org/openSUSE:Statistics) 来计算系统,可以通过删除 `/var/lib/zypp/AnonymousUniqueId` 文件来禁用它。

58
i18n/zh/os/qubes-overview.md Normal file
View File

@@ -0,0 +1,58 @@
---
title: "Qubes概述"
icon: simple/qubesos
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
---
[**Qubes OS**](../desktop.md#qubes-os) 是一个操作系统,它使用 [Xen](https://en.wikipedia.org/wiki/Xen) 管理程序,通过隔离的虚拟机为桌面计算提供强大的安全性。 每个虚拟机被称为 *Qube* 你可以根据它的目的给每个Qube分配一个信任等级。 由于Qubes操作系统通过使用隔离来提供安全并且只允许在每个案例的基础上进行操作它与 [坏性枚举](https://www.ranum.com/security/computer_security/editorials/dumb/)。
## Qubes操作系统是如何工作的
Qubes使用 [分区](https://www.qubes-os.org/intro/) ,以保持系统的安全性。 Qubes是由模板创建的默认的是Fedora、Debian和 [Whonix](../desktop.md#whonix)。 Qubes OS还允许你创建一次使用的 [一次性的](https://www.qubes-os.org/doc/how-to-use-disposables/) 虚拟机。
![Qubes架构](../assets/img/qubes/qubes-trust-level-architecture.png)
<figcaption>Qubes架构信用什么是Qubes操作系统介绍</figcaption>
每个Qubes应用程序都有一个 [色的边框](https://www.qubes-os.org/screenshots/) ,可以帮助你跟踪它所运行的虚拟机。 例如,你可以为你的银行浏览器使用一种特定的颜色,而对一般的不信任的浏览器使用不同的颜色。
![彩色边框](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
<figcaption>Qubes窗口边框图片来源 Qubes截图</figcaption>
## 为什么我应该使用Qubes
如果你的 [威胁模型](../basics/threat-modeling.md) 需要强大的分隔和安全例如你认为你会从不信任的来源打开不信任的文件那么Qubes OS就很有用。 使用Qubes OS的一个典型原因是打开来自未知来源的文件。
Qubes操作系统利用 [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM即 "AdminVM"来控制主机操作系统上的其他客户虚拟机或Qubes。 其他虚拟机在Dom0的桌面环境中显示单个应用程序窗口。 它允许你根据信任程度对窗口进行颜色编码,并以非常细化的控制方式运行可以相互交互的应用程序。
### 复制和粘贴文本
你可以 [,使用 `qvm-copy-to-vm` 或下面的说明复制和粘贴文本](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/)。
1.**Ctrl+C** ,告诉你所在的虚拟机,你想复制一些东西。
2.**Ctrl+Shift+C** ,告诉虚拟机将这个缓冲区提供给全局剪贴板。
3. 在目标VM中按 **Ctrl+Shift+V** ,使全局剪贴板可用。
4. 在目标虚拟机中按 **Ctrl+V** ,以粘贴缓冲区中的内容。
### 文件交换
要从一个虚拟机复制和粘贴文件和目录(文件夹)到另一个虚拟机,可以使用选项 **复制到其他AppVM...****移动到其他AppVM...**。 不同的是, **Move** 选项将删除原始文件。 无论哪种选择都会保护你的剪贴板不被泄露给任何其他Qubes。 这比空运的文件传输更安全,因为空运的计算机仍将被迫解析分区或文件系统。 这一点在跨区拷贝系统中是不需要的。
??? 信息 "AppVMs或qubes没有自己的文件系统"
你可以在Qubes之间[复制和移动文件]https://www.qubes-os.org/doc/how-to-copy-and-move-files/)。 当这样做的时候,改变并不是立即进行的,而且在发生事故的情况下可以很容易地撤消。
### 虚拟机之间的相互作用
[qrexec框架](https://www.qubes-os.org/doc/qrexec/) 是Qubes的一个核心部分它允许虚拟机在域之间通信。 它建立在Xen库 *vchan*的基础上,通过策略</a>,促进了
隔离。</p>
## 其它资源
关于其他信息,我们鼓励你查阅位于 [Qubes OS网站上的大量Qubes OS文档页面](https://www.qubes-os.org/doc/)。 离线拷贝可以从Qubes OS [文档库中下载](https://github.com/QubesOS/qubes-doc)。
- 开放技术基金。 [*可以说是世界上最安全的操作系统*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/)
- J. 鲁特科夫斯卡。 [*软件区隔与物理分离*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
- J. 鲁特科夫斯卡。 [*将我的数字生活划分为安全领域*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
- Qubes OS: [*相关文章*](https://www.qubes-os.org/news/categories/#articles)

341
i18n/zh/passwords.md Normal file
View File

@@ -0,0 +1,341 @@
---
title: "生产力工具"
icon: material/form-textbox-password
description: Password managers allow you to securely store and manage passwords and other credentials.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Password Manager Recommendations
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Bitwarden
image: /assets/img/password-management/bitwarden.svg
url: https://bitwarden.com
sameAs: https://en.wikipedia.org/wiki/Bitwarden
applicationCategory: 密码管理器
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
- 安卓
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: 1Password
image: /assets/img/password-management/1password.svg
url: https://1password.com
sameAs: https://en.wikipedia.org/wiki/1Password
applicationCategory: 密码管理器
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
- 安卓
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Psono
image: /assets/img/password-management/psono.svg
url: https://psono.com
applicationCategory: 密码管理器
operatingSystem:
- 安卓
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassXC
image: /assets/img/password-management/keepassxc.svg
url: https://keepassxc.org/
sameAs: https://en.wikipedia.org/wiki/KeePassXC
applicationCategory: 密码管理器
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassDX
image: /assets/img/password-management/keepassdx.svg
url: https://www.keepassdx.com/
applicationCategory: 密码管理器
operatingSystem: 安卓
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Strongbox
image: /assets/img/password-management/strongbox.svg
url: https://strongboxsafe.com/
applicationCategory: 密码管理器
operatingSystem: iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: gopass
image: /assets/img/password-management/gopass.svg
url: https://www.gopass.pw/
applicationCategory: 密码管理器
operatingSystem:
- Windows 系统
- mac系统
- Linux系统
- FreeBSD
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
---
Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.
[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
!!! info
Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have.
For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default.
## Cloud-based
These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss.
### Bitwarden
!!! recommendation
![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right }
**Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.
[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
- [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
- [:simple-github: GitHub](https://github.com/bitwarden/mobile/releases)
- [:simple-windows11: Windows](https://bitwarden.com/download)
- [:simple-linux: Linux](https://bitwarden.com/download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan).
You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing.
Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server.
**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code.
[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
### 1Password
!!! recommendation
![1Password logo](assets/img/password-management/1password.svg){ align=right }
**1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up/). 1Password is [audited](https://support.1password.com/security-assessments/) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf).
[:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation}
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8)
- [:simple-windows11: Windows](https://1password.com/downloads/windows/)
- [:simple-apple: macOS](https://1password.com/downloads/mac/)
- [:simple-linux: Linux](https://1password.com/downloads/linux/)
Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality.
Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data.
One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate.
### Psono
!!! recommendation
![Psono logo](assets/img/password-management/psono.svg){ align=right }
**Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password.
[:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
- [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features.
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
#### Minimum Requirements
- Must utilize strong, standards-based/modern E2EE.
- Must have thoroughly documented encryption and security practices.
- Must have a published audit from a reputable, independent third-party.
- All non-essential telemetry must be optional.
- Must not collect more PII than is necessary for billing purposes.
#### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Telemetry should be opt-in (disabled by default) or not collected at all.
- Should be open-source and reasonably self-hostable.
## Local Storage
These options allow you to manage an encrypted password database locally.
### KeePassXC
!!! recommendation
![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right }
**KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager.
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" }
[:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://keepassxc.org/download/#windows)
- [:simple-apple: macOS](https://keepassxc.org/download/#mac)
- [:simple-linux: Linux](https://keepassxc.org/download/#linux)
- [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually.
### KeePassDX (Android)
!!! recommendation
![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right }
**KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development.
[:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
- [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases)
### Strongbox (iOS & macOS)
!!! recommendation
![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right }
**Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing/), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison/)—such as biometric authentication—locked behind a subscription or perpetual license.
[:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731)
Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface.
### Command-line
These products are minimal password managers that can be used within scripting applications.
#### gopass
!!! recommendation
![gopass logo](assets/img/password-management/gopass.svg){ align=right }
**gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows).
[:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.gopass.pw/#install-windows)
- [:simple-apple: macOS](https://www.gopass.pw/#install-macos)
- [:simple-linux: Linux](https://www.gopass.pw/#install-linux)
- [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must be cross-platform.

155
i18n/zh/productivity.md Normal file
View File

@@ -0,0 +1,155 @@
---
title: "实时通讯"
icon: material/file-sign
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
---
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints.
## Collaboration Platforms
### Nextcloud
!!! recommendation
![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right }
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
- [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients)
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
!!! 危险
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
### CryptPad
!!! recommendation
![CryptPad logo](assets/img/productivity/cryptpad.svg){ align=right }
**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily.
[:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to collaboration platforms like Google Drive.
- 开源
- Makes files accessible via WebDAV unless it is impossible due to E2EE.
- Has sync clients for Linux, macOS, and Windows.
- Supports document and spreadsheet editing.
- Supports real-time document collaboration.
- Supports exporting documents to standard document formats (e.g. ODF).
#### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should store files in a conventional filesystem.
- Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins.
## Office Suites
### LibreOffice
!!! recommendation
![LibreOffice logo](assets/img/productivity/libreoffice.svg){ align=right }
**LibreOffice** is a free and open-source office suite with extensive functionality.
[:octicons-home-16: Homepage](https://www.libreoffice.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Documentation}
[:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://www.libreoffice.org/download/android-and-ios/)
- [:simple-appstore: App Store](https://www.libreoffice.org/download/android-and-ios/)
- [:simple-windows11: Windows](https://www.libreoffice.org/download/download/)
- [:simple-apple: macOS](https://www.libreoffice.org/download/download/)
- [:simple-linux: Linux](https://www.libreoffice.org/download/download/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.libreoffice.LibreOffice)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/)
### OnlyOffice
!!! recommendation
![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ align=right }
**OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud.
[:octicons-home-16: Homepage](https://www.onlyoffice.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
- [:simple-appstore: App Store](https://apps.apple.com/app/id944896972)
- [:simple-windows11: Windows](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
### Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs.
- Must be cross-platform.
- 它必须是开源软件。
- Must function offline.
- Must support editing documents, spreadsheets, and slideshows.
- Must export files to standard document formats.
## Paste services
### PrivateBin
!!! recommendation
![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right }
**PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/).
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }

194
i18n/zh/real-time-communication.md Normal file
View File

@@ -0,0 +1,194 @@
---
title: "实时通讯"
icon: material/chat-processing
description: Other instant messengers make all of your private conversations available to the company that runs them.
---
这些是我们对加密实时通讯的建议。
[通信网络的类型 :material-arrow-right-drop-circle:](./advanced/communication-network-types.md)
## 可加密的聊天软件
以下这些聊天软件能够非常好地保护你的敏感聊天信息。
### Signal
!!! recommendation
![Signal logo](assets/img/messengers/signal.svg){ align=right }
**Signal** 是Signal Messenger LLC所研发的一款手机应用。 这款应用提供即时通讯,语音通话以及视频通话。
所有的聊天窗口都有端到端加密E2EE 联系人列表使用你的Signal PIN码来保护且服务器无法访问。 个人资料也经过加密,并只与你联系过的人共享。
[:octicons-home-16: 主页](https://signal.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.signal.org/hc/en-us){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" }
[:octicons-heart-16:](https://signal.org/donate/){ .card-link title=Contribute }
??? 下载地址
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
- [:simple-appstore: App Store](https://apps.apple.com/app/id874139669)
- [:simple-android: Android](https://signal.org/android/apk/)
- [:simple-windows11: Windows](https://signal.org/download/windows)
- [:simple-apple: macOS](https://signal.org/download/macos)
- [:simple-linux: Linux](https://signal.org/download/linux)
Signal 支持 [私密群组](https://signal.org/blog/signal-private-group-system/). 服务器没有你的群组成员资格,名称,头像以及其他属性的记录。 只有当 [加密发送Sealed Sender](https://signal.org/blog/sealed-sender/)启用时Signal才会保存最少的元数据。 发信人地址与消息正文一起被加密,只有收信人的地址对服务器可见。 加密发送仅对你联系人列表中的人启用,你也可以对所有收件人启用,但是这么做会增加你收到垃圾邮件的风险。 Signal需要你的电话号码作为个人识别码。
Signal协议在2016年被独立[审计](https://eprint.iacr.org/2016/1013.pdf) 。 该协议的规范可以在他们的[文档](https://signal.org/docs/)查看。
我们有一些额外的配置并加固你的Signal安装的建议
[Signal 配置与加固 :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
### SimpleX Chat
!!! recommendation
![Simplex logo](assets/img/messengers/simplex.svg){ align=right }
**SimpleX** Chat 是一个去中心化的即时通讯软件,并且不依赖任何的个人识别码(电话号码,用户名等)。 SimpleX Chat的用户可以扫描二维码或着点击邀请链接参与到群组聊天。
[:octicons-home-16: 主页](https://simplex.chat){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/simplex-chat/simplex-chat/tree/stable/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" }
??? 下载地址
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/simplex-chat/id1605771084)
- [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases)
SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022.
目前SimpleX Chat只有安卓和iOS版本。 Basic group chatting functionality, direct messaging, editing of messages and markdown are supported. E2EE Audio and Video calls are also supported.
Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
### Briar
!!! recommendation
![Briar logo](assets/img/messengers/briar.svg){ align=right }
**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works/) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briars local mesh mode can be useful when internet availability is a problem.
[:octicons-home-16: Homepage](https://briarproject.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://briarproject.org/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" }
[:octicons-heart-16:](https://briarproject.org/){ .card-link title="Donation options are listed on the bottom of the homepage" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
- [:simple-windows11: Windows](https://briarproject.org/download-briar-desktop/)
- [:simple-linux: Linux](https://briarproject.org/download-briar-desktop/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.briarproject.Briar)
To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contacts QR code if they are nearby.
The client software was independently [audited](https://briarproject.org/news/2017-beta-released-security-audit/), and the anonymous routing protocol uses the Tor network which has also been audited.
Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec).
Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
## Additional Options
!!! 推荐
These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
### Element
!!! recommendation
![Element logo](assets/img/messengers/element.svg){ align=right }
**Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.
[:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
- [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067)
- [:simple-github: GitHub](https://github.com/vector-im/element-android/releases)
- [:simple-windows11: Windows](https://element.io/get-started)
- [:simple-apple: macOS](https://element.io/get-started)
- [:simple-linux: Linux](https://element.io/get-started)
- [:octicons-globe-16: Web](https://app.element.io)
Profile pictures, reactions, and nicknames are not encrypted.
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signals [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
### Session
!!! recommendation
![Session logo](assets/img/messengers/session.svg){ align=right }
**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
[:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868)
- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases)
- [:simple-windows11: Windows](https://getsession.org/download)
- [:simple-apple: macOS](https://getsession.org/download)
- [:simple-linux: Linux](https://getsession.org/download)
Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must have open-source clients.
- Must use E2EE for private messages by default.
- Must support E2EE for all messages.
- Must have been independently audited.
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should have Perfect Forward Secrecy.
- Should have open-source servers.
- Should be decentralized, i.e. federated or P2P.
- Should use E2EE for all messages by default.
- Should support Linux, macOS, Windows, Android, and iOS.

50
i18n/zh/router.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "Router Firmware"
icon: material/router-wireless
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
---
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.
## OpenWrt
!!! recommendation
![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right }
![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ align=right }
**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute }
You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
## OPNsense
!!! recommendation
![OPNsense logo](assets/img/router/opnsense.svg){ align=right }
**OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
[:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute }
OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must be open source.
- Must receive regular updates.
- 必须支持各种各样的硬件。

108
i18n/zh/search-engines.md Normal file
View File

@@ -0,0 +1,108 @@
---
title: "Search Engines"
icon: material/search-web
description: These privacy-respecting search engines don't build an advertising profile based on your searches.
---
Use a search engine that doesn't build an advertising profile based on your searches.
The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored.
Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider.
## Brave Search
!!! recommendation
![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right }
**Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives.
Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts.
We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings.
[:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained.
## DuckDuckGo
!!! recommendation
![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right }
**DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features/). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources/) for instant answers and other non-primary results.
DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apples Safari browser.
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation}
DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information.
DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version.
## SearXNG
!!! recommendation
![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right }
**SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx).
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"}
[:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from.
When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities.
When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII.
## Startpage
!!! recommendation
![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right }
![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right }
**Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead.
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
!!! 推荐
Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider.
Startpage is based in the Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information.
Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
### Minimum Requirements
- Must not collect personally identifiable information per their privacy policy.
- Must not allow users to create an account with them.
### Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- Should be based on open-source software.
- Should not block Tor exit node IP addresses.

473
i18n/zh/tools.md Normal file
View File

@@ -0,0 +1,473 @@
---
title: "隐私工具"
icon: 资料/工具
hide:
- toc
description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats.
---
如果你正在寻找某项具体解决方案,这里是一些我们推荐的各种类别的软硬件工具。 我们推荐的隐私工具主要依据它们的安全功能来选择,另外还强调了去中心化和开源。 They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community!
关于每个项目的更多相关细节, 为什么选择它们以及我们提议的一些额外的使用提示或技巧,请点击每个部分的 "了解详情" 链接, 或者也可以点击推荐项本身来转到具体的页面部分。
## 桌面端浏览器
<div class="grid cards annotate" markdown>
- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](desktop-browsers.md#tor-browser)
- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox)
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
</div>
1. Snowflake 不能够增进你的隐私但它能够让你轻松地为Tor网络做出贡献并帮助那些受网络审查的人获得更好的隐私。
[了解更多 :hero-arrow-circle-right-fill:](tor.md)
## 移动端浏览器
<div class="grid cards" markdown>
- ![Mullvad Browser logo](assets/img/browsers/mullvad_browser.svg){ .twemoji } [Mullvad Browser](desktop-browsers.md#mullvad-browser)
- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox)
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
</div>
[了解更多 :hero-arrow-circle-right-fill:](desktop-browsers.md)
### 其它资源
<div class="grid cards" markdown>
- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser (Android)](mobile-browsers.md#tor-browser)
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave)
- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
</div>
[了解更多 :hero-arrow-circle-right-fill:](desktop-browsers.md#additional-resources)
## 操作系统
<div class="grid cards" markdown>
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
</div>
[了解更多 :hero-arrow-circle-right-fill:](mobile-browsers.md)
### 其它资源
<div class="grid cards annotate" markdown>
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos)
- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos)
</div>
[了解更多 :hero-arrow-circle-right-fill:](mobile-browsers.md#adguard)
## 服务供应商
### Android
<div class="grid cards" markdown>
- ![Neo Store logo](assets/img/android/neo-store.png){ .twemoji } [Neo Store (F-Droid Client)](android.md#neo-store)
- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
</div>
[了解更多 :hero-arrow-circle-right-fill:](android.md)
#### DNS 供应商
<div class="grid cards" markdown>
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
</div>
[了解更多 :hero-arrow-circle-right-fill:](android.md#general-apps)
### Android 应用
<div class="grid cards" markdown>
- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt)
- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense)
</div>
[了解更多 :hero-arrow-circle-right-fill:](desktop.md)
### Router Firmware
<div class="grid cards" markdown>
- ![Cryptee logo](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee)
- ![Nextcloud logo](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](cloud.md#nextcloud)
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
</div>
[了解更多 :hero-arrow-circle-right-fill:](router.md)
## 软件
### 路由器固件
<div class="grid cards" markdown>
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
</div>
[了解更多 :hero-arrow-circle-right-fill:](cloud.md)
### 云存储
#### 加密DNS代理
We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended.
[了解更多 :hero-arrow-circle-right-fill:](dns.md)
#### Encrypted DNS Proxies
<div class="grid cards" markdown>
- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji } [AdGuard Home](dns.md#adguard-home)
- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji } [Pi-hole](dns.md#pi-hole)
</div>
[了解更多 :hero-arrow-circle-right-fill:](dns.md#encrypted-dns-proxies)
#### Self-hosted Solutions
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>
[了解更多 :hero-arrow-circle-right-fill:](dns.md#self-hosted-solutions)
### DNS
<div class="grid cards" markdown>
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
[了解更多 :hero-arrow-circle-right-fill:](email.md)
#### Email Aliasing Services
<div class="grid cards" markdown>
- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
</div>
[了解更多 :hero-arrow-circle-right-fill:](email.md#email-aliasing-services)
#### Self-Hosting Email
<div class="grid cards" markdown>
- ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search)
- ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo)
- ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji } [SearXNG](search-engines.md#searxng)
- ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage)
</div>
[了解更多 :hero-arrow-circle-right-fill:](email.md#self-hosting-email)
### Financial Services
#### Payment Masking Services
<div class="grid cards" markdown>
- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free)
- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
</div>
[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services)
#### Online Gift Card Marketplaces
<div class="grid cards" markdown>
- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay)
- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards)
</div>
[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces)
### Search Engines
<div class="grid cards" markdown>
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
</div>
[了解更多 :hero-arrow-circle-right-fill:](search-engines.md)
### 搜索引擎
??? 危险 "VPNs 不提供匿名性"
使用VPN **不** 会隐藏你的浏览习惯, 它也不会为不安全(HTTP) 流量额外增加安全性。
如果你在寻求**匿名**, 你应该使用Tor 浏览器 **而不是** VPN。
如果你在寻求增进**安全**, 你应该始终确保在使用 HTTPS连接到网站。 VPN不是良好安全实践的替代品。
[了解更多:hero-arrow-circle-right-fill:](vpn.md)
<div class="grid cards" markdown>
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
</div>
[了解更多 :hero-arrow-circle-right-fill:](vpn.md)
## Software
### VPN供应商
<div class="grid cards" markdown>
- ![EteSync Notes logo](assets/img/notebooks/etesync-notes.png){ .twemoji } [EteSync Notes](notebooks.md#etesync-notes)
- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
</div>
[了解更多 :hero-arrow-circle-right-fill:](calendar.md)
### Cryptocurrency
<div class="grid cards" markdown>
- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji } [Monero](cryptocurrency.md#monero)
</div>
[了解更多 :hero-arrow-circle-right-fill:](cryptocurrency.md)
### 日历/联系人同步
<div class="grid cards" markdown>
- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird)
- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos)
- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios)
- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android)
- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome)
- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android)
- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde)
- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser)
- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
</div>
[了解更多 :hero-arrow-circle-right-fill:](data-redaction.md)
### 笔记
<div class="grid cards" markdown>
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator-cloud)
- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file)
- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk)
- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor)
- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
</div>
[了解更多 :hero-arrow-circle-right-fill:](email-clients.md)
### 加密软件
??? info "Operating System Disk Encryption"
对于加密你的系统盘我们通常建议使用你的操作系统提供的任何加密工具无论是Windows上的**BitLocker**MacOS上的**FileVault**还是Linux上的**LUKS**。 这些工具包含在操作系统中通常使用硬件加密组件如TPM而其它的全盘加密软件如VeraCrypt则没有。 VeraCrypt仍然适用于加密非系统盘如外部驱动器特别是那些可能会从多个操作系统来访问的驱动器。
[了解更多:hero-arrow-circle-right-fill:](encryption.md##operating-system-included-full-disk-encryption-fde)
<div class="grid cards" markdown>
- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard)
- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win)
- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite)
- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain)
</div>
[了解更多 :hero-arrow-circle-right-fill:](encryption.md)
#### OpenPGP Clients
<div class="grid cards" markdown>
- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox)
- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
</div>
[了解更多 :hero-arrow-circle-right-fill:](encryption.md#openpgp)
### 加密软件
<div class="grid cards" markdown>
- ![ExifCleaner logo](assets/img/data-redaction/exifcleaner.svg){ .twemoji } [ExifCleaner](data-redaction.md#exifcleaner)
- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
</div>
[了解更多 :hero-arrow-circle-right-fill:](file-sharing.md)
### 文件共享
<div class="grid cards" markdown>
- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key)
- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
</div>
[了解更多 :hero-arrow-circle-right-fill:](frontends.md)
### 数据和元数据处理
<div class="grid cards" markdown>
- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey)
- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
</div>
[了解更多 :hero-arrow-circle-right-fill:](multi-factor-authentication.md)
### 多因素认证工具
<div class="grid cards" markdown>
- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice)
- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice)
- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad)
- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin)
</div>
[了解更多 :hero-arrow-circle-right-fill:](news-aggregators.md)
### Notebooks
<div class="grid cards" markdown>
- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar (Android)](real-time-communication.md#briar-android)
</div>
[了解更多 :hero-arrow-circle-right-fill:](notebooks.md)
### 生产力工具
<div class="grid cards" markdown>
- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
</div>
[了解更多 :hero-arrow-circle-right-fill:](passwords.md)
### 实时通讯
<div class="grid cards" markdown>
- ![Freenet logo](./assets/img/self-contained-networks/freenet.svg){ .twemoji } [Freenet](self-contained-networks.md#freenet)
- ![I2P logo](./assets/img/self-contained-networks/i2p.svg#only-light){ .twemoji } ![I2P logo](./assets/img/self-contained-networks/i2p-dark.svg#only-dark){ .twemoji } [I2P](self-contained-networks.md#invisible-internet-project)
- ![Tor logo](./assets/img/self-contained-networks/tor.svg){ .twemoji } [Tor](self-contained-networks.md#tor)
- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](self-contained-networks.md#orbot)
</div>
[了解更多 :hero-arrow-circle-right-fill:](productivity.md)
### 实时通讯
<div class="grid cards" markdown>
- ![FreeTube logo](assets/img/video-streaming/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](video-streaming.md#freetube)
- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
- ![NewPipe logo](assets/img//video-streaming/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](video-streaming.md#newpipe)
- ![Invidious logo](assets/img/video-streaming/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/video-streaming/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](video-streaming.md#invidious)
- ![Librarian logo](assets/img/video-streaming/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/video-streaming/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](video-streaming.md#librarian)
- ![Piped logo](assets/img/video-streaming/piped.svg){ .twemoji } [Piped (YouTube, Web)](video-streaming.md#piped)
</div>
[了解更多 :hero-arrow-circle-right-fill:](real-time-communication.md)
### 自足网络
<div class="grid cards" markdown>
- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
</div>
[了解更多 :hero-arrow-circle-right-fill:](video-streaming.md)

119
i18n/zh/tor.md Normal file
View File

@@ -0,0 +1,119 @@
---
title: "桌面端浏览器"
icon: simple/torproject
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
---
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
**Tor** 网络是一组由志愿者操作的服务器,允许您免费连接以提高您的互联网的隐私和安全。 个人和组织也可以通过Tor网络与".onion隐藏服务"分享信息,而不损害其隐私。 由于Tor流量难以阻止和跟踪因此Tor是一种有效的审查规避工具。
[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
Tor的工作原理是通过这些志愿者操作的服务器路由您的互联网流量而不是直接连接到您试图访问的网站。 这会混淆流量的来源,并且连接路径中的任何服务器都无法看到流量来自和流向的完整路径,这意味着即使您用于连接的服务器也无法打破您的匿名性。
[详细的Tor概述 :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
## 连接到Tor
有多种方法可以从您的设备连接到Tor网络最常用的是 **Tor浏览器**这是Firefox的一个分支专为桌面计算机和Android的匿名浏览而设计。 除了下面列出的应用程序还有专门设计用于连接到Tor网络的操作系统例如 [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os)它提供了比标准Tor浏览器更高的安全性和保护。
### Tor浏览器
!!! recommendation
! [Tor浏览器徽标] (assets/img/browsers/tor.svg) {align = right}
* * Tor浏览器* *是您需要匿名时的选择它为您提供了对Tor网络和网桥的访问权限并且它包括默认安全的默认设置和扩展 *标准* *更安全*和*最安全*。
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation }
[:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:simple-android: Android](https://www.torproject.org/download/#android)
- [:simple-windows11: Windows](https://www.torproject.org/download/)
- [:simple-apple: macOS](https://www.torproject.org/download/)
- [:simple-linux: Linux](https://www.torproject.org/download/)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor)
!!! 危险
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
Tor浏览器旨在防止指纹识别或根据您的浏览器配置识别您。 Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
### Orbot
!!! recommendation
![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
**Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
[:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
!!! tip "Tips for Android"
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
All versions are signed using the same signature so they should be compatible with each other.
## Relays and Bridges
### Snowflake
!!! recommendation
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
- [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy")
??? tip "Embedded Snowflake"
You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
<center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
<small>If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html).</small>
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://www.whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.

55
i18n/zh/video-streaming.md Normal file
View File

@@ -0,0 +1,55 @@
---
title: "视频串流"
icon: 资料/视频-无线
description: These networks allow you to stream internet content without building an advertising profile based on your interests.
---
使用视频流媒体平台时的主要威胁是,你的流媒体习惯和订阅名单可能被用来对你进行分析。 你应该将这些工具与 [VPN](vpn.md) 或 [Tor](https://www.torproject.org/) 结合起来,以使你的使用情况更难被分析。
## 客户端
!!! recommendation
![FreeTube logo](assets/img/video-streaming/freetube.svg){ align=right }
**FreeTube** 是一个自由且开源的 [YouTube](https://youtube.com)桌面应用程序。 当你使用FreeTube时订阅列表和播放列表都会被保存在设备本地。 默认情况下FreeTube阻止所有YouTube广告。
此外FreeTube还可以与 [SponsorBlock](https://sponsor.ajay.app)集成,以帮助你跳过推广的视频片段。
[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
??? 下载
- [:fontawesome-brands-windows: Windows](https://freetubeapp.io/#download)
- [:fontawesome-brands-apple: macOS](https://freetubeapp.io/#download)
- [:fontawesome-brands-linux: Linux](https://freetubeapp.io/#download)
- [:pg-flathub: Flatpak](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
!!! note
Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry.
!!! 推荐
![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right }
**The LBRY network** 是一个分布式视频分享网络。 它使用一个类似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)的网络来存储视频内容,并使用一个 [blockchain](https://wikipedia.org/wiki/Blockchain)来存储这些视频的索引。
We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. 备注
You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings****Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must not require a centralized account to view videos.
- Decentralized authentication, such as via a mobile wallet's private key is acceptable.

310
i18n/zh/vpn.md Normal file
View File

@@ -0,0 +1,310 @@
---
title: "VPN Services"
icon: 资料/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
---
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
<div class="grid cards" markdown>
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
</div>
!!! 危险 "VPNs 不提供匿名性"
使用VPN **不** 会隐藏你的浏览习惯, 它也不会为不安全(HTTP) 流量额外增加安全性。
如果你在寻求**匿名**, 你应该使用Tor 浏览器 **而不是** VPN。
如果你在寻求增进**安全**, 你应该始终确保在使用 HTTPS连接到网站。 VPN不是良好安全实践的替代品。
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button }
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
## 推荐的供应商
我们推荐的供应商使用加密接受Monero支付 支持WireGuard & OpenVPN ,并且有无日志策略。 Read our [full list of criteria](#criteria) for more information.
### IVPN
!!! recommendation
![IVPN标志](assets/img/vpn/ivpn.svg){ align=right }
**IVPN**是另一个高级VPN供应商他们自2009年以来一直在运营。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。
这是因为到达目的地的路由较短(跳数较少)。 我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。
#### :material-check:{ .pg-green } 35 Countries
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
#### :material-check:{ .pg-green } Independently Audited
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
#### :material-check:{ .pg-green } Open-Source Clients
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
#### :material-check:{ .pg-green } Accepts Cash and Monero
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
#### :material-check:{ .pg-green } WireGuard Support
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } Remote Port Forwarding
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
#### :material-check:{ .pg-green } Mobile Clients
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
!!! recommendation
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。
我们还认为如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案能提高VPN供应商私人密钥的安全性。 downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows](https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
#### :material-check:{ .pg-green } 41 Countries
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
#### :material-check:{ .pg-green } Independently Audited
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
#### :material-check:{ .pg-green } Open-Source Clients
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
#### :material-check:{ .pg-green } Accepts Cash and Monero
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)是一个较新的协议,使用最先进的 \[cryptography\](https://www.wireguard.com/protocol/)。
#### :material-check:{ .pg-green } WireGuard Support
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } IPv6 Support
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
#### :material-check:{ .pg-green } Remote Port Forwarding
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
#### :material-check:{ .pg-green } Mobile Clients
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
#### :material-information-outline:{ .pg-blue } Additional Functionality
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
### Proton VPN
!!! 推荐备注
![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
**Proton VPN**是VPN领域的强有力竞争者他们自2016年以来一直保持运营。 Proton AG总部位于瑞士提供有限制的免费使用等级以及更具特色的高级选项。
**免费****Plus 套餐 USD $71.88/年** (1)
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
#### :material-check:{ .pg-green } 67 Countries
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。
{ .annotate }
1. 如果订阅2年(119.76美元)还可享受10%的折扣。
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
#### :material-check:{ .pg-green } Independently Audited
截至2020年1月Proton VPN已经接受了SEC咨询公司的独立审计。 SEC Consult在Proton VPN的Windows、Android和iOS应用程序中发现了一些中度和低度风险的漏洞在报告发布前Proton VPN都已经 "妥善修复"。 所发现的问题中没有任何一个能让攻击者远程访问你的设备或流量。 You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
#### :material-check:{ .pg-green } Open-Source Clients
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
#### :material-check:{ .pg-green } Accepts Cash
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
#### :material-check:{ .pg-green } WireGuard Support
Proton VPN主要支持WireGuard®协议。 [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. 特别是点对点的应用如Torrent客户端。
#### :material-check:{ .pg-green } Mobile Clients
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
## Criteria
!!! 危险
值得注意的是使用VPN供应商不会使你成为匿名者但在某些情况下会给你更好的隐私。 VPN不是非法活动的工具。 不要依赖 "无日志 "政策。
**请注意,我们与我们推荐的任何供应商都没有关系。 这使我们能够提供完全客观的建议。** 除了 [我们的标准标准](about/criteria.md)我们还为任何希望被推荐的VPN供应商制定了一套明确的要求包括强大的加密、独立的安全审计、现代技术等。 我们建议你在选择VPN供应商之前熟悉这份清单并进行自己的研究以确保你选择的VPN供应商尽可能值得信赖。
### 技术
我们要求所有我们推荐的VPN供应商提供OpenVPN配置文件以便在任何客户端使用。 **如果** 一个VPN提供他们自己的定制客户端我们需要一个killswitch来阻止断开连接时的网络数据泄露。
**符合条件的最低要求。**
- 支持强大的协议如WireGuard & OpenVPN。
- 客户端内置的杀毒软件。
- 多跳支持。 多重跳转对于在单个节点受损的情况下保持数据的私密性非常重要。
- 如果提供VPN客户端它们应该是 [开源的](https://en.wikipedia.org/wiki/Open_source)就像它们一般内置的VPN软件。 我们相信, [源代码](https://en.wikipedia.org/wiki/Source_code) 的可用性提供了更大的透明度,了解你的设备实际上在做什么。
**Best Case:**
- 支持WireGuard和OpenVPN。
- 具有高度可配置的选项(在某些网络上启用/禁用,在启动时,等等)的杀戮开关。
- 易于使用的VPN客户端
- 支持 [IPv6](https://en.wikipedia.org/wiki/IPv6)。 我们希望服务器将允许通过IPv6的传入连接并允许你访问IPv6地址上托管的服务。
- [远程端口转发的能力](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) 在使用P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) 文件共享软件或托管服务器如Mumble有助于创建连接。
### 隐私
We prefer our recommended providers to collect as little data as possible. 不在注册时收集个人信息,并接受匿名的支付方式,这是必须的。
**符合条件的最低要求。**
- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
- 注册时不需要提供个人信息。最多只有用户名、密码和电子邮件。
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
- No personal information accepted (autogenerated username, no email required, etc.).
### 安全性
A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**符合条件的最低要求。**
- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
- Perfect Forward Secrecy (PFS).
- Published security audits from a reputable third-party firm.
**Best Case:**
- Strongest Encryption: RSA-4096.
- Perfect Forward Secrecy (PFS).
- Comprehensive published security audits from a reputable third-party firm.
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
### Trust
You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
**符合条件的最低要求。**
- Public-facing leadership or ownership.
**Best Case:**
- Public-facing leadership.
- Frequent transparency reports.
### Marketing
With the VPN providers we recommend we like to see responsible marketing.
**符合条件的最低要求。**
- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
Must not have any marketing which is irresponsible:
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
- Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes.
- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor.
**Best Case:**
Responsible marketing that is both educational and useful to the consumer could include:
- An accurate comparison to when [Tor](tor.md) should be used instead.
- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion)
### Additional Functionality
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.