privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-08-28 17:09:16 +00:00
Code Activity

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot
2023-04-11 17:41:10 +00:00
parent a0707ccc54
commit fa99d5df46
1976 changed files with 243497 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
i18n/zh-Hant/404.md Normal file
View File

@@ -0,0 +1,19 @@
---
hide:
- feedback
meta:
-
property: "robots"
content: "noindex, nofollow"
---
# 404 - 頁面不存在
找不到您所請求的頁面 或許您是在找這些嗎?
- [介紹威脅模型](basics/threat-modeling.md)
- [推薦的 DNS 服務商](dns.md)
- [最佳的桌面瀏覽器](desktop-browsers.md)
- [最好的 VPN 服務商](vpn.md)
- [Privacy Guides 論壇](https://discuss.privacyguides.net)
- [部落格](https://blog.privacyguides.org)

53
i18n/zh-Hant/CODE_OF_CONDUCT.md Normal file
View File

@@ -0,0 +1,53 @@
# Community Code of Conduct
**We pledge** to make our community a harassment-free experience for everyone.
**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others.
**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment.
## Community Standards
What we expect from members of our communities:
1. **Don't spread misinformation**
We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence.
1. **Don't abuse our willingness to help**
Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/).
1. **Behave in a positive and constructive manner**
Examples of behavior that contributes to a positive environment for our community include:
- Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
- Focusing on what is best not just for us as individuals, but for the overall community
### Unacceptable Behavior
The following behaviors are considered harassment and are unacceptable within our community:
- The use of sexualized language or imagery, and sexual attention or advances of any kind
- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or email address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
## Scope
Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities.
We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion.
### Contact
If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system.
If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`.
All community leaders are obligated to respect the privacy and security of the reporter of any incident.

40
i18n/zh-Hant/about/criteria.md Normal file
View File

@@ -0,0 +1,40 @@
---
title: 通用標準
---
!!! 示例“工作進行中”
以下頁面是一項正在進行的工作,並未反映我們目前的建議的全部標準。 過去關於此主題的討論: [# 24] (https://github.com/privacyguides/privacyguides.org/ discussion/24)
以下是一些必須適用於所有提交給 Privacy Guides 的內容。 每個類別都會有額外的加入要求。
## 財務披露
我們不通過推薦某些產品賺錢,我們不使用聯盟鏈接,我們不向項目捐贈者提供特殊考慮。
## 一般指引
我們在考慮新建議時應用這些優先事項:
- **安全**:工具應在合適的地方遵循安全的最佳做法。
- **源代碼可取得**:開源專案通常比同等商用替代方案更受歡迎。
- **跨平臺**:我們通常傾向於建議跨平臺,以避免供應商鎖定。
- **積極開發**:我們建議的工具應該積極開發,在大多數情況下,未維護的項目將被移除。
- **可用性**:工具應可讓大多數電腦使用者使用,無需要求過度的技術背景。
- **Documented**:工具應有清晰和廣泛的文件可供使用。
## 開發人員自我提交
自薦項目或軟體的開發人員,我們有這些要求。
- 必須披露從屬關係,即您在提交的項目中的職位。
- 必須有安全白皮書,如果項目涉及處理敏感資訊,如通訊軟體、密碼管理器,加密雲端存儲等。
- 第三方審計狀態。 我們想知道你是否有一個,或者有一個計劃。 如果可以,請說明由誰來進行審計。
- 必須解釋這個項目在隱私方面帶來了什麼。
- 它能解決任何新的問題嗎?
- 爲什麼人們可以使用它勝過其它替代品?
- 必須說明該項目確切的威脅模型。
- 潛在用戶應該清楚項目可以提供什麼,不能提供什麼。

50
i18n/zh-Hant/about/donate.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: 支持與贊助
---
<!-- markdownlint-disable MD036 -->
Privacy Guides 需要大量的 [](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 和 [工作](https://github.com/privacyguides/privacyguides.org/pulse/monthly) ,以保持最新並傳播關於隱私和大規模監控的消息。 如果您喜歡我們的工作,請考慮參與 [編輯網站](https://github.com/privacyguides/privacyguides.org) 或 [貢獻翻譯](https://crowdin.com/project/privacyguides)。
如果你想在經濟上支援我們,對我們來說,最方便的方法是通過 Open Collective 捐款這是一個由我們的財政主機營運的網站。Open Collective 接受信用卡/借記卡、PayPal 和銀行轉帳的付款。 Open Collective 接受信用卡/借記卡、PayPal 和銀行轉帳的付款。
[在 OpenCollective.com 上捐款](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary}
在美國直接向我們捐贈的Open Collective通常可以免稅因為我們的財政東道主 Open Collective Foundation 是一個註冊的501 c 3組織。 捐贈後,您將收到 Open Collective Foundation 的收據。 隱私指南不提供財務建議,您應該聯繫您的稅務顧問,以確定這是否適用於您。
如果您已經使用 GitHub 贊助,您也可以在那裡贊助我們的組織。
[在 GitHub 上贊助我們](https://github.com/sponsors/privacyguides ""){.md-button}
## 贊助者清單
特別感謝所有支持我們使命的人! :heart:
*請注意此部分直接從Open Collective 加載小部件。 本節並不反映Open Collective 以外的捐贈,我們也無法控制本節所列的特定捐贈者。*
<script src="https://opencollective.com/privacyguides/banner.js"></script>
## 我們如何使用贊助費用
Privacy Guides 是一個 **非營利** 組織。 我們將捐款用於各種目的,包括:
**域名註冊**
:
我們有一些網域名稱,如 `privacyguides.org` ,每年花費大約 10 美元。
**網站託管**
:
本網站的流量每月使用大約是數百 GB我們使用各種服務提供商來提供流量。
**線上服務**
:
我們託管[網際網路服務](https://privacyguides.net) 測試和展示不同的隱私產品,我們喜歡和 [推薦](../tools.md)。 其中一些公開供我們的社區使用( SearXNG Tor等 ,有些則提供給我們的團隊成員(電子郵件等)。
**產品購買**
:
我們偶爾會購買產品和服務,以測試我們的 [推薦工具](../tools.md)。
我們仍在與我們的財政托管機構Open Collective Foundation合作以接收加密貨幣捐贈目前會計對許多較小的交易是不可行的但這種情況在未來應該會發生變化。 與此同時,如果您希望捐贈大於 $ 100 美元的加密貨幣,請聯繫 [jonah@privacyguides.org](mailto:jonah@privacyguides.org)

102
i18n/zh-Hant/about/index.md Normal file
View File

@@ -0,0 +1,102 @@
---
title: "About Privacy Guides"
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
schema:
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
---
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that arent run by the big tech companies.
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet.
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], [NPO Radio 1](https://www.nporadio1.nl/nieuws/binnenland/8eaff3a2-8b29-4f63-9b74-36d2b28b1fe1/ooit-online-eens-wat-doms-geplaatst-ga-jezelf-eens-googlen-en-kijk-dan-wat-je-tegenkomt), and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
## History
Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely.
In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document.
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
## Our Team
??? person "@jonah"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/jonah)
- [:simple-github: GitHub](https://github.com/jonaharagon "@jonaharagon")
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me}
- [:fontawesome-solid-house: Homepage](https://www.jonaharagon.com)
??? person "@niek-de-wilde"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/Niek-de-Wilde)
- [:simple-github: GitHub](https://github.com/blacklight447 "@blacklight447")
- [:simple-mastodon: Mastodon](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me}
??? person "@dngray"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/dngray)
- [:simple-github: GitHub](https://github.com/dngray "@dngray")
- [:simple-mastodon: Mastodon](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me}
- [:fontawesome-solid-envelope: Email](mailto:dngray@privacyguides.org)
??? person "@freddy"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy)
- [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m")
- [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me}
- [:fontawesome-solid-envelope: Email](mailto:freddy@privacyguides.org)
- [:fontawesome-solid-house: Homepage](https://freddy.omg.lol)
??? person "@mfwmyfacewhen"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen)
- [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen")
- [:fontawesome-solid-house: Homepage](https://mfw.omg.lol)
??? person "@olivia"
- [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/olivia)
- [:simple-github: GitHub](https://github.com/hook9 "@hook9")
- [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me}
Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides).
Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States.
## Site License
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.
This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space!

50
i18n/zh-Hant/about/notices.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "Notices and Disclaimers"
---
## Legal Disclaimer
Privacy Guides is not a law firm. As such, the Privacy Guides website and contributors are not providing legal advice. The material and recommendations in our website and guides do not constitute legal advice nor does contributing to the website or communicating with Privacy Guides or other contributors about our website create an attorney-client relationship.
Running this website, like any human endeavor, involves uncertainty and trade-offs. We hope this website helps, but it may include mistakes and cant address every situation. If you have any questions about your situation, we encourage you to do your own research, seek out other experts, and engage in discussions with the Privacy Guides community. If you have any legal questions, you should consult with your own legal counsel before moving forward.
Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on the website or otherwise relating to such materials on the website or on any third-party sites linked on this site.
Privacy Guides additionally does not warrant that this website will be constantly available, or available at all.
## Licensing Overview
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
Unless otherwise noted, all **content** on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). The underlying **source code** used to generate this website and display that content is released under the [MIT License](https://github.com/privacyguides/privacyguides.org/tree/main/LICENSE-CODE).
This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive:
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.
We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
## Acceptable Use
You may not use this website in any way that causes or may cause damage to the website or impairment of the availability or accessibility of Privacy Guides, or in any way which is unlawful, illegal, fraudulent, harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity.
You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including:
* Excessive Automated Scans
* Denial of Service Attacks
* Scraping
* Data Mining
* 'Framing' (IFrames)
---
*Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://creativecommons.org/licenses/by-sa/4.0/).*

61
i18n/zh-Hant/about/privacy-policy.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: "隐私政策"
---
Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people).
## Data We Collect From Visitors
The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website:
- No personal information is collected
- No information such as cookies are stored in the browser
- No information is shared with, sent to or sold to third-parties
- No information is shared with advertising companies
- No information is mined and harvested for personal and behavioral trends
- No information is monetized
You can view the data we collect on our [statistics](statistics.md) page.
We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy).
## Data We Collect From Account Holders
On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform.
To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site.
We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services.
We use your email to:
- Notify you about posts and other activity on the websites or services.
- Reset your password and help keep your account secure.
- Contact you in special circumstances related to your account.
- Contact you about legal requests, such as DMCA takedown requests.
On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time.
We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days.
## Contacting Us
The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to:
```text
Jonah Aragon
Services Administrator
jonah@privacyguides.org
```
For all other inquiries, you can contact any member of our team.
For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use.
## About This Policy
We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time.
A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub.

118
i18n/zh-Hant/about/privacytools.md Normal file
View File

@@ -0,0 +1,118 @@
---
title: "PrivacyTools FAQ"
---
# Why we moved on from PrivacyTools
In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.
Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.
After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions.
## What is PrivacyTools?
PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc.
Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested.
## Why We Moved On
In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again.
In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.==
## Domain Name Reliance
At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment.
The teams concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place.
Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome.
In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition.
## Community Call to Action
At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped.
## Control of r/privacytoolsIO
Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.
Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.
> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.
>
> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct).
## Beginning the Transition
On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain:
> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.
This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/)
- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org).
- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
- Posting announcements to our subreddit and various other communities informing people of the official change.
- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.
Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.
## Following Events
Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project.
At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible).
Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services.
Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so.
BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim.
## PrivacyTools.io Now
As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs.
==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder.
## r/privacytoolsIO Now
After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021:
> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you.
>
> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. Its not a task for dilettantes or commitment-challenged people. It cant thrive under a gardener who abandons it for several years, then shows up demanding this years harvest as their tribute. Its unfair to the team formed years ago. Its unfair to you. [...]
Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides.
In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules:
> Retaliation from any moderator with regards to removal requests is disallowed.
For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.
## OpenCollective Now
Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community.
Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:
> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net.
## Further Reading
This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion.
- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/)
- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/)
- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/)
- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides)
- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280)
- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/)
- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/)
- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496)
- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20)

38
i18n/zh-Hant/about/services.md Normal file
View File

@@ -0,0 +1,38 @@
# Privacy Guides Services
We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below.
[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary}
## Discourse
- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net)
- Availability: Public
- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse)
## Gitea
- Domain: [code.privacyguides.dev](https://code.privacyguides.dev)
- Availability: Invite-Only
Access may be granted upon request to any team working on *Privacy Guides*-related development or content.
- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea)
## Matrix
- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org)
- Availability: Invite-Only
Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence.
- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy)
## SearXNG
- Domain: [search.privacyguides.net](https://search.privacyguides.net)
- Availability: Public
- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker)
## Invidious
- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net)
- Availability: Semi-Public
We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time.
- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious)

61
i18n/zh-Hant/about/statistics.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: Traffic Statistics
---
## Website Statistics
<iframe plausible-embed src="https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="plausibleFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">Stats powered by <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('plausibleFrame').src = 'https://stats.privacyguides.net/share/privacyguides.org?auth=IxTl2wRhi3uxF09rd1NSn&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>
## Blog Statistics
<iframe plausible-embed src="https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=system&background=transparent" scrolling="no" frameborder="0" loading="lazy" style="width: 1px; min-width: 100%; height: 1600px;" id="blogFrame"></iframe>
<div style="font-size: 14px; padding-bottom: 14px;">Stats powered by <a target="_blank" style="color: #4F46E5; text-decoration: underline;" href="https://plausible.io">Plausible Analytics</a></div>
<script async src="https://stats.privacyguides.net/js/embed.host.js"></script>
<script>
/* Set palette on initial load */
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
/* Register event handlers after documented loaded */
document.addEventListener("DOMContentLoaded", function() {
var ref = document.querySelector("[data-md-component=palette]")
ref.addEventListener("change", function() {
var palette = __md_get("__palette")
if (palette && typeof palette.color === "object") {
var theme = palette.color.scheme === "slate" ? "dark" : "light"
document.getElementById('blogFrame').src = 'https://stats.privacyguides.net/share/blog.privacyguides.org?auth=onWV76WWcsDifUqlaHEAg&embed=true&theme=' + theme + '&background=transparent';
}
})
})
</script>

103
i18n/zh-Hant/advanced/communication-network-types.md Normal file
View File

@@ -0,0 +1,103 @@
---
title: "通訊網路的類型"
icon: 'material/transit-connection-variant'
description: 簡介常見的即時通訊應用程式網路架構。
---
有幾種網絡架構常運用於在人與人之間傳遞消息。 這些網路提供不同的隱私保證,這就是為什麼在決定使用哪個應用程式時,最好能考慮您的[威脅模型](../basics/threat-modeling.md) 。
[推薦的即時通訊工具](../real-time-communication.md ""){.md-button}
## 集中式網絡
![集中網絡圖](../assets/img/layout/network-centralized.svg){ align=left }
集中式信使是指所有參與者都在同一伺服器或同一組織所控制的伺服器網絡。
有些自託管信使允許設置自己的伺服器。 自託管可以提供額外的隱私保證,例如不用記錄或限制讀取元數據(關於誰與誰交談的資料)。 自託管的集中式信使是隔離的,每個人都必須在同一個伺服器上進行通信。
**優點**
- 新功能和變更可以更快地實施。
- 更容易使用和查找聯系人。
- 近乎成熟和穩定的生態系統,因為集中式軟件更容易編程。
- 當您信任自我託管的伺服器時,隱私問題可能會減少。
**缺點**
- [限制控制或存取](https://drewdevault.com/2018/08/08/Signal.html)。 可能包括以下內容:
- 集中型網路 [禁封了](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165)可以提供更靈活自定與更佳使用體驗的第三方客戶端。 通常定義在使用條款和條件。
- 對於第三方開發人員來說,文件記錄很糟。
- 由單一實體控制服務時,其 [所有權](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/)、隱私政策和服務操作可輕易改變,甚致危及服務。
- 自我託管需要精力和設置服務的知識。
## 聯邦式網絡
![聯邦式網絡圖](../assets/img/layout/network-decentralized.svg){ align=left }
聯合信使使用多個獨立的分散式伺服器,這些伺服器能夠彼此通訊(電子郵件是聯合服務的一個例子)。 聯邦讓系統管理員控制自己的伺服器,成為更大通訊網絡中的一員。
當自行託管時,聯邦伺服器的成員可以發現並與其他伺服器的成員進行通信,而有些伺服器可能會選擇保持私密而不加入聯邦(例如工作團隊伺服器)。
**優點**
- 運行自己的伺服器可以更加控制自己的資料。
- 可從多個“公共”伺服器之中選擇信任的資料託付者。
- 可讓第三方客戶端提供更原生、定制或親和的體驗。
- 假設您有存取伺服器的權限或信任有此權限的人(例如,家庭成員),可以驗證伺服器軟體是否與公開原始碼相符。
**缺點**
- 添加新功能較複雜,因為這些功能需要標準化和測試,以確保可與網絡上的所有伺服器配合使用。
- 根據前一點,與集中式平臺相比,聯邦式網絡欠缺完整功能或容易出現意外,例如離線時的訊息中繼或訊息刪除。
- 可能會產生某些元數據(例如使用 E2EE 時, “誰在與誰交談”但不知其實際內容的資料)。
- 聯邦式伺服器通常需要信任伺服器管理員。 他們可能是業餘愛好者,也不是“安全專業人士” ,欠缺標準文件,如隱私政策或服務條款,來詳細說明資料如何被使用。
- 伺服器管理員有時會封鎖其他伺服器,因為它們無節制地濫用的或違反公認行為的一般規則。 這會阻礙您與這些伺服器成員溝通的能力。
## 對等網絡
![P2P示意圖](../assets/img/layout/network-distributed.svg){ align=left }
P2P 軟體連接到 [分佈式網路](https://en.wikipedia.org/wiki/Distributed_networking) 中的節點,在沒有第三方伺服器的情況下將訊息傳遞給收件人。
客戶端(對等軟體)通常通過 [分布式計算](https://en.wikipedia.org/wiki/Distributed_computing) 網絡找到彼此。 例如, [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT)被 [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) 和 [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 使用。 另一種方法是鄰近的網絡通過WiFi或藍牙建立連接例如 Briar 或 [Scuttlebutt](https://www.scuttlebutt.nz) 社交網絡協議)。
一旦對等體通過任何這些方法找到通往其聯繫的路徑,它們之間就會建立直接連接。 通常訊息內容會加密,但觀察者仍然可以推斷發件人和收件人的位置和身份。
P2P 網絡不使用伺服器,對等方彼此之間直接通信,因此不能自我託管。 但是,一些額外的服務可能要靠集中式伺服器,例如用戶看到或轉發離線消息,這些需要自託管伺服器的協助。
**優點**
- 最少的信息暴露給第三方。
- 現代 P2P 平臺皆已預設為 E2EE。 不像集中和聯邦式網絡,沒有伺服器會攔截和解密您的傳輸。
**缺點**
- 精簡功能集:
- 訊息只能在兩個對等方都在線時發送,但是,客戶端可能會在本地儲存訊息以等待聯絡人在線時送出。
- 增加移動設備的電池使用量,因為客戶端必須保持與分佈式網絡的連接,以了解誰在線。
- 缺少某些傳訊功能或不完整,例如訊息刪除。
- 如果您未將軟體與 [VPN](../vpn.md) 或 [Tor](../tor.md)配合使用,則很可能暴露了自己和通訊聯絡人的 IP 位址。 許多國家都有某種形式的大規模監控和/或元數據保留。
## 匿名路由
![匿名路由示意圖](../assets/img/layout/network-anonymous-routing.svg){ align=left }
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的傳訊方式會隱藏發送者、接收者的身份或他們一直在溝通的證據。 理想情況下,這三種東西都該被隱藏。
匿名路由[有多種](https://doi.org/10.1145/3182658) 實現方式。 其中最著名 [洋蔥路由](https://en.wikipedia.org/wiki/Onion_routing) (即 [Tor](tor-overview.md) ,該虛擬 [覆蓋網絡](https://en.wikipedia.org/wiki/Overlay_network) 隱藏節點位置以及收件人和發件人之間的加密訊息。 發送者和接收者不會直接互動,而是通過祕密會合節點,這樣就不會洩漏 IP 位址或物理位置。 節點無法解密訊息,也無法解密最終目的地;只有收件人可以。 中間節點只能解密下一步送到哪裡的指示,消息本體仍保持加密直到送達最終有權限解密的收件人,因此是“洋蔥層”。
在匿名路由網絡中自我託管節點無法增加額外隱私優勢,但有助於整個網絡軔性抵禦識別攻擊。
**優點**
- 很少甚至無資訊暴露給其他方。
- 消息可以以分散的方式接力傳遞,即使其中一方離線。
**缺點**
- 消息傳播速度慢。
- 通常僅支援少數媒體類型,因為網絡速度慢主要為文字傳輸。
- 隨機路由選擇節點,某些節點可能遠離發送者和接收者,增加延遲,甚至因某個節點離線而無法傳輸消息。
- 入手更複雜,因為需要創建和備份加密私鑰。
- 如同其他分散式平臺,對開發人員而言,添加功能比集中式平臺更複雜。 因此,功能欠缺或未完全執行,例如離線消息中繼或消息刪除。

354
i18n/zh-Hant/advanced/dns-overview.md Normal file
View File

@@ -0,0 +1,354 @@
---
title: "DNS 簡介"
icon: material/dns
description: 網域名稱系統是“網際網路電話簿” ,可幫助瀏覽器找到它正在尋找的網站。
---
[網域名稱系統](https://en.wikipedia.org/wiki/Domain_Name_System) 是「網際網路的電話簿」。 DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。
## 什麼是 DNS
當您訪問一個網站時,會傳回一個數字地址。 以訪問 `privacyguides.org`網站為例,它傳回的地址為 `192.98.54.105`
DNS 從網際網路的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System#History) 就存在了。 來往 DNS 伺服器的 DNS 請求通常 **不是** 加密的。 一般家用的網路中,客戶的伺服器通常是由 ISP 透過 [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)給予的。
未經加密的 DNS 請求很容易**被監視** 或在傳輸過程中**遭到修改modified**。 在某些地區, ISP 被要求做初級的 [DNS 過濾](https://en.wikipedia.org/wiki/DNS_blocking)。 當您要求被封鎖網域的IP位址時伺服器可能不會回應或可能會使用其他IP位址回應。 由於DNS通訊協定沒有加密 ISP (或任何網路營運商)可以使用 [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) 來監控請求。 網路服務供應商也可以根據共同特徵封鎖請求,無論你使用哪種 DNS 伺服器。 未加密的 DNS 總是使用 53 號[端口](https://en.wikipedia.org/wiki/Port_(computer_networking)) 並且總是使用UDP。
接下來,我們將討論並提供一個教程來證明外部觀察者可以使用普通的未加密 DNS 和 [加密 DNS ](#what-is-encrypted-dns)看到什麼。
### 未加密的 DNS
1. 使用 [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) [Wireshark](https://en.wikipedia.org/wiki/Wireshark) 項目的一部分) ,我們可以監控和記錄網路封包的傳輸。 此命令記錄符合指定規則的封包:
```bash
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
2. 我們可以使用 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) Linux MacOS 等)或 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) Windows 將DNS 查詢發送到伺服器。 Web 瀏覽器等軟體會自動執行這些查詢除非它們被配置為使用加密的DNS。
= = = "Linux macOS"
```
dig +noall +answer privacyguides.org @1.1.1.1
dig +noall +answer privacyguides.org @8.8.8.8
```
= = = "Windows"
```
nslookup privacyguides.org 1.1.1.1
nslookup privacyguides.org 8.8.8.8
```
3. 接下來我們要[分析](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) 結果:
=== "Wireshark"
```
wireshark -r/tmp/dns.pcap
```
=== "tshark"
```
tshark -r /tmp/dns.pcap
```
如果執行上面的 Wireshark 命令,頂部窗格會顯示「[frame](https://en.wikipedia.org/wiki/Ethernet_frame)」,底部窗格會顯示所選框架的所有資料。 企業過濾和監控解決方案(例如政府購買的解決方案)可以自動執行此過程,而無需人工交互,並且可以聚合這些框架以產生對網路觀察者有用的統計數據。
| 不。 | 時間 | 來源 | 目的地 | 協議 | 長度 | 資訊 |
| -- | -------- | --------- | --------- | --- | --- | ----------------------------------------------------- |
| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | 標準查詢 0x58ba A privacyguides.org OPT |
| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | 標準查詢回應 0x58ba A privacyguides.org A 198.98.54.105 OPT |
| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | 標準查詢 0x58ba A privacyguides.org OPT |
| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | 標準查詢回應0xf1a9 A privacyguides.org A 198.98.54.105 OPT |
觀察者可以修改這些封包。
## 什麼是「加密後的 DNS」
加密 DNS 可以引用許多協議之一,最常見的是:
### DNSCrypt
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是第一種查詢加密 DNS 的方法之一。 DNSCrypt 在 443 端口上運作,與 TCP 或 UDP 傳輸協議一起使用。 DNSCrypt 從未向 [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force)提交文件 ,也未通過 [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) 流程,因此 [實用少](https://dnscrypt.info/implementations)並未被廣泛使用。 因此,它大量被更受歡迎的 [DNS over HTTPS](#dns-over-https-doh) 取代。
### 通過 TLS 的 DNS)
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) 是另一種加密 DNS 通訊方式,其定義於 [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858)。 支持首先在Android 9 iOS 14和Linux的 [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) 版本237中實現。 近年來,業界偏好已經從 DoT 轉移到 DoH ,因為 DoT 協議[複雜](https://dnscrypt.info/faq/) 並且在實現中對RFC 的遵照狀況各不相同。 DoT 還在專用端口 853 上運行,但很容易被限制性防火牆阻止。
### 通過 HTTPS 的 DNS)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) 定義在 [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) 文件,封包查詢透過[HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) 協議,以 HTTPS 提供安全性。 最初使用於 Firefox 60 和 Chrome 83 等網頁瀏覽器。
DoH 原生執行出現在 iOS 14, macOS 11, Microsoft Windows, 與 Android 13 (不過其並未[預設啟動 ](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144))。 一般 Linux 桌面支援仍待 systemd [實現](https://github.com/systemd/systemd/issues/8639) 所以 [還是得安裝第三方軟體](../dns.md#encrypted-dns-proxies)。
## 外部人士可以看到什麼?
在此範例中,我們將記錄當我們提出 DoH 請求時發生的事情:
1. 首先,打開 `tshark`
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
2. 其次,使用 `curl`提出請求:
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
3. 提出請求後,快速鍵 <kbd>CTRL</kbd> + <kbd>C</kbd>可停止封包捉取。
4. 在 Wireshark 中分析結果:
```bash
wireshark -r /tmp/dns_doh.pcap
```
[連接建立](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) 在加密連接時會進行 [TLS 握手](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) 。 當查看隨後的“應用程序數據”封包時,都不包含所請求的域名或它的 IP 地址。
## 什麼時候 **不該** 使用加密的 DNS
在有網路過濾(或審查)的地方,訪問被禁止的資源可能會產生某些後果,您應該在 [威脅模型](../basics/threat-modeling.md)中考慮這些後果。 非常 **不建議**把加密 DNS 用在此目的上。 使用 [Tor](https://torproject.org) 或 [VPN](../vpn.md) 代替。 如果您使用的是VPN ,則應使用 VPN 的 DNS 伺服器。 使用 VPN 時,您已經信任它們與您的所有網路活動。
當我們進行 DNS 查詢時,通常是因為我們想要存取資源。 接下來,我們將討論一些即使在使用加密 DNS 時也可能會披露您的瀏覽活動的情況:
### IP 位址
確定瀏覽活動的最簡單方法可能是查看您的設備正在訪問的 IP 位址。 例如,如果觀察者知道 `privacyguides.org` 位於 `198.98.54.105`,而您的裝置正在請求 `198.98.54.105`的數據,則很有可能您正在訪問隱私指南。
此方法僅在 IP 位址屬於僅託管少數網站的伺服器時才有用。 如果網站託管在共享平臺上例如Github Pages Cloudflare Pages Netlify WordPress Blogger等 ,它也不是很有用。 如果服務器託管在 [反向代理](https://en.wikipedia.org/wiki/Reverse_proxy)之後,這也不是很有用,這在現代互聯網上非常常見。
### 伺服器名指示(SNI)
伺服器名稱指示通常用於IP位址託管多個網站時。 這可能是像 Cloudflare 的服務,或者其他 [阻斷服務攻擊](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保護。
1. 再次開始捕捉 `tshark`。 我們添加了一個自身IP 地址的過濾器,因此您不會捕獲過多封包:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
2. 然後訪問 [https://privacyguides.org](https://privacyguides.org)。
3. 在訪問網站後,以 <kbd>CTRL</kbd> + <kbd>C</kbd>停止封包捕捉。
4. 接下來分析結果:
```bash
wireshark -r/tmp/pg.pcap
```
連接建立後與 privacyguides 網站的TLS 握手。 大約在第5 幀附近。 你會看到一個“客戶你好”。
5. 展開每個字段旁邊的三角形 &#9656;
```text
▸ Transport Layer Security
▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello
▸ Handshake Protocol: Client Hello
▸ Extension: server_name (len=22)
▸ Server Name Indication extension
```
6. 我們可以看到我們正在訪問的網站的SNI值。 `tshark` 命令可以直接爲所有包含 SNI 封包提供值:
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
即便使用「加密 DNS」伺服器網域也可能會透過 SNI 披露。 [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) 協議帶來了 [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/),可以防止這種洩漏。
政府,特別是 [中國](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) 和 [俄羅斯](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/),已經[開始封鎖](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) ,或者有些表示將這樣做。 近來俄羅斯
開始屏蔽使用 [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3)的外國網站。 這是因為作為HTTP/3的一部分的 [QUIC](https://en.wikipedia.org/wiki/QUIC) 協議要求 `ClientHello` 也被加密。</p>
### 線上憑邆狀態協議 (OCSP)
瀏覽器會披露瀏覽活動的另一種方式是使用 [線上憑證狀態協議 (Online Certificate Status Protocol)](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol)。 訪問有 HTTPS 網站時,瀏覽器會檢查網站的 [憑證](https://en.wikipedia.org/wiki/Public_key_certificate) 是否已被撤銷。 這是透過 HTTP 協議完成的,這意味著它**不是** 加密的。
OCSP 請求包含憑證,其帶有獨特的"[序列號](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)"。 它被發送到 “OCSP 回應器”去檢查其狀態。
利用 [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) 命令模擬瀏覽器會做什麼。
1. 取得伺服器憑證並使用 [`sed`](https://en.wikipedia.org/wiki/Sed) 來保留重要部分並將其寫入檔案:
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
2. 取得中間憑證。 [憑證授權機構(CA)](https://en.wikipedia.org/wiki/Certificate_authority) 通常不會直接簽署憑證;他們使用所謂的「中間」憑證。
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
3. `pg_and_intermediate.cert` 中的第一個憑證實際上是步驟1 的伺服器憑證。 我們可以再次使用 `sed` 來刪除直到 END 第一個實例:
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
4. 取得伺服器憑證的OCSP 回應器:
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
我們的憑證顯示 Lets Encrypt 憑證回應器。 如果我們想查看憑證的所有細節,我們可以使用:
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
5. 開始捕取封包:
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
6. 提出 OCSP 要求:
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
-cert /tmp/pg_server.cert \
-text \
-url http://r3.o.lencr.org
```
7. 打開捕捉資料:
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
將會有兩個帶有「OCSP」通訊協定的封包「Request」和「Response」。 對於“Request” ,可以通過擴展每個字段旁邊的三角形 &#9656; 來看到“序列號”
```bash
▸ Online Certificate Status Protocol
▸ tbsRequest
▸ requestList: 1 item
▸ Request
▸ reqCert
serialNumber
```
對於“回應” ,我們也可以看到“序列號”
```bash
▸ Online Certificate Status Protocol
▸ responseBytes
▸ BasicOCSPResponse
▸ tbsResponseData
▸ responses: 1 item
▸ SingleResponse
▸ certID
serialNumber
```
8. 或者使用 `tshark` 來過濾序列號的封包:
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
如果網路觀察者拿到可公開取得的公共憑證,就可將序列號與該憑證作匹配,從而確定您正在訪問的網站。 這個過程可以自動化並且可以將IP地址與序列號相關聯。 也可檢查 [憑證透明度](https://en.wikipedia.org/wiki/Certificate_Transparency) 日誌的序列號。
## 我應該用加密 DNS 嗎?
這個流程圖描述了何時 *應該使用* 加密 DNS:
``` mermaid
graph TB
Start[Start] --> anonymous{Trying to be<br> anonymous?}
anonymous--> | Yes | tor(Use Tor)
anonymous --> | No | censorship{Avoiding<br> censorship?}
censorship --> | Yes | vpnOrTor(Use<br> VPN or Tor)
censorship --> | No | privacy{Want privacy<br> from ISP?}
privacy --> | Yes | vpnOrTor
privacy --> | No | obnoxious{ISP makes<br> obnoxious<br> redirects?}
obnoxious --> | Yes | encryptedDNS(Use<br> encrypted DNS<br> with 3rd party)
obnoxious --> | No | ispDNS{Does ISP support<br> encrypted DNS?}
ispDNS --> | Yes | useISP(Use<br> encrypted DNS<br> with ISP)
ispDNS --> | No | nothing(Do nothing)
```
與第三方合作的加密 DNS 應限於避開重定向和基本的 [DNS 封鎖](https://en.wikipedia.org/wiki/DNS_blocking) ,也就是確定無後顧或對供應商的基本過濾感興趣時才用第三方。
[推薦的 DNS 伺服器列表](../dns.md ""){.md-button}
## 什麼是 DNSSEC
[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC)是 DNS 的一項功能,域名查找的回應予以驗證。 它無法為查詢者提供隱私保護而是防止攻擊者操縱或毒害對DNS 請求的回應。
換句話說, DNSSEC 對資料進行數位簽名,幫助確保其有效性。 為了確保安全查找,過程中的每個層級都會簽名。 因此DNS 全部的回答都可以被信任。
DNSSEC 簽署過程類似於無法仿製的個人獨特簽名於法律文件,法院專家透過簽名驗證該文件效力須依據簽名的真假判定。 這些數位簽名確保資料不會被篡改。
DNSSEC 在所有 DNS 層中實施分級數位簽名政策。 例如,查詢 `privacyguides.org` ,根 DNS 伺服器將簽署尾綴 `.org` 伺服器密鑰,然後 `.org` 伺服器再簽署 `privacyguides.org`的授權名稱伺服器的密鑰。
<small>改編自 Google [DNS Security Extensions (DNSSEC) overview] (https://cloud.google.com/dns/docs/dnssec)和 Cloudflare [DNSSEC: An Introduction] (https://blog.cloudflare.com/dnssec-an-introduction/) ,兩者均根據[CC BY 4.0] (https://creativecommons.org/licenses/by/4 .0/)授權。</small>
## 什麼是QNAME最小化
QNAME是“限定名稱” ,例如 `privacyguides.org`。 QNAME 最小化可減少從 DNS 伺服器傳送到 [授權名稱伺服器](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server)的資訊量。
與其傳送完整域名 `privacyguides.org` QNAME最小化意味著 DNS 伺服器會請求所有 `.org`尾綴 的記錄。 進一步的技術描述在 [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816)。
## 什麼是 EDNS 客戶端子網(ECS )
[EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) 是遞歸DNS 解析器為DNS 查詢的 [主機或客戶端](https://en.wikipedia.org/wiki/Client_(computing)),指定 [子網絡](https://en.wikipedia.org/wiki/Subnetwork) 的方法。
它的目的是回答客戶端距離最靠近的伺服器以“加快”資料的傳遞,類似[內容傳遞網絡](https://en.wikipedia.org/wiki/Content_delivery_network),後者通常用於視頻串流和 JavaScript Web 應用程序。
此功能確實以隱私為代價,因為它會告訴 DNS伺服器一些有關客戶端位置的資訊。

84
i18n/zh-Hant/advanced/payments.md Normal file
View File

@@ -0,0 +1,84 @@
---
title: 私密支付
icon: material/hand-coin
---
購買習慣的資料視為廣告定位聖杯是有原因的:購買行為會洩漏有關當事人的許多寶貴資訊。 不幸的是,目前的金融體系在設計上不利隱私,使銀行、其他公司和政府能夠輕鬆追蹤交易。 然而,在私下付款方面,您有很多選擇。
## 現金
幾個世紀以來, **現金** 一直是私人支付的主要形式。 在大多數情況下,現金具有優秀的隱私性,在大多數國家被廣泛接受,並且是 **可替代的**,這意味著它是非唯一的,完全可互換。
現金支付法因國家而異。 在美國10,000美元以上交易需在 [8300表格中](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000)對美國國稅局披露。 收款業必須驗證收款人的姓名、地址、職業、出生日期、社會安全號碼或其他TIN (部分例外)。 少於 3,000 美元交換和匯款,就無須身份證明。 現金鈔票有序號。 商家很少追蹤序號,但執法部門可以在針對性調查中用到它們。
儘管如此,現金仍是最好的選擇。
## 預付卡 & 禮品卡
在大多數雜貨店和便利店用現金購買禮品卡和預付卡相對簡單。 禮品卡通常不收取費用,但預付卡通常會收取費用,因此請留意其費用和到期日期。 為了減少欺詐行為,部分商店可能會在結帳時要求查看身分證件。
禮品卡通常每張上限為 200美元有些禮品卡上限到 2,000 美元。 預付卡(例如:來自 Visa 或 Mastercard )通常卡片額度為 1,000 美元。
禮品卡的缺點是受商家政策的約束,這些政策可能有糟糕的條款和限制。 例如,有些商家不接受禮品卡付款,或者對高風險用戶取消禮品卡的價值。 一旦您拿了由商家信用擔保的禮品卡,商家就會對這筆金額有強烈的控制權。
預付卡無法從 ATM 提取現金或在 Venmo 以應用程序中進行“點對點”付款。
對於大多數人來說,現金仍然是現場購物的最佳選擇。 禮品卡用處在於節省。 預付卡適用於不接受現金的地方。 網路中禮品卡和預付卡比現金更容易使用,也更容易透過加密貨幣獲得。
### 網上交易平臺
如果您有 [加密貨幣](../cryptocurrency.md),可在線禮品卡市場購買禮品卡。 有服務在更高額度時有提供身份驗證選項,它們也允許帳戶只需提供電子郵件地址。 基本帳戶限額為每天 5,000-10,000 美元,身份驗證帳戶(如果有)的限額則更高。
在網上購買禮品卡時,通常會有小折扣。 預付卡通常以面值或收取服務費在網上銷售。 如果您使用加密貨幣購買預付卡和禮品卡,您最好使用強大隱私的 Monero 付款,下面將進一步說明。 使用可追溯的付款方式支付禮物卡,取消了用現金或 Monero 購買禮品卡的隱私優點。
- [網上禮品卡市場 :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
## 虛擬卡
另一種保護個資免受線上商家侵害的方法是使用虛擬的一次性卡片,以掩蓋您的實際銀行或帳單資訊。 這可對付商家數據洩露,營銷機構粗糙的跟蹤或購買聯結以及線上資料盜竊。 **無法完全匿名**您的購買行為,也不能對金融機構隱瞞自身的資訊。 發行虛擬卡的常規金融機構受「瞭解您的客戶」( KYC )法律約束,這意味著您需要提供身份證明文件或其他識別信息。
- [推薦付款掩蔽服務 :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
這些往往是線上定期/訂閱付款的好選擇,而預付禮品卡則更適合一次性交易。
## 加密貨幣
加密貨幣是一種數位形式的貨幣,其設計上沒有中央機構如政府或銀行即自行運作。 *有些* 加密貨幣可以在線上私密交易,但許多使用公開區塊錬則無法保障交易隱私。 加密貨幣是非常不穩定的資產,這它們的價值可能隨時發生急速顯著變化。 因此,不建議加密貨幣作為長期價值儲存。 如果決定使用加密貨幣,請確保已充分了解其隱私,且投資金額不會變成災難性損失。
!!! 危險
絕大多數加密貨幣都在* *公共* *區塊鏈上運作,這意味著每筆交易都可公開知道。 這包括最知名的加密貨幣,如比特幣和以太坊。 加密貨幣的交易不應被視為私密,也不會保護您的匿名性。
此外,許多(如果不是大多數)加密貨幣都是騙局。 只用你信任的項目小心進行交易。
### 隱私幣
有許多加密貨幣聲稱通過匿名交易來提供隱私。 建議探用** 預設**為匿名交易的工具,以避免操作時發生錯誤。
- [推薦的加密貨幣 :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
隱私硬幣受到政府機構日益嚴格的監管。 2020年[美國稅務局 IRS 發表 $625,000 賞金](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc),來徵求工具破解 Bitcoin Lightning Network 和 Monero 交易隱私。 最後由 [二家公司](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) 共同獲得 $1250000 美元,但外界並不知道所開發的工具是用在哪一種加密貨幣網路。 由於這些工具的保密性,追蹤加密貨幣的方法都未得到獨立的證實。隱私硬幣交易很可能被運用在針對性地調查,而大規模監控則無法阻止。
### 其他貨幣(比特幣、以太坊等)
絕大多數加密貨幣項目使用公共區塊鏈,這意味著所有交易記錄都很容易追溯和永久保存。 因此,我們強烈不鼓勵把加密貨幣用和隱私相關的事物上。
公開區塊錬上的匿名交易*理論上* 可行,比特幣維基就 [提出如何"完全匿名"交易的案例](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation)。 然而這樣需要複雜的設置涉及Tor和“獨自挖掘”一個區塊來產生完全獨立的加密貨幣多年來幾乎沒有任何愛好者實踐過。
= =您最好還是完全避免這些加密貨幣,並堅持使用預設隱私的加密貨幣。嘗試使用其他加密貨幣超出了本網站的範圍,非常不建議。
### 錢包保管
加密貨幣有兩種形式的錢包:託管錢包和非託管錢包。 託管錢包由集中式公司/交易所運營,錢包的私鑰由該公司持有,您可以使用用戶名和密碼從任何地方存取。 非託管錢包是您自己控制和管理錢包的私鑰。 假如可以保管好錢包的私鑰安全並備份,非保管錢包比保管錢包具有更大的安全性和審查抵抗力,因為您的加密貨幣不會被保管的公司竊取或凍結。 密鑰保管在隱私貨幣上尤其重要:保管錢包使運營公司能夠查看您的交易,否定了這些加密貨幣的隱私優勢。
### 取得
私下購買 [加密貨幣](../cryptocurrency.md) 如Monero 可能很困難。 P2P 市場如 [LocalMonero](https://localmonero.co/),為促進人群交易的平台,也是個可考慮的選擇。 如果使用需要 KYC的交易所是您可接受的風險(只要隨後的交易無法追蹤)。一個更容易的方式是從 [Kraken](https://kraken.com/)等交易所購買 Monero ,或者從 KYC 交易所購買比特幣/萊特幣,然後兌換為 Monero。 然後,您可以將購入的 Monero 提取到自己的非保管錢包,以便 日後私下使用。
如果您選擇這條路線請確保以不同的時間和額度購買與用掉Monero 。 如果你在交易所購買 5000 美元的 Monero ,並在一個小時後花掉這筆錢,外部觀察者會將這些行為作關聯,無關 Monero 走的是通道。 驚人的購買和提前購買大量的Monero 以支應之後小額交易,可以避免這種陷阱。
## 其他注意事項
使用現金現場付款時,請務必謹記現場隱私。 安全攝影機無處不在。 不妨考慮穿著不顯眼的衣服和口罩如外科口罩或N95 )。 請勿註冊獎勵計劃或提供自己的相關資訊。
在網上購買時,理想情況下應該透過 [Tor](tor-overview.md)進行。 但是,許多商家不允許使用 Tor 購買。 可以考慮使用 [推薦的 VPN](../vpn.md) (使用現金、禮品卡或 Monero 支付),或利用咖啡店或圖書館免費 Wi-Fi 購買。 如果你訂購的是實體物品,則需要提供送遞地址。 您應該考慮使用郵政信箱、私人郵箱或工作地址。

94
i18n/zh-Hant/advanced/tor-overview.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: "Tor 簡介"
icon: 'simple/torproject'
description: Tor 是一個免費使用的去中心化網路,其讓用戶在使用網際網路之際盡可能地保護自己的隱私。
---
Tor 是一個免費使用的去中心化網路,其讓用戶在使用網際網路之際盡可能地保護自己的隱私。 如果使用得當,該網路可以實現私人和匿名瀏覽和通訊。
## 連接明網服務的路徑建立
「明網服務」是用任何瀏覽器都可訪問的網站,例如 [privacyguides.org](https://www.privacyguides.org)。 Tor 允許您匿名連接到某些網站,由數千個志願者運行的伺服器組成的網絡引導您的流量,這些伺服器稱為節點(或中繼)。
每當您連接到 Tor 時,它都會選擇三個節點來構建通往網際網路的路徑,這種路徑稱為「迴路」。
<figure markdown>
! [Tor 路徑顯示您的設備到達目的地網站之前所連接的入口節點,中間節點和出口節點] (../assets/img/how-tor-works/tor-path.svg#only-light)
! Tor 路徑顯示您的設備到達目的地網站之前所連接的入口節點,中間節點和出口節點] (../assets/img/how-tor-works/tor-path-dark.svg#only-dark)
<figcaption>Tor 迴路路徑</figcaption>
</figure>
每個節點都有自己的功能:
### 入口節點
入口節點,通常稱為守護節點,是 Tor 客戶端連接的第一個節點。 入口節點能夠看到您的 IP 位址,但無法看到您正在連接的內容。
不像其它節點 Tor 客戶端會隨機地選取入口節點後持續使用二~三個月以防護某些外部攻擊 [^1]
### 中間節點
中間節點是 Tor 客戶端連接的第二個節點。 它可以看到流量來自哪個節點(入口節點)以及它下一步要去哪個節點。 中間節點無法看到您的 IP 位址或您連接的網域。
對於每個新迴路,中間節點是隨機從所有可用的 Tor 節點中選出。
### 出口節點
出口節點是您的 Web 流量離開 Tor 網路並轉發到所需目的地的點。 出口節點無法看到您的 IP 位址,但它知道將連接到哪個網站。
出口節點將從所有可用的 Tor 節點中隨機選擇,並使用退出中繼標記。[^ 2]
## Onion 服務的路徑建立
“Onion 服務” (也通常被稱為“隱藏服務” )是只能由 Tor 瀏覽器訪問的網站。 這些網站有一個長串隨機生成的域名,結尾為 `.onion`
在Tor中連接到 Onion服務的工作原理與連接到明網服務非常相似但您的流量在到達目的地伺服器之前會通過 **6 個** 節點。 不過就如之前所言,其中只有三個節點會有助 *您的*匿名性,而另外三個節點則是為了保護 * Onion 服務* 匿名性,隱藏該網站的真正 IP 和位置,就如同 Tor 瀏覽器如何隱蔽您的 IP 一樣。
<figure style="width:100%" markdown>
! [Tor路徑顯示您的流量通過您的三個Tor節點加上三個額外的Tor節點隱藏網站的身份] (../assets/img/how-tor-works/tor-path-hidden-service.svg#only-light)
! [Tor路徑顯示您的流量被路由通過您的三個Tor節點加上三個額外的Tor節點隱藏網站的身份] (../assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark)
<figcaption>Tor電路路徑與洋蔥服務。 <span class="pg-blue">藍色</span> 圍欄中的節點屬於您的瀏覽器,而 <span class="pg-red">紅色</span> 圍欄中的節點屬於伺服器,因此它們的身份對您是隱藏的。</figcaption>
</figure>
## 加密
Tor 使用來自出口,中間和入口節點的密鑰對每個封包(傳輸數據區塊)依序進行三次加密。
一旦 Tor 構建了電路,數據傳輸將按照以下方式進行:
1. 首先:當數據包到達入口節點時,第一層加密被移除。 在這個加密封包中,入口節點將找到另一個具有中間節點地址的加密封包。 然後,入口節點將將封包轉發到中間節點。
2. 其次:當中間節點從入口節點接收到封包時,它也會利用其密鑰刪除一層加密,找到具有出口節點地址的加密數據包。 然後中間節點將數據包轉發到出口節點。
3. 最後:當退出節點收到其數據包時,它將使用其密鑰移除最後一層加密。 出口節點將看到目的地地址,並將封包轉發到該地址。
下面是顯示此過程的圖表。 每個節點都會移除自己的加密層,當目的地伺服器傳回數據時,同樣過程會再反向發生。 例如,出口節點不知道你是誰,但它確實知道封包來自哪個節點,因此添加了自己的加密層並將其發送回來。
<figure markdown>
![Tor 加密](../assets/img/how-tor-works/tor-encryption.svg#only-light)
![Tor 加密](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
<figcaption>通過 Tor 網路發送與接數資料</figcaption>
</figure>
Tor 允許我們連接到伺服器,而不讓任何一方知道完整路徑。 入口節點知道你是誰,但不知道你要去哪裡;中間節點不知道你是誰或你要去哪裡;出口節點知道你要去哪裡,但不知道你是誰。 由於出口節點負責了最終連線,目的地伺服器永遠不會知道您的 IP 位址。
## 注意事項
雖然 Tor 確實提供了強大的隱私保證,但必須意識到它並不完美:
- 資金充足的對手有能力被動地觀察全球大多數網絡流量,他們有機會通過先進的流量分析來解除 Tor 用戶的匿名化。 Tor 也不能保護你免於不當地暴露自己,例如你分享了太多關於你真實身份的信息。
- Tor 出口節點還可以監控通過它們的流量。 這意味著可以記錄和監控未加密的流量,例如純 HTTP 流量。 如果此類流量包含個人身份識別信息,則該出口節點可以將會消除匿名性。 因此,我們建議在可能的情況下使用 HTTPS。
如果您希望使用 Tor 瀏覽網頁,我們只建議使用 **官方** Tor 瀏覽器:它旨在防止指紋。
- [Tor 瀏覽器 :material-arrow-right-drop-circle:](../tor.md#tor-browser)
## 其他資源
- [Tor 瀏覽器用戶手冊](https://tb-manual.torproject.org)
- [ Tor 如何運作 - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
- [Tor O洋蔥服務- Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
[^1]: 迴路中的第一個節點被稱為“入口守衛”或“守衛”。 它是一個快速和穩定的中繼站,作迴路中的第一個入口通常會維持 2~3個月以防止已知的匿名破壞攻擊。 其餘的迴路則會依每次訪問網站而變化這些中繼節點共同提供Tor 完整隱私保護。 了解更多關於守衛中繼的運作,請參考 [部落格文章](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) 和 [入口守衛論文paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf)。 ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
[^2]: 中繼標記:迴路位置(例如, “Guard” “Exit” “BadExit” ,迴路屬性(例如, “Fast” “Stable” )或角色(例如, “Authority” “HSDir” )這些中繼節點的特殊( dis- )資格,是由目錄機構分配並在目錄協議規範中進一步定義。 ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))

426
i18n/zh-Hant/android.md Normal file
View File

@@ -0,0 +1,426 @@
---
title: "Android"
icon: 'simple/android'
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Android Operating Systems
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Android
image: /assets/img/android/android.svg
url: https://source.android.com/
sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-
"@context": http://schema.org
"@type": CreativeWork
name: GrapheneOS
image: /assets/img/android/grapheneos.svg
url: https://grapheneos.org/
sameAs: https://en.wikipedia.org/wiki/GrapheneOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Divest
image: /assets/img/android/divestos.svg
url: https://divestos.org/
sameAs: https://en.wikipedia.org/wiki/DivestOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": Product
name: Pixel
brand:
"@type": Brand
name: Google
image: /assets/img/android/google-pixel.png
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
review:
"@type": Review
author:
"@type": Organization
name: Privacy Guides
-
"@context": http://schema.org
"@type": MobileApplication
name: Shelter
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Auditor
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure Camera
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure PDF Viewer
applicationCategory: Utilities
operatingSystem: Android
---
![Android logo](assets/img/android/android.svg){ align=right }
The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features.
[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage }
[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" }
These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android:
[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button}
[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button}
## AOSP Derivatives
We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems.
!!! 備註
End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software.
### GrapheneOS
!!! recommendation
![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right }
![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right }
**GrapheneOS** is the best choice when it comes to privacy and security.
GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported.
[:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice.
Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support).
### DivestOS
!!! recommendation
![DivestOS logo](assets/img/android/divestos.svg){ align=right }
**DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/).
DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
[:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute }
DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply.
!!! 警告
DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative.
Not all of the supported devices have verified boot, and some perform it better than others.
## Android Devices
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution.
Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner.
A few more tips regarding Android devices and operating system compatibility:
- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer.
- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with.
- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details!
### Google Pixel
Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element.
!!! recommendation
![Google Pixel 6](assets/img/android/google-pixel.png){ align=right }
**Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems.
Beginning with the **Pixel 6** and **6 Pro**, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer.
[:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary }
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company.
A few more tips for purchasing a Google Pixel:
- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock.
- Consider price beating options and specials offered at physical stores.
- Look at online community bargain sites in your country. These can alert you to good sales.
- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day.
## General Apps
We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality.
### Shelter
!!! recommendation
![Shelter logo](assets/img/android/shelter.svg){ align=right }
**Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device.
Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)).
[:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter)
!!! 警告
Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html).
When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile.
### Auditor
!!! recommendation
![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right }
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently, it only works with GrapheneOS and the device's stock operating system.
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
Auditor performs attestation and intrusion detection by:
- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*.
- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
- The *auditor* records the current state and configuration of the *auditee*.
- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations.
- You will be alerted to the change.
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection.
### Secure Camera
!!! recommendation
![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right }
![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right }
**Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices.
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary }
[:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
Main privacy features include:
- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default)
- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required
- Microphone permission not required unless you want to record sound
!!! 備註
Metadata is not currently deleted from video files but that is planned.
The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser).
### Secure PDF Viewer
!!! recommendation
![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right }
![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right }
**Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files.
[Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content.
[:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" }
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
## Obtaining Applications
### GrapheneOS App Store
GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to.
### Aurora Store
The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store.
!!! recommendation
![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right }
**Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps.
[:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" }
??? downloads
- [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases)
Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device.
### Manually with RSS Notifications
For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases.
![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark)
#### GitHub
On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL:
`https://github.com/GrapheneOS/Camera/releases.atom`
#### GitLab
On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL:
`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom`
#### Verifying APK Fingerprints
If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools).
1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/).
2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools).
3. Extract the downloaded archive:
```bash
unzip commandlinetools-*.zip
cd cmdline-tools
./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3"
```
4. Run the signature verification command:
```bash
./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk
```
5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website.
```bash
Signer #1 certificate DN: CN=GrapheneOS
Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59
Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c
Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3
```
### F-Droid
![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px }
==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages.
Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust.
Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method.
!!! 備註
In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it.
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### Operating Systems
- 必須是開源軟體。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.
- Must receive regular security patches within 0-5 days of release.
- Must **not** be "rooted" out of the box.
- Must **not** enable Google Play Services by default.
- Must **not** require system modification to support Google Play Services.
### Devices
- Must support at least one of our recommended custom operating systems.
- Must be currently sold new in stores.
- Must receive a minimum of 5 years of security updates.
- Must have dedicated secure element hardware.
### Applications
- Applications on this page must not be applicable to any other software category on the site.
- General applications should extend or replace core system functionality.
- Applications should receive regular updates and maintenance.

BIN
i18n/zh-Hant/assets/img/account-deletion/exposed_passwords.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

BIN
i18n/zh-Hant/assets/img/android/rss-apk-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
i18n/zh-Hant/assets/img/android/rss-apk-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
i18n/zh-Hant/assets/img/android/rss-changes-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 96 KiB

BIN
i18n/zh-Hant/assets/img/android/rss-changes-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

131
i18n/zh-Hant/assets/img/how-tor-works/tor-encryption-dark.svg Normal file
View File

@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1600" height="1100" version="1.1" viewBox="0 0 423.33 291.04">
<g transform="translate(-27.597 12.24)">
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.16 40.67 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.16 40.67 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.17 191.2 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.17 191.2 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<g transform="translate(1.454e-4,7.6627)" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" letter-spacing="0px" stroke-width=".43334" word-spacing="0px">
<text transform="scale(.96575 1.0355)" x="42.045822" y="83.470764" style="line-height:125%" xml:space="preserve">
<tspan x="42.045822" y="83.470764">
<tspan x="42.045822" y="83.470764" fill="#ffffff" stroke-width=".43334">Your</tspan>
</tspan>
<tspan x="42.045822" y="96.437141">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="68.014885" y="6.9863148" style="line-height:125%" xml:space="preserve">
<tspan x="68.014885" y="6.9863148" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Sending data to a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="78.399231" y="152.36726" style="line-height:125%" xml:space="preserve">
<tspan x="78.399231" y="152.36726" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Receiving data from a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="42.06218" y="230.09454" style="line-height:125%" xml:space="preserve">
<tspan x="42.06218" y="230.09454">
<tspan x="42.06218" y="230.09454" fill="#ffffff" stroke-width=".43334">Your<tspan fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334"/></tspan>
</tspan>
<tspan x="42.06218" y="243.06091">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="230.25807" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="223.78017" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="223.78017" y="230.25807" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.03897" y="230.24173" style="line-height:125%" xml:space="preserve">
<tspan x="312.03897" y="230.24173" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="363.96078" y="228.85168" style="line-height:125%" xml:space="preserve">
<tspan x="363.96078" y="228.85168" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="369.14478" y="83.850639" style="line-height:125%" xml:space="preserve">
<tspan x="369.14478" y="83.850639" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="85.257019" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="226.64198" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="226.64198" y="85.257019" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.49686" y="85.077118" style="line-height:125%" xml:space="preserve">
<tspan x="312.49686" y="85.077118" fill="#ffffff" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
</g>
<g transform="translate(1.454e-4,7.6627)" fill="#fff" fill-rule="evenodd">
<path d="m61.737 44.199v-0.88053h74.686v0.88053z"/>
<path d="m136.03 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m162.02 44.199v-0.88053h54.629v0.88053z"/>
<path d="m216.26 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m242.25 44.199v-0.88053h54.629v0.88053z"/>
<path d="m296.49 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m322.48 44.199v-0.88053h54.629v0.88053z"/>
<path d="m376.72 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m382.65 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m328.42 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m302.43 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m248.19 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m222.2 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m167.96 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m141.97 193.86v0.88052h-74.686v-0.88052z"/>
<path d="m67.675 197.48-5.9382-3.1834 5.9382-3.1835z"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

131
i18n/zh-Hant/assets/img/how-tor-works/tor-encryption.svg Normal file
View File

@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1600" height="1100" version="1.1" viewBox="0 0 423.33 291.04">
<g transform="translate(-27.597 12.24)">
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 62.175h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 78.278h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m111.88 228.81h-30.086v-53.763h60.172v53.763h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m111.88 218.06h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m111.88 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258z" fill="#55308d" fill-rule="evenodd"/>
<path d="m192.11 67.526h-30.086v-32.258h60.172v32.258h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m192.11 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 56.773h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m272.34 207.31h-30.086v-10.753h60.172v10.753h-30.086" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m51.708 212.71h-10.029v-21.505h20.057v21.505h-10.029" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.01 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88441-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.25 51.439c0 1.8796-0.458 3.7423-1.3424 5.3679-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9455 1.5162-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.88442 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.47 51.439c0 1.8796-0.45802 3.7423-1.3424 5.3679-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.532 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49106-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.8844-1.6256-1.3424-3.4883-1.3424-5.3679 0-1.8965 0.45802-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9455 1.5161-0.94826 3.2534-1.4393 5.0064-1.4393s3.4903 0.49107 5.0222 1.4393c1.5162 0.94827 2.7796 2.3029 3.664 3.9455 0.8844 1.6256 1.3424 3.4883 1.3424 5.3679v0.0169" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m162.02 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.532-0.94826-2.7954-2.3029-3.6798-3.9455-0.88441-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45801-3.7592 1.3424-5.3848 0.88443-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88441 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#55308d" fill-rule="evenodd"/>
<path d="m242.24 201.97c0 1.8796-0.45801 3.7422-1.3424 5.3678-0.88442 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88442-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.458-3.7592 1.3424-5.3848 0.88442-1.6425 2.1479-2.9972 3.6798-3.9454 1.5162-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5162 0.94826 2.7796 2.3029 3.664 3.9454 0.88442 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m322.48 201.97c0 1.8796-0.45802 3.7422-1.3424 5.3678-0.88443 1.6425-2.1479 2.9972-3.664 3.9455-1.5319 0.94826-3.2692 1.4393-5.0222 1.4393s-3.4903-0.49107-5.0064-1.4393c-1.5319-0.94826-2.7954-2.3029-3.6798-3.9455-0.88443-1.6256-1.3424-3.4882-1.3424-5.3678 0-1.8965 0.45799-3.7592 1.3424-5.3848 0.8844-1.6425 2.1479-2.9972 3.6798-3.9454 1.5161-0.94827 3.2534-1.4393 5.0064-1.4393s3.4903 0.49106 5.0222 1.4393c1.5161 0.94826 2.7796 2.3029 3.664 3.9454 0.8844 1.6256 1.3424 3.4883 1.3424 5.3848" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.16 40.67 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.16 40.67 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<path d="m390.17 191.2 12.54 21.522h-25.08z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m390.17 191.2 12.54 21.522h-25.08l12.54-21.522" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".016353px"/>
<g transform="translate(1.454e-4,7.6627)" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" letter-spacing="0px" stroke-width=".43334" word-spacing="0px">
<text transform="scale(.96575 1.0355)" x="42.045822" y="83.470764" style="line-height:125%" xml:space="preserve">
<tspan x="42.045822" y="83.470764">
<tspan x="42.045822" y="83.470764" stroke-width=".43334">Your</tspan>
</tspan>
<tspan x="42.045822" y="96.437141">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="68.014885" y="6.9863148" style="line-height:125%" xml:space="preserve">
<tspan x="68.014885" y="6.9863148" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Sending data to a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="78.399231" y="152.36726" style="line-height:125%" xml:space="preserve">
<tspan x="78.399231" y="152.36726" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Receiving data from a website</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="42.06218" y="230.09454" style="line-height:125%" xml:space="preserve">
<tspan x="42.06218" y="230.09454">
<tspan x="42.06218" y="230.09454" stroke-width=".43334">Your<tspan fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334"/></tspan>
</tspan>
<tspan x="42.06218" y="243.06091">Device</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="230.25807" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="223.78017" y="230.25807" style="line-height:125%" xml:space="preserve">
<tspan x="223.78017" y="230.25807" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.03897" y="230.24173" style="line-height:125%" xml:space="preserve">
<tspan x="312.03897" y="230.24173" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="363.96078" y="228.85168" style="line-height:125%" xml:space="preserve">
<tspan x="363.96078" y="228.85168" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="369.14478" y="83.850639" style="line-height:125%" xml:space="preserve">
<tspan x="369.14478" y="83.850639" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">PrivacyGuides.org</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="145.88936" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="145.88936" y="85.257019" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="226.64198" y="85.257019" style="line-height:125%" xml:space="preserve">
<tspan x="226.64198" y="85.257019" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96575 1.0355)" x="312.49686" y="85.077118" style="line-height:125%" xml:space="preserve">
<tspan x="312.49686" y="85.077118" stroke-width=".43334">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="10.373px" font-weight="400" stroke-width=".43334">Exit</tspan>
</tspan>
</text>
</g>
<g transform="translate(1.454e-4,7.6627)" fill-rule="evenodd">
<path d="m61.737 44.199v-0.88053h74.686v0.88053z"/>
<path d="m136.03 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m162.02 44.199v-0.88053h54.629v0.88053z"/>
<path d="m216.26 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m242.25 44.199v-0.88053h54.629v0.88053z"/>
<path d="m296.49 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m322.48 44.199v-0.88053h54.629v0.88053z"/>
<path d="m376.72 40.576 5.9382 3.1835-5.9382 3.1835z"/>
<path d="m382.65 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m328.42 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m302.43 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m248.19 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m222.2 193.86v0.88052h-54.629v-0.88052z"/>
<path d="m167.96 197.48-5.9382-3.1834 5.9382-3.1835z"/>
<path d="m141.97 193.86v0.88052h-74.686v-0.88052z"/>
<path d="m67.675 197.48-5.9382-3.1834 5.9382-3.1835z"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

79
i18n/zh-Hant/assets/img/how-tor-works/tor-path-dark.svg Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1530" height="850" version="1.1" viewBox="0 0 404.81 224.9">
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788h-20.41" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 24.896c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 24.862c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941v0" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 24.919c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 24.885c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 114.54c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 116.1c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 114.54c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 116.1c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m354.66 86.912 24.741 46.225h-49.46z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m354.66 86.912 24.741 46.225h-49.46l24.719-46.225" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<g fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" letter-spacing="0px" stroke-width=".58923" word-spacing="0px">
<text transform="scale(.96579 1.0354)" x="23.469173" y="145.54295" style="line-height:125%" xml:space="preserve">
<tspan x="23.469173" y="145.54295">Your</tspan>
<tspan x="23.469173" y="163.17372">Device</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="94.823898" y="62.191856" style="line-height:125%" xml:space="preserve">
<tspan x="94.823898" y="62.191856" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="174.41086" y="148.45462" style="line-height:125%" xml:space="preserve">
<tspan x="174.41086" y="148.45462" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="264.44427" y="60.726738" style="line-height:125%" xml:space="preserve">
<tspan x="264.44427" y="60.726738" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="300.70557" y="145.66537" style="line-height:125%" xml:space="preserve">
<tspan x="300.70557" y="145.66537" fill="#ffffff" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#ffffff" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">PrivacyGuides.org</tspan>
</tspan>
</text>
</g>
<g transform="matrix(1,0,0,-1,78.4,132.26)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(158.59,1.3477)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,245.51,139.58)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(-3.4347 -1.3434)" fill="#fff">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

225
i18n/zh-Hant/assets/img/how-tor-works/tor-path-hidden-service-dark.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(97,107,243);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(218,85,92);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

225
i18n/zh-Hant/assets/img/how-tor-works/tor-path-hidden-service.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(62,44,177);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(208,26,36);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

79
i18n/zh-Hant/assets/img/how-tor-works/tor-path.svg Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" width="1530" height="850" version="1.1" viewBox="0 0 404.81 224.9">
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m43.472 137.96h-20.432v-43.788h40.842v43.788h-20.41" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 24.896c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 24.862c0 3.8387-0.94333 7.6314-2.7442 10.964-1.7795 3.31-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6892-7.4823-7.9991-1.8009-3.333-2.7442-7.1257-2.7442-10.964 0-3.8387 0.94333-7.6314 2.7442-10.941 1.7795-3.333 4.3736-6.1143 7.4609-8.0221 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6892 7.4823 8.0221 1.8009 3.31 2.7442 7.1027 2.7442 10.941v0" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 24.919c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 24.885c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 24.908c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 114.54c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 116.1c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 114.54c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 116.1c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 114.54c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9991-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9991-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9991 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#81d41a" fill-rule="evenodd"/>
<path d="m127.51 200.04c0 3.8387-0.94333 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7795-3.333 4.3736-6.0913 7.4609-7.9991 3.1087-1.9308 6.6462-2.9422 10.227-2.9422 3.5804 0 7.1178 1.0114 10.205 2.9422 3.1087 1.9078 5.7028 4.6662 7.4823 7.9991 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#800080" fill-rule="evenodd"/>
<path d="m209.2 200.06c0 3.8387-0.94332 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6462 2.9422-10.227 2.9422-3.5804 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964z" fill="#ff8000" fill-rule="evenodd"/>
<path d="m290.88 200.06c0 3.8387-0.94331 7.6084-2.7442 10.941-1.7795 3.333-4.3736 6.0913-7.4609 7.9992-3.1087 1.9308-6.6461 2.9422-10.227 2.9422-3.5803 0-7.1178-1.0114-10.205-2.9422-3.1087-1.9078-5.7028-4.6662-7.4823-7.9992-1.8009-3.333-2.7442-7.1027-2.7442-10.941 0-3.8617 0.94333-7.6314 2.7442-10.964 1.7794-3.333 4.3736-6.0913 7.4823-7.9992 3.0872-1.9308 6.6247-2.9422 10.205-2.9422 3.5804 0 7.1178 1.0114 10.227 2.9422 3.0873 1.9078 5.6814 4.6662 7.4609 7.9992 1.8009 3.333 2.7442 7.1027 2.7442 10.964" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<path d="m354.66 86.912 24.741 46.225h-49.46z" fill="#729fcf" fill-rule="evenodd"/>
<path d="m354.66 86.912 24.741 46.225h-49.46l24.719-46.225" fill="none" stroke="#3465a4" stroke-linecap="round" stroke-linejoin="round" stroke-width=".022199px"/>
<g font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" letter-spacing="0px" stroke-width=".58923" word-spacing="0px">
<text transform="scale(.96579 1.0354)" x="23.469173" y="145.54295" style="line-height:125%" xml:space="preserve">
<tspan x="23.469173" y="145.54295">Your</tspan>
<tspan x="23.469173" y="163.17372">Device</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="94.823898" y="62.191856" style="line-height:125%" xml:space="preserve">
<tspan x="94.823898" y="62.191856" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Entry</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="174.41086" y="148.45462" style="line-height:125%" xml:space="preserve">
<tspan x="174.41086" y="148.45462" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Middle</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="264.44427" y="60.726738" style="line-height:125%" xml:space="preserve">
<tspan x="264.44427" y="60.726738" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">Exit</tspan>
</tspan>
</text>
<text transform="scale(.96579 1.0354)" x="300.70557" y="145.66537" style="line-height:125%" xml:space="preserve">
<tspan x="300.70557" y="145.66537" fill="#000000" stroke-width=".58923">
<tspan dx="0" dy="0" fill="#000000" font-family="'Liberation Sans'" font-size="14.105px" font-weight="400" stroke-width=".58923">PrivacyGuides.org</tspan>
</tspan>
</text>
</g>
<g transform="matrix(1,0,0,-1,78.4,132.26)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(158.59,1.3477)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,245.51,139.58)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
<g transform="translate(-3.4347 -1.3434)">
<path d="m87.371 43.93-36.295 48.232 1.0273 0.77344 36.295-48.232z" color="#000000" style="-inkscape-stroke:none"/>
<g fill-rule="evenodd">
<path d="m90.114 41.352-0.77515 6.3758-5.1366-3.8653z" color="#000000" stroke-width=".64285pt" style="-inkscape-stroke:none"/>
<path d="m90.629 40.668-0.68164 0.28906-6.5957 2.8008 6.3242 4.7598zm-1.0293 1.3672-0.5957 4.9023-3.9492-2.9707z" color="#000000" style="-inkscape-stroke:none"/>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
i18n/zh-Hant/assets/img/multi-factor-authentication/fido.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 130 KiB

BIN
i18n/zh-Hant/assets/img/multi-factor-authentication/yubico-otp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 115 KiB

BIN
i18n/zh-Hant/assets/img/qubes/qubes-trust-level-architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
i18n/zh-Hant/assets/img/qubes/r4.0-xfce-three-domains-at-work.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

81
i18n/zh-Hant/basics/account-creation.md Normal file
View File

@@ -0,0 +1,81 @@
---
title: "帳號創建"
icon: 'material/account-plus'
description: 創建帳戶為實際連線網際網路所必要,請採取下列步驟確保您的線上隱私。
---
人們經常不假思索地註冊網路服務。 這些帳號也許是一個串流媒體服務可觀看人人都在談論的新節目,或是取得喜歡的快餐店折扣。 無論在什麼樣的場景,您都應該考慮現在和以後對個資的影響。
在新的服務申請帳號時,都伴著相關風險。 資料洩露;向第三方披露客戶資訊、員工有不當的權限可以訪問所有資料,在給出您的個資時都必須考慮的接下來可能的狀況。 您需要確信足夠信任該服務,這就是為什麼我們建議把重要資料儲放在最成熟且通過測試的產品。 這通常意味著提供 E2EE 並經過加密審計的服務。 審計增加了產品設計的保證,減低因開發人員缺乏經驗所導致的安全問題。
某些網路服務並不容易刪除帳號 有時可能會 [覆寫與帳戶相關聯的資料](account-deletion.md#overwriting-account-information) ,但在其他情況下,該服務將保留帳戶變更的完整記錄。
## 服務條款 & 隱私權政策
服務條款是您在使用服務時同意遵守的規則。 隨著更大的服務,這些規則通常由自動化系統強制執行。 有時這些自動化系統可能會出錯。 例如,您的帳號可能會因為使用 VPN 或 VOIP 號碼而被禁止或無法使用某些服務。 對這種禁令提出上訴通常很困難,而且通常都由系統自動處理而不是人工審核,造成了上訴的困難度。 這也是我們不建議使用 Gmail 作為電子郵件的原因之一。 電子郵件對於訪問您已註冊的其他服務至關重要。
隱私權政策是該服務表示他們將如何使用您的數據,因此值得閱讀,以便您了解如何使用您的數據。 公司或組織可能沒有法律義務遵守政策中包含的所有內容(取決於司法管轄區)。 我們建議您了解當地法律以及這些法律允許供應商收集哪些資訊。
我們建議您尋找特定的術語例如「資料收集」、「資料分析」、「Cookie」、「廣告」或「第三方」服務。 有時您可以選擇退出資料收集或拒絕分享資料,但最好從一開始就選擇尊重您隱私權的服務。
請記住,您把信任託付給該公司或組織,冀望其真的遵守自己的隱私政策。
## 身份驗證方式
通常有多種註冊帳戶的方式,每種都有各自的好處和缺點。
### 電子郵件和密碼
建立新帳戶的最常見方式是使用電子郵件地址和密碼。 使用此方法時,您應該使用密碼管理器,並遵循 [關於密碼的最佳做法](passwords-overview.md) 。
!!! 提示
您也可以使用密碼管理器組織其他驗證方式! 只需新增條目並填寫適當的欄位,即可新增安全問題或備份金鑰等事項的備註。
您自己負責管理您的登入憑證。 為了增加安全性,您可以在帳戶上設置 [MFA](multi-factor-authentication.md) 。
[推薦密碼管理員](../passwords.md ""){.md-button}
#### 電子郵件別名
如果您不想將您的真實電子郵件地址提供給服務,您可以選擇使用別名。 我們在電子郵件服務推薦頁面上更詳細地描述了它們。 基本上,別名服務允許您生成新的電子郵件地址,將所有電子郵件轉發到您的主地址。 這可以幫助防止跨服務跟蹤,並幫助您管理有時會隨註冊過程而來的營銷電子郵件。 這些可以根據它們被發送到的別名自動過濾。
如果服務遭到黑客攻擊,您用於註冊的電子郵件可能會收到網絡釣魚或垃圾郵件。 為每個服務使用獨特的別名可以幫助確定哪些服務被駭。
[推薦的電子郵件別名服務](../email.md#email-aliasing-services ""){.md-button}
### 單一登入Single Sign-On
!!! 備註
我們討論的是個人使用的單一登入,而不是企業用戶。
單一登入(SSO) 是一種驗證方法,允許您註冊服務,而無需共享太多信息(如果有的話)。 每當您在註冊表單上看到類似「使用 *提供商名稱*登入」時,它就是 SSO。
當您在網站中選擇單一登入(Single sign-on )時,它將提示您的 SSO 提供商登入頁面,之後您的帳戶將被連接。 我們不會分享你的密碼,但會分享一些基本資訊(你可以在登入申請期間查看)。 每次您想要登入同一個帳戶時,都需要進行此程序。
主要優勢是:
- **安全性**:沒有涉及 [資料外洩](https://en.wikipedia.org/wiki/Data_breach) 的風險,因為網站沒有儲存您的憑證。
- **易用性**:多個帳戶由單一登入管理。
但也有一些缺陷:
- **隱私權** SSO供應商將知道您使用的服務。
- **集中化**如果您的SSO帳戶遭到入侵或您無法登錄則與其相關的所有其他帳戶都會受到影響。
SSO在您可以從服務之間更深入的整合中受益的情況下尤其有用。 例如其中一個服務可能為其他服務提供SSO。 我們建議將SSO限制在您需要的地方並以 [MFA](multi-factor-authentication.md)保護主帳戶。
所有使用 SSO 的服務將與您的 SSO 帳戶一樣安全。 例如如果您想使用硬件密鑰來保護帳戶但該服務不支持硬件密鑰您可以使用硬件密鑰來保護您的SSO帳戶現在您的所有帳戶上基本上都有硬件MFA。 需要注意的是, 如果你 SSO 帳戶本身的安全性很弱,意味著與該登錄綁定的任何帳戶的安全性也會很弱。
### 電話號碼
我們建議您避免使用需要電話號碼才能註冊的服務。 電話號碼可以在多個服務中識別您的身份,並且根據數據共享協議,這將使您的使用更容易跟蹤,特別是當其中一個服務被洩漏時,因為電話號碼通常是 **不是** 加密的。
如果可以的話,你應該避免透露你的真實電話號碼。 某些服務將允許使用 VOIP 號碼,但這些通常會觸發欺詐偵測系統,導致帳戶被鎖定,因此我們不建議重要帳戶使用此系統。
在許多情況下,您需要提供可以接收短信或電話的號碼,特別是在國際購物時,以防您在邊境審查時的訂單出現問題。 服務通常會使用您的號碼作為驗證方式;不要自作聰明使用假的電話號碼,最後讓自己重要的帳戶被鎖定!
### 使用者名稱與密碼
某些服務允許您在不使用電子郵件地址的情況下註冊,並且只需要您設置用戶名稱和密碼。 當與 VPN 或 Tor 結合時,這些服務可能會提供更高的匿名性。 請記住,對於這類型的帳號,如果你忘記了你的用戶名或密碼,很可能會有**沒有辦法恢復你的帳號**。

62
i18n/zh-Hant/basics/account-deletion.md Normal file
View File

@@ -0,0 +1,62 @@
---
title: "刪除帳戶"
icon: 'material/account-remove'
description: 一般人很容易累積大量的網路服務帳戶,這裏有一些如何順理這些資料的小訣竅。
---
隨著時間的推移,一般人很容易地積累一些網路帳戶,但可能其中有不少早已不再使用。 刪除這些未使用的帳戶是收回隱私的重要一步,因為休眠帳戶容易受到數據洩露的影響。 資料外洩是指服務的安全性受到破壞,受保護的資訊被未經授權的行為者檢視、傳輸或竊取。 不幸的是近來資料外洩事件 [已見怪不怪](https://haveibeenpwned.com/PwnedWebsites) ,保持良好的數位清潔才能減輕資料外洩對個人生活的衝擊。 本指南的目標是幫助您通過令人討厭的帳戶刪除過程----通常由 [欺騙性設計](https://www.deceptive.design/)讓刪除困難,以改善您的網路現身。
## 查找舊帳戶
### 密碼管理器。
如果您使用一個貫穿整個數位生活的密碼管理器,這部分將非常容易。 通常,它們包括內置功能,用於檢測您的憑證是否在資料洩露中暴露-例如Bitwarden的 [資料洩露報告](https://bitwarden.com/blog/have-you-been-pwned/)。
<figure markdown>
![Bitwarden's 資料外洩報告特色](../assets/img/account-deletion/exposed_passwords.png)
</figure>
即使您之前沒有明確使用過密碼管理器,但可能在無意中早已透過瀏覽器或手機中使用了密碼管理器。 例如: [Firefox 密碼管理器](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins)、 [Google 密碼管理器](https://passwords.google.com/intro) 和 [Edge 密碼管理器](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)。
桌面平臺通常還有一個密碼管理器,可以幫助您恢復忘記的密碼:
- Windows [憑證管理器r](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
- macOS [密碼](https://support.apple.com/en-us/HT211145)
- iOS [密碼](https://support.apple.com/en-us/HT211146)
- Linux Gnome Keyring ,可以通過 [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) 或 [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)訪問
### 電子郵件
如果您過去沒有使用密碼管理員,或者您認為您的帳戶從未被添加到密碼管理員,另一個選項是搜索您認為已註冊的電子郵件帳戶。 在電子郵件用戶端上,搜尋「驗證」或「歡迎」等關鍵字。 幾乎每次你建立線上帳戶時,該服務都會向你的電子郵件發送驗證連結或介紹訊息。 這可能是找到舊的,被遺忘的帳戶的好方法。
## 刪除舊帳戶
### 登入
若要刪除舊帳戶,您必須先確認能夠登入帳戶。 同樣,如果帳戶在您的密碼管理員中,則此步驟很簡單。 如果沒有,你可以試著猜測你的密碼。 否則,通常有選項可以重新訪問您的帳戶,通常可以通過登錄頁面的「忘記密碼」鏈接來獲得。 您放棄的帳戶也可能已被刪除:有時服務會自動刪除所有舊帳戶。
嘗試重新取得存取權時,如果網站傳回錯誤訊息,表示電子郵件未與帳戶關聯,或在多次嘗試後您從未收到重設連結,則您沒有該電子郵件地址下的帳戶,應嘗試其他帳戶。 如果您無法確定使用了哪個電子郵件地址,或者您無法再存取該電子郵件,您可以嘗試聯絡該服務的客戶支援。 不幸的是,我們無法保證您能夠恢復訪問您的帳戶。
### GDPR (僅限歐洲經濟區居民)
歐盟居民在資料刪除上享有額外權利,其詳見於 GDPR [第 17 條](https://www.gdpr.org/regulation/article-17.html)規定。 如果適用於您,請閱讀任何特定服務的隱私權政策,以查找有關如何行使刪除權利的資訊。 閱讀隱私政策可能很重要,因為某些服務的「刪除帳戶」選項,實際上只是停用您的帳戶,若要真正刪除,您必須採取額外行動。 有時,刪除過程中可能需填寫調查、向服務商的資料保護人員發送電子郵件,甚至提出您為歐盟居民的證明。 如果您打算這樣做,請 **不要** 覆寫帳戶資訊-可能需要歐盟居民身份。 請注意,服務的位置並不重要; GDPR 適用於為歐盟用戶服務的任何人。 若服務商不願尊重您請求刪除的權利,可聯絡所在國的[官方資料保護機關](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en),您可能有權請求金錢賠償。
### 覆寫帳戶資訊
在某些情況下,可以採用虛假資料來覆蓋帳戶的信息。 當您登入後,請將帳戶中的所有資訊變更為偽造資訊。 原因是許多網站甚至在帳戶刪除後仍會保留您之前擁有的資訊。 希望他們會用你輸入的最新數據覆蓋之前的信息。 但是,無法保證不會有先前信息的備份。
對於帳戶電子郵件,請通過您選擇的提供商創建新的替代電子郵件帳戶,或使用 [電子郵件別名服務](../email.md#email-aliasing-services)創建別名。 完成後,您可以刪除替代電子郵件地址。 我們建議您不要使用臨時電子郵件提供商,因為通常可以重新啟用臨時電子郵件。
### 刪除帳戶
您可以檢查 [JustDeleteMe](https://justdeleteme. xyz) 以獲取有關刪除特定服務帳戶的指示。 有些網站會慷慨地提供「刪除帳戶」選項,而其他網站則會強迫您與支援人員交談。 刪除過程可能因網站而異,有些網站無法刪除帳戶。
對於不允許帳戶刪除的服務,最好的做法是偽造前面提到的所有信息,並加強帳戶安全性。 爲此,啓用 [MFA](multi-factor-authentication.md) 和提供的任何額外安全功能。 此外,請將密碼更改為隨機生成的最大允許大小的密碼( [密碼管理器](../passwords.md) 對此很有用)。
如果您確信您關心的所有資訊都已被刪除,您可以放心地忘記此帳戶。 如果沒有,最好將憑證與其他密碼一起儲存,並偶爾重新登錄以重設密碼。
即使您能夠刪除帳戶,也無法保證您的所有信息都將被刪除。 事實上,法律要求一些公司保留某些信息,特別是與金融交易有關的信息。 當涉及到網站和雲端服務時,您的數據會發生什麼事情,這在很大程度上是您無法控制的。
## 避免註冊新帳戶
俗話說:「預防更勝治療。」 每當你覺得想要註冊一個新帳戶時,問問自己:「我真的需要註冊這個嗎? 有不需要註冊的替代方案嗎?」 刪除一個帳戶通常比創建一個帳戶要困難得多。 即使刪除或更改帳戶上的資訊,也可能有來自第三方的緩存版本,例如 [Internet Archive](https://archive.org/)。 如果可能的話,不要隨便註冊帳號-未來的你會感謝你現在的決定!

94
i18n/zh-Hant/basics/common-misconceptions.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: "常見的迷思"
icon: 'material/robot-confused'
description: 隱私並不是一個直覺的話題,它容易遭行銷話術與其它虛假訊息的綁架。
schema:
-
"@context": https://schema.org
"@type": FAQPage
mainEntity:
-
"@type": Question
name: 開源軟件本質上安全嗎?
acceptedAnswer:
"@type": Answer
text: |
源代碼是否可公開取得以及軟件本身的授權條件並不會影響其安全性。 開源軟件可能比商有軟件更安全,但這點並非絕對保證。 評估軟體時,應該根據個別情況來評估每個工具的聲譽和安全性。
-
"@type": Question
name: 將信任轉移到另一個提供商可以增加隱私嗎?
acceptedAnswer:
"@type": Answer
text: |
在討論 VPN 等解決方案時,我們經常談到「轉移信任」 (將您對 ISP 的信任轉移到 VPN 提供商)。 雖然這可以特別保護瀏覽數據免受 ISP 影響,但挑選的 VPN 提供商仍然可以訪問您的瀏覽數據:資料並非得到完全保護。
-
"@type": Question
name: 以隱私為中心的解決方案本質上可信賴嗎?
acceptedAnswer:
"@type": Answer
text: |
僅專注於單一工具或提供商的隱私政策和營銷可能會讓您忽視其弱點。 當您正在尋找更私密的解決方案時,您應該確定潛在的問題是什麼,並找到該問題的技術解決方案。 例如,您可能希望避免 Google 雲端硬碟,這會讓 Google 存取您的所有資料。 這種情況下潛在的問題是缺乏E2EE ,因此應確保切換的提供商有真地落實 E2EE ,或者使用雲端服務商提供的 E2EE 工具如Cryptomator )。 轉換到“以隱私為中心”的提供商(其不用 E2EE )不能解決您的問題:它只是將信任從 Google 轉移到該供應商。
-
"@type": Question
name: 我的威脅模型需要多複雜?
acceptedAnswer:
"@type": Answer
text: |
我們經常看到人們描述過於複雜的隱私威脅模型。 通常,這些解決方案包括許多不同的電子郵件帳戶或具有許多移動部件和條件的複雜設置等問題。 答案通常是“做 X 的最佳方式是什麼?”
為自己找到“最佳”解決方案並不一定意味著您正在尋找具有數十種條件的絕對解決方案-這些解決方案通常很難實際使用。 正如先前所討論的,安全性通常是以方便為代價。
---
## 「開源軟體永遠是安全的」或「商業軟體更安全」
這些迷思源於許多偏見,原始碼是否開放以及軟體的許可並不會以任何方式影響其安全性。 ==開源軟件 *可能* 比商業軟件更安全,但絕對不能保證這一點。==評估軟體時,您應該根據每個工具的聲譽和安全性進行評估。
開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非您真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 開放的發展過程有時會遭利用,甚至在大型專案中被引入新的漏洞。
另一方面,專有軟件不太透明,但這並不意味著它不安全。 主要的商用軟件專案會由內部和第三方機構進行審計,獨立的安全研究人員仍然可以通過逆向工程等技術發現漏洞。
避免決策上的偏見,這點在評估所使用軟體的隱私與安全標準上至關重要。
## 「信任的轉移可以增加隱私」
在討論 VPN 等解決方案時,我們經常談到「轉移信任」 (將您對 ISP 的信任轉移到 VPN 提供商)。 雖然這可以保護您的瀏覽資料免受 *特定* ISP 的侵害,但您選擇的 VPN 提供商仍然可以訪問您的瀏覽數據:您的資料並非完全受到各方的保護。 這意味著:
1. 把信任轉付給挑選的服務供應商時,您必須謹慎行事。
2. 您應該利用其它技巧,如 E2EE 來完全保護您的資料。 僅因個別供應商的信任與否,並不能確保資料的安全。
## 「以隱私為中心的解決方案本質上是值得信賴的」
僅專注於單一工具或提供商的隱私政策和營銷可能會讓您忽視其弱點。 當您正在尋找更私密的解決方案時,您應該確定潛在的問題是什麼,並找到該問題的技術解決方案。 例如,您可能希望避免 Google 雲端硬碟,這會讓 Google 存取您的所有資料。 這種情況的問題是缺乏 E2EE 因此您應該確保您轉換的供應商真正實現了E2EE ,或者使用可在任何雲提供商安裝 E2EE 的工具(如 [Cryptomator](../encryption.md#cryptomator-cloud))。 轉換到“以隱私為中心”的提供商(其不用 E2EE )不能解決您的問題:它只是將信任從 Google 轉移到該供應商。
您選擇的供應商的隱私政策和商業實踐非常重要,但應視為隱私技術保證的次要條件:當無須信任供應商時,您不必將信任轉移到另一個供應商。
## 「愈複雜愈好」
我們經常看到人們描述過於複雜的隱私威脅模型。 通常,這些解決方案包括許多不同的電子郵件帳戶或具有許多移動部件和條件的複雜設置等問題。 答案通常是“做 * X *的最佳方式是什麼?”
為自己找到“最佳”解決方案並不一定意味著您正在尋找具有數十種條件的絕對解決方案-這些解決方案通常很難實際使用。 正如先前所討論的,安全性通常是以方便為代價。 下面,我們提供一些訣竅:
1. == 行動需要達到特定的目的:== 想想如何用最少的行動做到想做的事。
2. ==移除人類的失敗點:== 人總會失敗、疲倦、忘記事情。 要保持安全性,請避免依賴大腦記憶的手動條件和流程。
3. = =使用您要想的適當保護等級。== 我們經常看到所謂的執法或傳票證明解決方案的建議。 這些通常需要專業知識,通常不是人們想要的。 建立一個複雜的匿名威脅模型是沒有意義的,如果您的行為容易地被一個簡單的監督去匿名化。
那麼,這看起來會怎麼樣?
最清晰的威胁模型之一是,部分人*,知道你是谁* ,而另一部分人不知道。 有些必須提出您的法定姓名的情況,但也有其他情況不需要提供全名。
1. **已知身份** - 已知身份是用于必須告之姓名的事務。 有許多法律文件和合同需要合法身份。 這可能包括開設銀行帳戶、簽署財產租賃、獲得護照、進口物品時的海關申報,或其他與政府打交道的方式。 這些東西通常會需要憑證,如信用卡,信用評級檢查,帳戶號碼,以及實際地址等。
我們不建議您使用 VPN 或 Tor 來處理這些事情,因為您的身份已經通過其他方式被對方知道。
!!! 訣竅
在網上購物時,使用[包裹儲物櫃] (https://zh.wikipedia.org/wiki/Parcel_locker)有助於保護您實際地址的私密性。
2. **未知身份** - 未知身份可能是您經常使用的穩定假名。 它已不算匿名了,因為不會變動。 如果您是線上社群的一員,您可能希望保留其他人知道的角色。 這個假名不是匿名的,因為如果監控時間足夠長,關於所有者的詳細信息可以透露更多信息,例如他們的寫作方式,他們對感興趣主題的一般知識等。
您可能希望使用 VPN 來隱藏您的 IP 地址。 金融交易更難掩蓋:您可以考慮使用匿名加密貨幣,例如 [Monero](https://www.getmonero.org/)。 採用山寨幣轉移也可能有助於偽裝您的貨幣來源。 通常情況下,交易所需要完成 KYC (了解您的客戶) ,然後才能將法定貨幣兌換為任何類型的加密貨幣。 線下操作也可能是一個解決方案;然而,這些往往更昂貴,有時也需要 KYC。
3. **匿名身份** - 即使有經驗的專家,也很難長時間保持一個帳號的匿名性。 它們應該是短期和短暫的身份,定期輪流。
使用 Tor 可以幫助我們做到這一點。 同樣值得注意的是,通過異步溝通可以實現更大的匿名性:實時溝通容易受到打字模式分析的影響(即不止一段文字,在論壇上分發,通過電子郵件等)。
[^1]: 一個值得注意的例子是 [發生在2021年明尼蘇達大學的研究人員在 Linux 內核開發項目中引入了三個漏洞](https://cse.umn.edu/cs/linux-incident).

148
i18n/zh-Hant/basics/common-threats.md Normal file
View File

@@ -0,0 +1,148 @@
---
title: "常見威脅"
icon: 'material/eye-outline'
description: 您的威脅模型雖說是個人的事,但它也是本站許多訪客關心的課題。
---
廣義來講,我們將建議歸類為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 您可能會在意各種可能性的組合,而選用的工具和服務則取決於您的目標何在。 您也可能有超出這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。
- <span class="pg-purple">:material-incognito: 匿名</span> -保護您的在線活動免受您真實身份影響,保護您防範某些企圖揭露 *您* 身份的侵害。
- <span class="pg-red">:material-target-account: 針對性的攻擊</span> -保護免受駭客或其他惡意行為者的攻擊,他們正試圖存取訪問 *您的* 資料或設備。
- <span class="pg-orange">:material-bug-outline: 被動攻擊</span> -保護免受惡意軟體、數據洩露和其他同時針對多人的攻擊。
- <span class="pg-teal">:material-server-network: 服務供應商</span> - 保護您的資料免受服務供應商侵害(例如,使用 E2EE ,使您保存在伺服器的資料無法被他人讀取)。
- <span class="pg-blue">:material-eye-outline: 大規模監控</span> -保護您免受政府機構、組織、網站和服務共同追蹤您的活動。
- <span class="pg-brown">:material-account-cash: 監控資本主義</span> - 保議自己不會被 Google Facebook 等大型網路廣告以及其它無數第三方資料收集者監控。
- <span class="pg-green">:material-account-search: 公開曝光</span> -限制搜尋引擎或一般大眾可在網路上找到有關您的資訊。
- <span class="pg-blue-gray">:material-close-outline: 審查</span> -避免資訊被封鎖或自己的網路發言時受到審查。
其中一些威脅對您來說可能比其他威脅更嚴重,這取決於您的具體問題。 例如,有權訪問有價值或重要資料的開發人員可能主要關注 <span class="pg-red">:material-target-account: 針對性攻擊</span>,但他們仍然希望保護自己的個資免受 <span class="pg-blue">:material-eye-outline: 大規模監控</span> 計劃的影響。 同樣,許多人主要關心其個人資料的 <span class="pg-green">:material-account-search: 公開曝光</span> ,但他們仍應該警惕聚焦安全的問題,例如 <span class="pg-orange">:material-bug-outline: 被動攻擊</span>-例如惡意軟件影響他們的設備。
## 匿名 vs. 隱私
<span class="pg-purple">:material-incognito: 匿名性</span>
匿名通常與隱私相混淆,但它們是不同的概念。 隱私是您對如何使用和共享資料所做出的一系列選擇,而匿名是將您的線上活動與真實身份完全分離。
舉例來說,揭密者和記者會需要一個更極端、要求完全匿名的威脅模型。 這不僅隱藏了他們所做的事情、擁有的資料,不會被惡意行為者或政府駭客入侵,而且還完全隱暪了他們的身份。 他們經常需犧牲任何形式的便利,以保護自身的匿名性,隱私或安全,因為很可能事關自己的性命。 大多數人都不需要那樣。
## 安全與隱私
<span class="pg-orange">:material-bug-outline: 被動攻擊</span>
安全性和隱私也經常被混淆,因為您需要安全性來獲得任何形式的隱私:使用的工具----即便設計私密----但若很容易地受到攻擊者造成資料外洩,一切就是白廢了。 然而,相反的情況並不一定成立:世界上最安全的服務 *不一定是* 私密。 最好的例子是信任把資料交給 Google因為它們規模龐大聘請業界領先的安全專家來保護其基礎設施幾乎沒有發生過安全事故。 儘管 Google 提供了非常安全的服務但很少有人會認為在Google 免費消費產品Gmail、YouTube 等)中的資料是私有的。
當涉及到應用程式安全性時,我們通常不知道(有時甚至無法)使用的軟體是否是惡意或者有一天它會變成惡意。 即使是最值得信賴的開發人員,也無法保證他們的軟體沒有嚴重的漏洞有一天會被利用。
減少惡意軟體*可能造成的破壞* ,最好能落實安全劃分方案。 例如,用不同電腦作不同的事、利用虛擬器來分組不同的相關應用程式,或者使用一個高集中的應用程式沙盒和強制訪問控制的安全操作系統。
!!! 提示
行動作業系統通常具有比桌面作業系統具備更好的應用程式沙盒:應用程式沒有根存取權限,且需要存取系統資源的權限。
桌面操作系統通常在適當的沙盒化上落後。 ChromeOS 具備與 Android 相似的沙盒功能, macOS 具有完整的系統權限控制(開發人員可以選擇為應用程式加入沙盒)。 然而,這些作業系統確實會將識別資料傳回給各自的原始設備製造商。 Linux 傾向於不對系統供應商提交資料,但它在漏洞和惡意應用程式的保護很差。 這可以通過專門的發行版來緩解,這些發行版大量使用虛擬器或容器,例如 [Qubes OS] ../../desktop/# qubes-os )。
<span class="pg-red">:material-target-account: 目標攻擊</span>
針對特定人士的針對性攻擊更難處理。 常見的攻擊包括通過電子郵件發送惡意文件、利用(瀏覽器和操作系統的)漏洞以及物理攻擊。 如果這是您擔心這點,應該採用更先進的威脅減輕策略。
!!! 提示
在設計上, * *網頁瀏覽器* *、* *電子郵件用戶端* *和* *辦公室應用程式* *常常運行第三方發送無法信任的代碼。 運行多個虛擬器-將這些應用程序與主機系統相互分開,此技術可減少系統遭到應用程序攻擊的機會。 例如, Qubes OS 或 Windows 上的 Microsoft Defender Application Guard 等技術提供了方便的作法。
若您特別擔心 **物理攻擊**,就應選用具安全驗證開機的作業系統,例如 Android, iOS, macOS, 或[Windows (帶 TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process)。 應確保您的驅動器是加密的,並且操作系統使用 TPM或 Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) 或 [Element](https://developers.google.com/android/security/android-ready-se) 來限制輸入加密密碼的嘗試率。 您應該避免與不信任的人共享您的電腦,因為大多數桌面作業系統不會單獨加密每個用戶的數據。
## 服務供應商的隱私權
<span class="pg-teal">:material-server-network: 服務提供商</span>
我們活在一個幾乎所有東西都連上網際網路的世界。 我們的「私人」訊息、電子郵件和社交互動通常儲存在伺服器的某個地方。 通常,當您向某人發送訊息時,它會儲存在伺服器上,當對方想要閱讀訊息時,伺服器會將其顯示給他們。
顯而易見的問題是,服務提供商(或破壞伺服器的黑客)可以隨時隨地訪問您的對話,而您永遠不會知道。 這適用在許多常見服務,如 SMS 簡訊、Teleram 和 Discord。
慶幸的是, E2EE 可以加密您與收件人之間的通信,甚至在訊息送到伺服器之前,緩解此問題。 假設服務提供商無法訪問任何一方的私鑰,您的訊息保密性得到保證。
!!! 備註 "Web 加密備註"
實際上,不同 E2EE 操作的效力各不相同。 應用程式,例如 [Signal](../real-time-communication.md#signal) ,會在您的裝置上原生執行,且此應用程式在不同設備的安裝上都是如此。 如果服務提供商在他們的應用程序中引入 [後門](https://zh.wikipedia.org/wiki/Backdoor_(computing) ----試圖竊取您的私鑰----它稍後可以通過[逆向工程] (https://zh.wikipedia.org/wiki/Reverse_engineering )檢測。
另一方面,執行網頁 E2EE例如 Proton Mail 的網頁郵件或Bitwarden 的* Web Vault * 依靠伺服器動態地向瀏覽器提供JavaScript 代碼來處理加密。 惡意伺服器可以針對您發送惡意 JavaScript 代碼以竊取您的加密密鑰(這將非常難以察覺)。 因為伺服器可以選擇為不同的人提供不同的網頁用戶端,即使您注意到攻擊也很難證明提供商有罪。
因此,您應該盡可能使用原生軟體程式多於網頁客戶端。
即便使用 E2EE ,服務商仍然可以對 **元數據**進行分析,這通常不受保護。 雖然服務提供商無法讀取您的訊息,但他們仍然可以觀察重要的事情,例如您正在與誰交談、傳送訊息的頻率以及使用活躍時段。 元數據的保護不多,如果它在您的 [威脅模型](threat-modeling.md)中,就應該密切注意使用軟體的技術文檔,看看元數據是否最小化或任何保護。
## 大規模監督計劃
<span class="pg-blue">:material-eye-outline: 大規模監測</span>
大規模監控是對全體 (或其中某一群特定)人群進行錯綜複雜的監視活動。[^1] 它通常是指政府項目,例如由[Edward Snowden 在 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))所揭露的內幕。 然而,它也可以由公司代表政府機構或由他們自己主動進行。
!!! 摘要"監控地圖集"
如果您想進一步了解監控方法及其在您所在城市的實施方式,您也可以查看[電子前鋒基金會 EFF] (https://www.eff.org/)的[監控地圖集] (https://atlasofsurveillance.org/)。
在法國,您可以看看非營利組織 La Quadrature du Net 維護的 [Technolopolice 網站] (https://technopolice.fr/villes/ )。
政府常認為大規模監控計劃是打擊恐怖主義和預防犯罪的必要手段。 然而,少數羣體和政治異見人士最常遭受不成比例地人權侵害。
!!! 美國自由民權聯盟 ACLU [*9/11 的隱私教訓:大規模監控不是前進的道路*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)
面對[愛德華·斯諾登( Edward Snowden )披露的 [PRISM] https://en.wikipedia.org/wiki/PRISM )和 [Upstream] https://en.wikipedia.org/wiki/Upstream_collection ]等政府計劃,情報官員承認,國家安全局多年來一直祕密地收集每個美國人電話的記錄—誰在打電話,何時打電話,以及通話時間多久。 當 NSA 日復一日地收集這類資訊時,就可以揭示人們生活相關聯的敏感細節,例如他們是否打電話給牧師、墮胎提供者、成癮顧問或自殺熱線。
儘管在美國有越來越多的大規模監控,政府卻發現像依 215 條採取的監控計畫在阻卻犯案與恐怖陰謀上沒有實用價值,它們幾乎只是重複著 FBI 所做的特定監控計畫而已。[^2]
在網上,您可以通過各種方法進行追蹤:
- 您的 IP 地址
- 瀏覽器 cookie
- 您提交到網站的資料
- 您的瀏覽器或裝置指紋
- 付款方式關聯
\ [此列表並非詳盡無缺]。
如果您擔心大規模監控計劃,您可以隨時隨地策略性避免提供識別個資,例如劃分您的網路身份,與其他用戶混合。
<span class="pg-brown">:material-account-cash: 監控資本主義</span>
> 監控資本主義的核心是獲取個人資料並將之商品化,以謀求最大利潤的經濟體系。[^3]
對於許多人來說,私人公司的追蹤和監視是一個越來越令人擔憂的問題。 無處不在的廣告網絡,例如 Google 和 Facebook 運營的廣告網絡,跨越網際網路遠超過他們控制的網站,在跟蹤您的行為。 使用內容攔截工具來限制對伺服器的請求、閱讀了解所用服務的隱私政策,都有助於避開許多基本對手 (雖然這不能完全防止跟蹤)。[^4]
此外,即使是 *AdTech* 或追蹤行業以外的公司,也可以與 [資料掮客](https://en.wikipedia.org/wiki/Information_broker) 如Cambridge Analytica、Experian 或 Datalogix )或其他方共享您的資料。 您無法自行假設您的資料是安全的,因為您使用的服務不屬於典型的 AdTech 或跟蹤商業模式。 對抗企業資料收集最好的保護是盡可能加密或混淆您的數據,讓不同的供應商難以將資料相互關聯去建立您的個人剖繪。
## 限制公共資訊
<span class="pg-green">:material-account-search: 公共曝露</span>
保持資料私密性的最佳方法是根本不要公開它。 刪除網路上有關您現已不用的資訊是恢復隱私的最佳第一步。
- [查看帳戶刪除指南 :material-arrow-right-drop-circle:](account-deletion.md)
對於您分享資訊的網站,檢查帳戶的隱私設定以限制資料傳播的範圍非常重要。 例如,如果提供選項,請在您的帳戶上啟用「私人模式」:這可確保您的帳戶不會被搜尋引擎編入索引,而且在未經您的許可下無法查看。
如果您已經將真實資訊提交給不應該擁有該資訊的網站,請考慮使用虛假策略,例如提交該網路身份的虛構資訊。 這使得您的真實資訊無法與虛假資訊作區分。
## 避免審查
<span class="pg-blue-gray">:material-close-outline: 審查</span>
網口審查包括由極權主義政府、網路管理員和服務提供商等所進行的行為(在不同程度上)。 這些試圖控制通訊與限縮資料取用的作為,往往不見容於意見自由的基本人權。[^5]
對企業平臺的審查越來越普遍如Twitter 和 Facebook 等平臺屈服於公眾需求、市場和政府機構的壓力。 政府對企業的施壓可能是隱蔽的,例如白宮私下 [要求拿掉](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) 某個勯動的 Youtube 影片,或是公開者如中國政府命令企業要遵循嚴厲的審查制度。
關注審查威脅的人可以使用像 [Tor](../advanced/tor-overview.md) 這樣的技術來規避它,並支持像 [Matrix](../real-time-communication.md#element)這樣的抗審查通信平臺,該平臺沒有可以任意關閉帳戶的集中帳戶權限。
!!! 提示
雖然很容易避掉審查,但隱藏您正在做的事可就沒那麼簡單了。
您應該考慮可讓對手觀察哪些網路行為,以及能否對這些行為有合理的否認說辭。 例如,使用[加密 DNS ] (../advanced/dns-overview.md#what-is-encrypted-dns)可以幫助您繞過對 DNS 基本審查系統,但它無法對 ISP 隱藏您正在訪問的內容。 VPN 或 Tor 有助於向網路管理員隱藏您正在訪問的內容,但無法隱藏您正在使用 VPN 或 Tor 。 可插拔傳輸(例如 Obfs4proxy、Meek 或 Shadowsocks 可以幫助您避開阻擋常見VPN 協議或 Tor 的防火牆,但仍然可以通過探測或[深度封包檢查] (https://en.wikipedia.org/wiki/Deep_packet_inspection)等方法檢測您嘗圖作的規避。
您必須考慮試圖繞過網路審查的風險、潛在的後果以及您的對手可能很經驗老道。 您應該謹慎選擇軟件,並制定備份計劃以防被抓住。
[^1]: 維基百科: [*大型監控*](https://en.wikipedia.org/wiki/Mass_surveillance) 與 [*監控*](https://en.wikipedia.org/wiki/Surveillance).
[^2]: 美國隱私和公民自由監督委員會: [*根據第 215 條進行的電話記錄計劃的報告*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^3]: 維基百科: [*監控資本主義*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^4]: “[枚舉壞處](https://www.ranum.com/security/computer_security/editorials/dumb/)” (或“列出所知的全部壞事” ),未能充分保護您免受新的和未知的威脅,因為許多廣告攔截程式和防病毒程式尚未被添加到過濾器列表。 您還應採用其他緩解技術。
[^5]: 聯合國: [*《世界人權宣言》*](https://www.un.org/en/about-us/universal-declaration-of-human-rights).

41
i18n/zh-Hant/basics/email-security.md Normal file
View File

@@ -0,0 +1,41 @@
---
title: 電子郵件安全
icon: material/email
description: 從許多方面來看電子郵件本質上是不安全的,這也是它並非安全通信首選的原因。
---
電子郵件本身即非安全的通訊形式。 您可以使用 OpenPGP 等工具提高電子郵件安全性,這些工具為您的消息添加端到端加密,但與其他消息傳遞應用程序中的加密相比, OpenPGP 仍然存在許多缺點,而且由於電子郵件的設計方式,某些電子郵件數據永遠不會加密。
因此,電子郵件最適合用於從您在線註冊的服務接收交易性電子郵件(如通知、驗證電子郵件、密碼重置等),而不是用於與他人溝通。
## 郵件是如何加密的
將 E2EE 添加到不同電子郵件提供商之間的電子郵件的標準方法是使用 OpenPGP。 OpenPGP 標準有不同的實現,最常見的是 [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) 和 [OpenPGP.js](https://openpgpjs.org)。
還有另一種標準被稱為 [S/MIME](https://en.wikipedia.org/wiki/S/MIME),但它需要由 [憑證機構](https://en.wikipedia.org/wiki/Certificate_authority) 頒發的憑證並非所有憑證都發行S/MIME憑證。 它支持 [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) 和 [Outlook for Web或Exchange Server 2016 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480)。
即使您使用OpenPGP ,它也不支持 [向前保密](https://en.wikipedia.org/wiki/Forward_secrecy),這意味著如果您或收件人的私鑰被盜,所有先前加密的消息都將被曝光。 這就是為什麼我們建議 [即時通訊](../real-time-communication.md) ,只要有可能,就實現電子郵件的前向保密性,以進行個人對個人的通信。
### 哪些郵件客戶端支持 E2EE
電子郵件服務供應商讓您能使用標準訪問協議如 IMAP 與SMTP以便應用[我們推薦的電子郵件客戶端軟體](../email-clients.md)。 根據驗證方法的不同如果提供者或電子郵件用戶端不支持OAT或橋接應用程序這可能會導致安全性降低因為 [多因素驗證](multi-factor-authentication.md) 在純密碼驗證中是不可能的。
### 我要怎樣保護自己的私密鑰匙?
安全鑰卡 (例如 [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) 或 [Nitrokey](https://www.nitrokey.com)) 可在設備 (手機、平板或桌機等 ) 的電子郵件軟體或網頁電郵上收取加密的郵件訊息。 安全鑰卡會解密該訊息再把解開的內容傳到設備。
在智能卡上進行解密是有利的,以避免可能將您的私鑰暴露在受損的設備上。
## 電子郵件元資料概覽
電子郵件中繼資料儲存在電子郵件的 [個訊息標題](https://en. wikipedia. org/wiki/Email#Message_header) 中,並包含您可能已經看到的一些可見標題,例如: `To``From``Cc``Date``Subject`。 許多電子郵件客戶端和提供商還包含一些隱藏的標題,可以揭示有關您的帳戶的信息。
客戶端軟體可能會使用電子郵件中繼資料來顯示來自誰以及收到訊息的時間。 服務器可以使用它來確定電子郵件消息必須發送的位置,其中 [個其他目的](https://en.wikipedia.org/wiki/Email#Message_header) 並不總是透明的。
### 誰可以查看電子郵件中繼資料?
電子郵件元數據受到外部觀察者的保護, [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) 保護它免受外部觀察者的影響,但它仍然能夠被您的電子郵件客戶端軟件(或網絡郵件)和任何伺服器看到,將您的消息轉發給任何收件人,包括您的電子郵件提供商。 有時,電子郵件伺服器也會使用第三方服務來防範垃圾郵件,垃圾郵件通常也可以訪問您的郵件。
### 爲什麼元數據不能是E2EE
電子郵件元數據對於電子郵件最基本的功能(它來自何處,以及它必須去向何處)至關重要。 E2EE 最初並未內建於電子郵件協議中,而是需要像 OpenPGP 這樣的附加軟件。 由於 OpenPGP 訊息仍必須與傳統的電子郵件供應商合作,因此它無法加密電子郵件元數據,只能加密訊息正文本身。 這意味著即使在使用 OpenPGP 時,外部觀察者也可以看到關於您的消息的大量信息,例如您正在發送電子郵件的人,主題行,當您發送電子郵件時等。

165
i18n/zh-Hant/basics/multi-factor-authentication.md Normal file
View File

@@ -0,0 +1,165 @@
---
title: "多重身分驗證"
icon: 'material/two-factor-authentication'
description: MFA是保護您線上帳戶的關鍵安全機制但有些方法比其他方法更強大。
---
**多因素認證****MFA**)是一種安全機制,除了輸入用戶名(或電子郵件)和密碼之外,還需要其他步驟。 最常見的方法是您會從簡訊或應用程式收到的有時間限制的代碼。
通常情況下,如果駭客(或任何想要盜取您帳號的人)能夠找出您的密碼,那麼他們將獲得密碼屬於的帳戶的存取權。 MFA 的帳戶迫使駭客同時擁有密碼(您 *知道*的東西)和您擁有的設備(您 *擁有*的東西),例如您的手機。
不同 MFA 方式的安全性各不相同,但整體來說,讓攻擊者越難訪問您的 MFA 方法越好。 MFA 方式(從最弱到最強)的例子包括簡訊,電子郵件代碼,應用推送通知, TOTP Yubico OTP 和 FIDO。
## MFA 方式的比較
### 簡訊或 Email 多重身分驗證
透過簡訊或電子郵件接收 OTP 代碼是透過 MFA 保護帳戶安全的最弱方法之一。 通過電子郵件或簡訊接收驗證碼動搖了*"持有安心*”的概念,因為駭客根本不需要實際拿到您的設備,就可透過多種方式 [接管電話號碼](https://en.wikipedia.org/wiki/SIM_swap_scam) 或讀取電子郵件。 如果未經授權的人獲得了您的電子郵件訪問權限,他們將能夠使用該訪問權限重設您的密碼並收到驗證碼,使他們能夠完全訪問您的帳戶。
### 推送通知
推送通知多重身份認證的形式是將訊息發送到手機上的應用程式,要求您確認新的帳戶登入。 這種方法比短信或電子郵件要好得多,因為攻擊者通常無法在沒有已經登錄的設備的情況下獲得這些推送通知,這意味著他們需要首先破壞您的其他設備之一。
我們都會犯錯誤,您可能不小心接受登錄嘗試。 推送通知登入授權通常一次發送到 *所有* 您的設備,如果您有多個設備,則可擴大 MFA 代碼的可用性。
推送通知 MFA 的安全性取決於應用程序的品質,伺服器組件以及生成它的開發人員的信任。 安裝應用程式可能會要求授予對裝置上其他資料存取的侵入性權限。 不同於好的TOTP 生成器,個別應用程式還要求特定的應用程序,甚至不需要密碼就可開啟服務。
### 暫時性的一次性密碼 (TOTP)
TOTP 是最常見的 MFA 形式之一。 當您設置TOTP時您通常需要掃描 [QR Code](https://en.wikipedia.org/wiki/QR_code) ,該掃描與您打算使用的服務建立“[共享祕密](https://en.wikipedia.org/wiki/Shared_secret)”。 共用祕密在驗證器應用程式的數據中受到保護,有時會受到密碼的保護。
然後,時間限制代碼從共享機密和當前時間衍生出來。 由於代碼僅在短時間內有效,無法訪問共享機密,因此對手無法生成新代碼。
如果您擁有支援 TOTP 的硬體安全金鑰(例如具有 [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)的YubiKey ,我們建議您將「共享機密」儲存在硬體上。 像 YubiKey 這類硬體就是為了讓“共享祕密”難以提取、複製而開發的工具。 YubiKey 也不會連接到網際網路,不像使用 TOTP 應用程式的手機。
與 [WebAuthn](#fido-fast-identity-online)不同, TOTP 無法應對 [網絡釣魚](https://en.wikipedia.org/wiki/Phishing) 或重複使用攻擊。 如果對手從您身上取得有效的登錄碼他們可以隨意多次使用它直到過期通常是60秒
對手可以建立一個網站來模仿官方服務,試圖欺騙你提供你的用戶名,密碼和當前的 TOTP 代碼。 如果對手使用這些記錄的憑證,他們可能能夠登錄到真正的服務並劫持帳戶。
雖然不完美,但 TOTP 對大多數人來說足夠安全,當 [硬件安全金鑰](../multi-factor-authentication.md#hardware-security-keys) 不受支持時, [驗證器應用程序](../multi-factor-authentication.md#authenticator-apps) 仍然是一個不錯的選擇。
### 硬體安全金鑰
YubiKey 將資料存在防纂改的強固晶片, 除非運用先進實驗室等級的取證程序,一般非破壞方式[很難存取](https://security.stackexchange.com/a/245772) 。
這些金鑰通常具多重功能,並提供了許多驗證方法。 下面是最常見的。
#### Yubico OTP
Yubico OTP 的驗證協議通常是執行在硬體安全金鑰上。 當決定使用 Yubico OTP 時,該密鑰將產生公用 ID ,私有 ID 和祕密密鑰,然後密鑰日上傳到 Yubico OTP 伺服器。
在登入網站時,需要做的就是實際觸摸安全金鑰。 安全金鑰將模擬鍵盤並將一次性密碼列印到密碼欄位中。
它會將一次性密碼轉發到 Yubico OTP 伺服器進行驗證。 在密鑰和 Yubico 驗證伺服器上的計數器都會迭加。 OTP 只能使用一次,當成功驗證後,計數器會增加,以防止重複使用 OTP。 Yubico 提供了此過程的 [詳細文件](https://developers.yubico.com/OTP/OTPs_Explained.html) 。
<figure markdown>
![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png)
</figure>
與 TOTP 相比使用Yubico OTP 有一些優缺點。
Yubico 驗證伺服器是雲端服務,您把信任託付給 Yubico 相信他們會安全地儲存資料而不會拿來分析您。 與 Yubico OTP 相關聯的公共 ID 可在每個網站上重複使用,並可能讓第三方可對您進行個人剖繪。 與TOTP 一樣, Yubico OTP 無法對抗網路釣魚。
若您的威脅模型要求在不同網站使用不同身份, **請不要** 在這些網站中使用同一個硬體安全密鑰 Yubico OTP ,因為每個安全密鑰都有相同的公共 ID。
#### FIDO 快速線上身份驗證)
[FIDO ](https://en.wikipedia.org/wiki/FIDO_Alliance) 包含許多標準首先是U2F ,然後是 [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) ,其中包括 Web 標準 [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)。
U2F 和 FIDO2 指的是 [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol),這是安全金鑰和電腦之間的協議,例如筆記本電腦或手機。 它補充了 WebAuthn WebAuthn 為驗證網站登錄( “依賴方” )之組件。
WebAuthn是最安全、最私密的第二要素驗證形式。 雖然驗證體驗與 Yubico OTP 類似,但密鑰不會打印出一次性密碼也不會使用第三方伺服器進行驗證。 相反,它使用 [公鑰加密](https://en.wikipedia.org/wiki/Public-key_cryptography) 進行驗證。
<figure markdown>
![FIDO](../assets/img/multi-factor-authentication/fido.png)
</figure>
當您創建一個帳戶時,公鑰會發送到服務,然後當您登錄時,服務會要求您使用您的私鑰“簽署”一些數據。 這樣做的好處是,服務不會儲存密碼資料,因此對手無從竊取任何東西。
這份簡報探討了密碼驗證的歷史陷阱如密碼重用以及FIDO2 和 [WebAuthn](https://webauthn.guide) 標準等課題。
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/aMo4ZlWznao?local=true" title="FIDO2 和 WebAuthn 如何防止帳戶接管" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
相較於其它 MFA方法 FIDO2 和 WebAuthn 具有卓越的安全和隱私特點。
通Web服務通常與 WebAuthn 一起使用, 這是來自 [W3C 的建議](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))。 它使用公鑰驗證,並且比在 Yubico OTP 和 TOTP 使用的共享機密更安全,因為它在驗證期間包括原始名稱(通常是域名)。 提供證明以保護您免受網路釣魚攻擊,以幫助您確定使用真實服務而不是假網站服務。
與 Yubico OTP不同WebAuthn不使用任何公共ID ,因此密鑰 **無法** 被不同網站識別。 它也不使用任何第三方雲端伺服器進行驗證。 所有通訊都已在密鑰和所登入的網站之間完成。 FIDO 還使用計數器,該計數器在使用時會增加,以防止期間重用和克隆密鑰。
如果網站或服務支援 WebAuthn 驗證,強烈建議您使用它而不是其他形式的 MFA。
## 一般性建議
我們有這些一般性建議:
### 我應該選擇哪種方法?
設置MFA 方法時,請記住,它的安全程度與您使用的最弱的身份驗證方法一樣。 這意味著您只需使用的最佳MFA方法。 例如如果您已經使用TOTP 您應該禁用電子郵件和SMS MFA。 如果您已經使用 FIDO2/WebAuthn ,則不應該在您的帳戶上使用 Yubico OTP 或TOTP。
### 備份
您應該始終備份您的 MFA 方法。 硬體安全金鑰可能會丟失、被盜或隨著時間的推移而停止運作。 建議您擁有一對具有相同帳戶存取權限的硬體安全金鑰,而不僅僅是一個。
當與驗證器應用程式一起使用TOTP時請務必備份您的恢復密鑰或應用程式本身或將「共享機密」複製到不同手機上的應用程式的另一個實例或加密容器例如 [VeraCrypt](../encryption.md#veracrypt))。
### 初始設定
購買安全金鑰時,請務必變更預設憑證、為金鑰設定密碼保護,並在金鑰支援時啟用觸控確認。 YubiKey 等產品有多重介面,各有其獨立憑證,因此您應該仔細查看每個介面並設置保護。
### 電子郵件和簡訊
如果您必須使用電子郵件進行MFA ,請確保電子郵件帳戶本身具有適當的 MFA 方法。
如果您使用簡訊 MFA 請選擇不會進行未授權的號碼切換的營營商或使用具有類似安全性的專用VoIP 號碼,以避免 [SIM 交換攻擊](https://en.wikipedia.org/wiki/SIM_swap_scam)。
[我們推薦的 MFA 工具](../multi-factor-authentication.md ""){.md-button}
## 更多設定MFA的地方
除了保護您的網站登錄外,多因素身份驗證還可用於保護您的本地設備的登錄、 SSH 密鑰甚至密碼資料庫。
### Windows
Yubico 有專門的 [憑證提供者](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) ,為本地 Windows 帳戶在登錄流程添加了Challenge-Response 驗證。 如果您擁有具 Challenge-Response 驗證支援的 YubiKey ,請查看 [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide),該指南將協助您在 Windows 電腦上設置MFA。
### macOS
macOS 具有 [原生支援](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 用於使用智慧卡(PIV)進行驗證。 如果您有支援 PIV 介面的智慧卡或硬體安全金鑰(例如 YubiKey) ,建議您遵循智慧卡/硬體安全供應商的文件為您的macOS 電腦設定第二要素驗證。
Yubico 指南 [在macOS](https://support.yubico.com/hc/en-us/articles/360016649059) 中使用 YubiKey 作為智慧卡,可幫助您在 macOS 設置 YubiKey。
設定智慧卡/安全金鑰後,我們建議您在終端機中執行此命令:
```text
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
```
該指令會防止對手在電腦啟動時繞過 MFA。
### Linux
!!! 警告
如果系統主機名稱發生變更(例如由於 DHCP ,您將無法登入。 在遵循本指南之前,為您的電腦設置正確的主機名至關重要。
Linux 上的 `pam_u2f` 模組可以提供雙因素驗證,以便在最流行的 Linux 發行版上登錄。 如果您有支援 U2F 的硬體安全金鑰,可以為您的登入設定 MFA 驗證。 Yubico有一個 [Ubuntu Linux 登錄指南- U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) ,應該適用於任何發行版。 軟體包管理器指令(例如 `apt-get`)和軟體包名稱可能不同。 本指南 **不適用於** Qubes OS.
### Qubes OS
Qubes OS 支援 YubiKeys 進行 Challenge-Response 驗證。 如果您擁有具 Challenge-Response 驗證支援的 YubiKey ,請查看 Qubes OS [YubiKey 文檔](https://www.qubes-os.org/doc/yubikey/) 以在Qubes OS 設置 MFA。
### SSH
#### 硬件安全金鑰
SSH MFA 可以使用多種不同的身份驗證方法進行設置,這些方法在硬體安全金鑰中很受歡迎。 建議您查看 Yubico [文件檔](https://developers.yubico.com/SSH/) ,了解如何設置此功能。
#### 暫時性的一次性密碼 (TOTP)
SSH MFA 也可以使用 TOTP 設定。 DigitalOcean 提供教學 [如何在 Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04) 為 SSH 設置多因素身份驗證。 無論是哪一個發行版本,大多數操作方式都相同,但是軟體包管理器命令-例如 `apt-get`-和軟體包名稱可能不同。
### KeePass 和KeePassXC
KeePass 和 KeePassXC 資料庫可以使用 Challenge-Response 或 HOTP 作為第二要素驗證進行密碼保護。 Yubico 提供了一份 KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) 文件, [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) 網站上也有一份。

111
i18n/zh-Hant/basics/passwords-overview.md Normal file
View File

@@ -0,0 +1,111 @@
---
title: "密碼介紹"
icon: 'material/form-textbox-password'
description: 以下是關於如何建立最強密碼並確保帳戶安全的一些提示和技巧。
---
密碼是我們日常數位生活的重要組成部分。 我們使用它們來保護自己帳戶、設備和祕密。 儘管密碼常常是我們與挖取我們私人資訊的對手之間僅有的唯一阻隔,但人們並未對密碼有充分的考量,導致人們使用的密碼很容易被猜到或強力破解。
## 最佳實踐
### 每項服務各選用不同的獨特密碼
想像一下,您在各個不同的網路服務註冊時都使用同一組電子郵件和密碼。 如果其中一個服務提供商懷有惡意,或者其服務發生資料洩露,以未加密格式暴露了您的密碼,那麼不良行為者只需嘗試跨多個流行服務的電子郵件和密碼組合,就可輕易得手。 密碼強度已無關緊要,因為對手已經打開它了。
這稱為 [憑證填充](https://en.wikipedia.org/wiki/Credential_stuffing),是最常見帳戶被不良行為者破壞的方式之一。 為了避免這種情況,請確保您永遠不會重複使用密碼。
### 使用隨機生成的密碼
==您 **不應該** 僅靠自己去想出好密碼== ;建議使用充足熵量的[隨機產生密碼randomly generated passwords](#passwords) 或 [diceware 口令密語](#diceware-passphrases) ,以保護裝備和帳戶的安全。
我們所推薦的 [密碼管理器](../passwords.md) 都內建密碼生成器。
### 輪換密碼
應避免經常更改必須記住的密碼(例如密碼管理器的主密碼) ,除非有理由相信它已被破壞,否則頻繁更改它往往會使您面臨忘記密碼的風險。
對於無需記住的密碼(例如存儲在密碼管理器中的密碼)時,如果您的 [威脅模型](threat-modeling.md) 需要它,建議每隔幾個月查看一次重要帳戶(特別是沒使用多因素身份驗證的帳戶)並更改其密碼,以防它們在尚未公開的資料洩露中遭到破壞。 大多數密碼管理器可為密碼設定到期日期,以便更容易管理。
!!! 提示“檢查數據洩露”
如果您的密碼管理器可以檢查密碼是否已被破壞,請務必檢查並立即更改可能已暴露在資料外洩的密碼。 或者,您可以在[news aggregator] (../news-aggregators.md)的幫助下關注[Have I Been Pwned 最新資料外洩情報] (https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches)。
## 建立強密碼
### 密碼
許多服務對密碼施加了某些標準,包括最小或最大長度,以及可以使用哪些特殊字符(如果有的話)。 您應該利用密碼管理器內建的密碼生成器來創建夠長、複雜的密碼,只要服務允許,最好是混合大寫和小寫字母、數字和特殊字符搭配。
若需要一個記得住的密碼,建議採用 [diceware 口令密語](#diceware-passphrases)。
### Diceware 口令密語
Diceware 是一種創建密碼短語的方法,這些密短口令易於記憶,但很難猜測。
當您需要記憶或手動輸入憑證時,例如密碼管理員的主密碼或設備的加密密碼, Diceware 口令密語是個好選擇。
舉一個 Diceware 口令密語的例子 `viewable fastness reluctant squishy seventeen shown pencil`
使用骰子來產生一組 diceware 口令密語,請按照以下步驟:
!!! 備註
這裏的說明假設您正使用[ EFF的大型單詞清單] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)來生成密語,每個單詞需要骰子滾動五次。 其他單詞列表的單詞其骰子滾動次數不一,且可能需要不同單詞數量來達成相同的熵。
1. 將1~6 骰子滾動五次,記下每次出現的數字。
2. 例如,假設您滾動了 `2-5-2-6-6`。 查看 [EFF 的大型單詞清單](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) ,找出對應於 `25266` 的單詞。
3. 你會得到單詞 `encrypt`。 把這個詞寫下來。
4. 重複相同手續,直到您的口令密語達到足夠的單詞,請用空格分隔單詞。
!!! 警告“重要”
你* *不應* *重新滾動單詞,以取得自己喜好的單詞組合。 這個過程應該是完全隨機的。
如果您手邊沒有或不想使用真正的骰子,可利用密碼管理器內建密碼生成器,因為大多數密碼生成器除了普通密碼之外還可以選擇生成 diceware 口令密語。
我們建議使用 [EFF 的大型單詞清單](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) 來生成您的diceware 口令密語,因為它提供與原始列表完全相同的安全性,同時更容易記憶的單詞。 如果不想要使用英文密語,也有 [其他語言的單詞清單](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline)。
??? 附註「diceware 口令密語的熵和強度的說明」
為了證明 diceware 密語的強度,我們將使用前面提到的七個單詞密語(`viewable fastness reluctant squishy seventeen shown pencil` )和 [EFF 的大型單詞列表] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)作例子。
判斷 diceware 口令密語強度的衡量標準是確定它有多少熵。 diceware 口令密語中的個別單詞的熵為 $\text{log}_2(\text{WordsInList})$ 而整組密語的熵總量為 $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
因此,上述列表中的每個單詞都會產生~ 12.9 位熵(($\text{log}_2 (7776) $) ,而其中取得七個單詞組成的口令密語就具有~ 90.47位熵 ($\text{log}_2 (7776 ^ 7) $ )。
[EFF 的大型單詞清單] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)包含 7776 個獨特單詞。 要計算可能的口令密語數量,所要做的就是 $\text{WordsInList}^\text{WordsInPhrase}$ ,或者依我們的情況, $ 7776 ^ 7 $。
讓我們從這個角度來看:使用 [EFF 的大型單詞列表] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)的七個單詞的口令密短約有1,719,070,799,748,422,500,000,000 種組合。
平均而言,至少要嘗試所有可能組合的一半來猜測您的密語。 考慮到這一點,即使對手每秒能夠猜測~ 1,000,000,000,000 次,他們仍然需要~ 27,255,689 年來猜出您的密語。 即使以下情況屬實,也是如此:
- 對手知道您使用 diceware 方法。
- 對手知道您所使用的具體單詞清單。
- 對手知道您的密語包含多少個單詞。
總而言之, diceware 口令密語是最佳選擇,當您需要既容易記住 *又* 非常強大的東西。
## 儲存密碼
### 密碼管理器。
儲存密碼的最佳方式是使用密碼管理器。 可將密碼存儲在檔案或雲端,使用單個主密碼保護與開啟它們。 這樣,您只需要記住一個強大的密碼,就可以訪問其餘密碼。
有許多好的選項可參考,不管是雲端和本地設備安裝。 選擇任一推薦的密碼管理器,利用它為所有帳戶建立強密碼。 建議利用至少七個單詞的 [diceware 口令密語](#diceware-passphrases) 來保護密碼管理器的安全。
[推薦的密碼管理員列表](../passwords.md ""){.md-button}
!!! 警告: “不要將密碼和 TOTP 令牌放在同一個密碼管理器中”
當使用 TOTP 代碼作為[多因素驗證] (../multifactor-authentication.md)時,最好的安全措施是將 TOTP 代碼保存在[分開的應用程序] (../multifactor-authentication.md#authenticator-apps)中。
將您的 TOTP 令牌存儲在與密碼相同的位置,雖然方便,但假若對手可以存取密碼管理器,則帳戶安全驗證則減少為單一因素。
此外,我們不建議把一次性修復代碼存在密碼管理器。 它們應分開儲存,例如放在離線儲存設備的加密容器中。
### 備份
您應該將密碼備份 [加密](../encryption.md) 在 數個儲存裝置或雲端儲存服務。 如果您主要裝置或正在使用的服務出問題,這可以幫助您存得密碼。

110
i18n/zh-Hant/basics/threat-modeling.md Normal file
View File

@@ -0,0 +1,110 @@
---
title: "建立威脅模型"
icon: 'material/target-account'
description: 平衡安全性、隱私權和可用性是您在隱私權之旅中將面臨的首要和最困難的任務之一。
---
平衡安全性、隱私權和可用性是您在隱私權之旅中將面臨的首要和最困難的任務之一。 一切都要各方權衡:越安全的東西,它通常越受限制或越不方便。 通常,人們發現那些被推薦的工具的問題是它們太難開始使用了!
如果要使用**最安全**的工具,就必須犠牲許多*可用性*。 就算如此,也沒有什麼是完全安全的。有 **高** 安全,但從來沒有 **完整** 安全。 這就是為什麼威脅模型很重要。
**那麼,這些威脅模型究竟是什麼呢?**
==威脅模型,列出對您的安全與隱私可能造成的威脅。== 既然無法完全防範**每一次** 攻擊(者),請將精力放在 **最可能發生的** 威脅。 在電腦安全上,威脅指可能破壞您保持私密和安全努力的事件。
專注在對您認為重要的威脅,可縮小對所需保護的考慮,以讓您選擇出適合的工具。
## 建立您的威脅模型
為了分辨所重視的事物會發生什麼,保護它們必須避開哪些人,請回答以下五個問題:
1. 我想保護什麼?
2. 我想要保護它免受誰的侵害?
3. 我需要保護它的可能性有多大?
4. 若不幸失敗將帶來多嚴重的後果?
5. 我願意承受多少麻煩來防止潛在的後果?
### 我想保護什麼?
“資產”是你重視和想要保護的東西。 在討論數位安全時,資產通常是某種資訊。例如,您的電子郵件、聯繫人列表、即時消息、位置和檔案等都是可能的資產。 你的設備本身也可能是資產。
*列出您的資產:您保存的資料、保存的地方、誰可以取用它,以及阻止其他人使用它的原因。*
### 我想要保護它免受誰的侵害?
要回答這個問題,重要的是要找出誰可能會針對您或您的資訊。 對您的資產構成威脅的個人或實體即是“敵人”。潛在對手可能為:您的老闆、前任情人、商業競爭對手、政府或公共網路上的黑客。
*列出對手或那些可能想要獲取您的資產的敵人。 您的名單可能包括個人、政府機構或公司。*
根據對手是誰,在某些情況下,這份清單可能是在完成安全計劃後必須鎖毀的東西。
### 它需要被保護的可能性有多大?
==風險是指某個資產發生特定威脅實際的可能性。= =它與能力密切相關。 雖然您的手機供應商有能力訪問您的資料,但他們將私人數據散佈在網路以損您聲譽的這種風險發生機率很低。
重要的是要能區分可能發生什麼事和事情發生的概率。 例如,您的建築物可能會倒塌,但很常有地震的舊金山發生這種情況的風險遠遠大於地震並不常見的斯德哥爾摩。
評估風險既是私人的,也是主觀的過程。 許多人認為某些威脅是不可接受的,無關乎其發生的可能性,而是因它們根本不值得。 在其他情況下,人們忽視高風險,因為他們不認為威脅是問題。
*寫下你認真看待哪些威脅,哪些可能太罕見或無害(或太難以對抗)。*
### 若不幸失敗將帶來多嚴重的後果?
對手有很多方法可以取用您的資料。 例如,他們通過網路讀取您的私人通訊,或是刪除或破壞您的資料。
== 對手的動機差異很大,他們的戰術也是如此。==政府試圖阻止警察暴力影片傳播,簡單地刪除或減少該影片的可用性大概就可以。 相比之下,政治對手可能希望在您不知情的情況下,獲得您的祕密內容並發布。
安全規劃涉及了解若對手成功地取用您的資產後,會帶來多嚴重的後果。 要確定這一點,應該考慮對手的能力。 例如,您的手機供應商可以存取您所有的電話記錄。 公共 Wi-Fi 網路上的駭客可以訪問您未加密的通訊。 政府往往有更強的能力。
*寫下對手可能想用您的私人資料做什麼。*
### 我願意承受多少麻煩來防止潛在的後果?
==沒有完美的安全保障。==不是每個人都有相同的優先事項、關切點或可用資源。 您的風險評估能為您規劃正確的策略,平衡便利性、成本和隱私。
例如,在國家安全案件中代表客戶的律師可能願意全力保護該案件的相關通信,例如使用加密電子郵件,而常向女兒發送有趣貓咪短片的母親就不會想要加密。
*寫下您可用的選項,以幫助減輕您的獨特威脅。 ,如果您有任何財務、技術或社會上的限制,請予備註。*
### 自己試試:保護好您的財產
這些問題可以適用於線上和線下的各種情況。 示範這些問題如何運作,我們來制定一個保護您房屋和財產安全的計畫。
**您想保護什麼? ( 或者*)您有什麼值得保護的? (*)**
:
您的資產可能包括珠寶、電子產品、重要文件或照片。
**你想保護它免受誰的侵害?**
:
你的對手可能包括竊賊、室友或客人。
**您需要保護它的可能性有多大?**
:
您的社區發生過入室盜竊的案件嗎? 你的室友或客人可信任的程度? 你的對手有哪些能力? 應該考慮哪些風險?
**失敗的後果有多嚴重?**
:
你家裡有什麼東西是你無法取代的嗎? 您有時間或金錢來取代這些東西嗎? 是否已為家裏物品投保失竊險?
**你願意承受多少麻煩來防止這些後果?**
:
您是否願意為敏感文件購買保險箱? 你能買到高品質的鎖嗎? 您有時間在當地銀租用保險箱並將貴重物品存放在那裡嗎?
只有真正自問這些問題後,才能評估該採取哪些措施。 如果您的財產具有價值,但被入侵的可能性很低,那麼可能不想在防鎖上投資太多。 但是,如果被入侵的可能性很高,您會希望取得市場上最好的鎖並考慮添加安全系統。
制定安全計劃有助於了解您獨有的威脅、評估自己的資產、對手與其能力,以及您面臨風險的可能性。
## 延伸閱讀
針對希望提高線上隱私和安全性者,我們編制了一份本站訪客面臨的常見威脅或目標清單,為您提供一些靈感並展示我們建議的基礎。
- [共同目標與威脅 :material-arrow-right-drop-circle:](common-threats.md)
## 來源
- [EFF監控自衛您的安全計劃](https://ssd.eff.org/en/module/your-security-plan)

80
i18n/zh-Hant/basics/vpn-overview.md Normal file
View File

@@ -0,0 +1,80 @@
---
title: VPN 簡介
icon: material/vpn
description: 虛擬私用網路將風險從您的ISP 轉移到您信任的第三方。 你應該記住這些事情。
---
虛擬專用網路是將您的網路末端延伸到世界其它地方的一種方式。 ISP 可以看到網路終端設備(例如數據機)的網際網路進出流量。
HTTPS 等加密協議通常應用在網際網路,因此雖無法確切地知道您發布或閱讀的內容,但還是可以了解您所請求訪問的 [網域名](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)。
VPN 可以提供幫助,將信任轉移到世界其他地方的伺服器。 因此, ISP只會看到您已連接到VPN ,而不會看到您正在傳遞的活動。
## 我應該使用 VPN 嗎?
**是**除非你已經在使用Tor。 VPN可以做兩件事將風險從網際網路服務提供商轉移到 VPN並將向第三方服務隱藏您的 IP 地址。
VPN 無法加密裝置與 VPN 伺服器之間連線以外的資料。 VPN 提供商可以像 ISP 一樣查看和修改您的流量。 而且沒有方式可以驗證 VPN 提供商的“無記錄”政策是否貫徹。
VPN 確實可向第三方服務隱藏您的實際 IP 但前提是IP 沒被洩漏。 它們有助您混在他人之中,以減輕基於 IP 的追蹤。
## 什麼時候不該使用 VPN
在 [身份已可辨識](common-threats.md#common-misconceptions) 的情況下VPN 就沒效用了。
這樣做可能會觸發垃圾郵件和欺詐偵測系統,例如您正試圖登入銀行網站。
## 那加密呢?
VPN供應商提供的加密僅發生在您的裝置與伺服器之間。 它保證此特定連結是安全的。 這比用未加密代理的更進一步,因為對手可以攔截您的設備和前述未加密代理之間的通訊並加以修改。 然而軟體或瀏覽器與服務供應商之間的加密並不是依此加密處理。
為了保持所瀏覽網站活動的私密和安全,您必須使用 HTTPS。 這將確保您的密碼、會話令牌和查詢對VPN提供商是安全的。 請考慮在瀏覽器中啟用「HTTPS everywhere」以減輕 [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf)等攻擊。
## 我應該將加密 DNS 與 VPN 一起使用嗎?
除非您的 VPN 服務商自行託管加密的 DNS 伺服器, **不要**. 使用 DOH/DOT (或其它任何 DNS 加密) 與第三方伺服器只有需信任更多實體,在安全隱私則**一點幫助也沒有** 。 您的 VPN 提供商仍可以根據 IP 地址和其他方法查看您訪問的網站。 您現在除了信任 VPN 供應商外,還得同時信任 VPN 供應商和DNS 供應商。
推薦加密 DNS 的常見理由是有助於防止 DNS 欺騙。 您的瀏覽器應該已經檢查了 [TLS 憑證](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) 和 **HTTPS** ,並警告您。 如果沒用 **HTTPS**,則對手可以修改您的 DNS 查詢之外的任何東西,最終結果將沒太大差異。
**您不應把加密 DNS 與Tor**一起使用。 這將把您所有 DNS 請求引至某單一迴路,這會讓加密 DNS 提供商可對您消除匿名性。
## 我應該*同時* 使用 Tor 與 VPN 嗎?
撔 Tor 與 VPN 一起使用 ,您基本上創建了一個永久的入口節點,這類節點通常帶有與金錢相關追蹤痕跡。 這樣根本沒增加額外好處,反而明顯地擴大了連接時的攻擊面。 如果您希望向 ISP 或政府隱藏您的Tor 使用, Tor 內建一個解決方案Tor 橋接。 [閱讀更多關於Tor橋接以及為什麼沒必要使用 VPN](../advanced/tor-overview.md)。
## 如果我需要匿名怎麼辦?
VPN無法提供匿名性。 您的VPN提供商可知道您真實 IP 地址,並且通常有一個可以直接與您連結的金錢線索。 您不能依靠 VPN「無記錄」政策來保護您的資料。 請用 [Tor](https://www.torproject.org/) 代替。
## 提供Tor 節點的 VPN 提供商好不好呢?
不要使用此功能。 使用 Tor 的重點是不信任您的 VPN 提供商。 目前 Tor 只支援 [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) 通訊協議。 [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (在 [WebRTC](https://en.wikipedia.org/wiki/WebRTC) 中用於語音和影片分享,新的 [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) 協議等) [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) 和其他封包將被丟棄。 為了彌補這一點, VPN 提供商通常會引導全部的non-TCP 封包通過他們的 VPN 伺服器(您的第一個跳)。 [ProtonVPN ](https://protonvpn.com/support/tor-vpn/)的情況就是如此。 此外,使用此 Tor over VPN 設定時,您無法控制 Tor 其他重要的功能,例如 [隔離目標位址](https://www.whonix.org/wiki/Stream_Isolation) 為您訪問不同網域使用不同的Tor 迴路)。
該功能應被視為方便訪問 Tor 網絡的方式,而不是為了保持匿名。 為保持適當的匿名性,請使用 Tor 瀏覽器、TorSocks 或 Tor 閘道。
## VPN 何時有用?
VPN在各種情況下仍可能對您有用例如
1. **僅需**對網路連線服務商隱藏您的流量 。
1. 對 ISP 和反盜版組織隱藏您的下載(如 torrents
1. 從第三方網站和服務中隱藏您的IP 防止基於IP的追蹤。
類似這些情況或者如果您有其他令人信服的理由,可考慮使用我們所列出認為最值得信賴的 VPN 提供商。 使用 VPN 意謂著您 *方便* 這些服務供應者。 任何情況下,最好使用以安全為**設計理念** 的工具,例如 Tor。
## 資料來源和進一步閱讀
1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
1. [Tor Network概述](../advanced/tor-overview.md)
1. [IVPN隱私指南](https://www.ivpn.net/privacy-guides)
1. [「我需要 VPN 嗎?」"Do I need a VPN?" ](https://www.doineedavpn.com)
IVPN 開發的工具,幫助個人決定 VPN 是否適合他們,以因應各式 VPN 營銷。</li> </ol>
## VPN 相關資訊
- [VPN 問題和隱私評論網站](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
- [免費 VPN 應用程式調查](https://www.top10vpn.com/free-vpn-app-investigation/)
- [揭露隱身的 VPN 擁有者:由 23 家公司運營101款 VPN 產品](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [這家中國公司祕密支持24個尋求危險權限的流行應用程序](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)

70
i18n/zh-Hant/calendar.md Normal file
View File

@@ -0,0 +1,70 @@
---
title: "行事曆同步"
icon: material/calendar
description: 行事曆包含一些您最敏感的資料,使用實現靜態加密的產品。
---
行事曆包含一些您最敏感的資料;請使用未存取時執行 E2EE 的產品,以防止供應商讀取這些資料。
## Tutanota
!!! recommendation
! [Tutanota logo] (assets/img/calendar/tutanota.svg#only-light) {align = right}
! [Tutanota標誌] (assets/img/calendar/tutanota-dark.svg#only-dark) {align = right}
* * Tutanota * *在其支援的平臺上提供免費和加密的日曆。 功能包括所有數據的自動E2EE ,共享功能,匯入/匯出功能,多因素驗證和 [more] https://tutanota.com/calendar-app-comparison/ )。
多個行事曆和擴展共享功能僅限於付費訂閱者。
[:octicons-home-16: Homepage](https://tutanota.com/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
- [:simple-windows11: Windows](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/com.tutanota.Tutanota)
- [:octicons-browser-16: Web](https://mail.tutanota.com/)
## Proton Calendar
!!! recommendation
![Proton](assets/img/calendar/proton-calendar.svg) {align = right}
* * Proton Calendar * *是 Proton 會員可透過網路或行動客戶端使用的加密行事曆服務。 功能包括:所有資料自動 E2EE 、共享、匯入/匯出等等[眾多功能](https://proton.me/support/proton-calendar-guide). 免費會員可以使用單一行事曆而付費訂閱者最多可以創建20個行事曆。 擴展共享功能也僅限於付費訂閱者。
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
- [:octicons-browser-16: Web](https://calendar.proton.me)
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格
- 同步與儲存資訊必須使用 E2EE以確保服務供應商無法看到。
### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目中看到的東西。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 如果合適,最好能整合入原生作業系統行事曆和聯絡人管理應用程式。

99
i18n/zh-Hant/cloud.md Normal file
View File

@@ -0,0 +1,99 @@
---
title: "雲端儲存"
icon: material/file-cloud
description: 許多雲端儲存服務供應商需要您相信他們不會查看您的檔案。 這些都是私密替代品!
---
許多雲端儲存服務供應商需要您完全信任他們不會查看您的檔案。 下面列出的替代方案通過實施安全的 E2EE消除了對信任的需要。
如果這些替代方案不符合您的需求,建議您考慮使用其他雲端提供商的加密軟件,例如 [Cryptomator](encryption.md#cryptomator-cloud) 。 把 Cryptomator 結合在 **任一種** 雲服務商(包含這裡推薦的) 也是好方法,可減低某服務商原生客立端加密漏洞之風險。
??? 提問:找不到 Nextcloud ?
Nextcloud 是[仍然是一個推薦的工具] (productivity.md) ,可用於自我託管檔案管理套件,但目前不推薦第三方 Nextcloud儲存服務提供商因為我們[不建議]使用 (https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud 家庭用戶版內置的 E2EE 功能。
## Proton Drive
!!! recommendation
! [Proton Drive logo] (assets/img/cloud/protondrive.svg) {align = right}
* * Proton Drive * *是來自流行的加密電子郵件供應商[Proton Mail] (email.md#proton-mail)的瑞士加密雲存儲供應商。
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
Proton Drive 網路應用程式已於[2021年](https://proton.me/blog/security-audit-all-proton-apps)由 Securitum 獨立審核,並未公開完整詳細資料,但 Securitum 的認證信函指出:
> 審計人員發現了兩個不嚴重的漏洞。 此外,還提出五項一般性建議。 與此同時,我們確認在滲透測試期間沒有發現重大安全問題。
Proton Drive 全新移動客戶端軟體尚未經過第三方公開審核。
## Tresorit
!!! recommendation
! [Tresorit logo] (assets/img/cloud/tresorit.svg) {align = right}
* * Tresorit * *是一家成立於2011年的匈牙利加密雲端儲存服務供應商。 Tresorit 由瑞士郵政擁有,瑞士郵政是瑞士的國家郵政服務。
[:octicons-home-16: Homepage](https://tresorit.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.tresorit.com/hc/en-us){ .card-link title=Documentation}
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id722163232)
- [:simple-windows11: Windows](https://tresorit.com/download)
- [:simple-apple: macOS](https://tresorit.com/download)
- [:simple-linux: Linux](https://tresorit.com/download)
Tresorit 已獲得多項獨立安全稽核:
- [2022](https://tresorit.com/blog/tresorit-receives-iso-27001-certification/): ISO/IEC 27001: 2013[^1] 符合性 [認證](https://www.certipedia.com/quality_marks/9108644476) TÜV Rheinland InterCert Kft
- [2021](https://tresorit.com/blog/fresh-penetration-testing-confirms-tresorit-security/) Computest 的滲透測試
- 該檢查評估了Tresorit 網頁用戶端、Android 應用程式、Windows 應用程式和相關基礎設施的安全性。
- Computest 發現了兩個已解決的漏洞。
- [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture/) Ernst & Young 的滲透測試。
- 該檢測分析了 Tresorit 完整源代碼,並驗證了落實 Tresorit [白皮書](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf)中描述的概念。
- Ernst & Young 還測試了網絡、行動和桌面客戶端: “測試結果發現沒有偏離 Tresorit 的資料機密性聲明。
他們還獲得了數位信任標籤,這是 [Swiss Digital Initiative](https://www.swiss-digital-initiative.org/digital-trust-label/) 的認證,該認證要求通過與安全性,隱私和可靠性相關的 [35標準](https://digitaltrust-label.swiss/criteria/) 。
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 必須執行端到端加密。
- 必須提供免費計劃或試用期以進行測試。
- 必須支援 TOTP 或 FIDO2 多因素驗證,或 Passkey 登入。
- 必須提供支援基本檔案管理功能的網頁介面。
- 允許輕鬆匯出所有檔案/文件。
- 必須使用經審核的標準加密。
### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 客戶端應是開源的。
- 客戶端軟體應由獨立的第三方進行全面審計。
- 應提供 Linux、Android、Windows、macOS 和 iOS 的原生客戶端。
- 這些用戶端應與雲端儲存供應商的原生作業系統工具整合,例如整合 iOS 的 Files app或 Android 的 DocumentsProvider 功能。
- 容易與其他用戶輕鬆共享文件。
- 至少在網頁界面應提供基本的文件預覽和編輯功能。
[^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001): 2013合規性涉及公司的 [資訊安全管理系統](https://en.wikipedia.org/wiki/Information_security_management) ,涵蓋其雲端服務的銷售、開發、維護和支援。

53
i18n/zh-Hant/cryptocurrency.md Normal file
View File

@@ -0,0 +1,53 @@
---
title: 加密貨幣
icon: material/bank-circle
---
線上支付是隱私面臨的最大挑戰之一。 下列加密貨幣預設提供交易隱私(大多數加密貨幣**並未保證**如此 ),前提是您對如何有效地進行私人支付有深入了解。 我們強烈建議您在網路購買前先閱讀本站私密付款之介紹:
[私密付款 :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
!!! 危險
許多(如果不是大多數)加密貨幣項目都是騙局。 只用你信任的項目小心進行交易。
## Monero
!!! recommendation
! [Monero 標誌] (assets/img/cryptocurrency/monero.svg) {align = right}
* * Monero * *使用增強隱私技術的區塊鏈,混淆交易以實現匿名性。 每筆 Monero 交易都隱藏了交易金額、發送和接收地址以及資金來源,使其成為加密貨幣新手的理想選擇。
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
使用 Monero ,外部觀察者無法破譯 Monero 交易地址、交易金額、地址餘額或交易歷史。
為了獲得最佳的隱私,請務必使用非保管錢包,讓查看密鑰保留在設備上。 這意味著只有您能夠花費資金並查看交易進出。 若使用託管錢包,則服務商可看到**全部活動** ;如果用的是"輕量"錢包,則服務商保存了您的私鑰並看到您全部的交易活動。 一些非保管錢包包括:
- [官方Monero客戶端](https://getmonero.org/downloads) (桌面)
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
- Cake Wallet 支援多種加密貨幣。 僅限 Monero 的 Cake Wallet 版本可在 [Monero.com](https://monero.com/) 上找到。
- [Feather Wallet](https://featherwallet.org/) (桌面版)
- [Monerujo](https://www.monerujo.io/) (Android)
為了獲得最大的隱私(即便使用非保管錢包),您應該運行自己的 Monero 節點。 使用別人的節點會暴露一些信息例如您從中連接到它的IP位址同步錢包的時間戳記以及您從錢包發送的交易儘管沒有關於這些交易的其他細節。 或者您可以通過Tor或i2p連接到其他人的Monero節點。
2021年8月 CipherTrace [宣布爲政府機構提供](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) 增強的 Monero 追蹤功能。 公開貼文顯示,美國財政部金融犯罪執法網絡 [在2022年底授權](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace 的 “Monero 模塊”。
Monero 交易圖隱私受到其相對較小的環形簽名的限制,特別是抵抗針對性的攻擊。 Monero's 隱私功能也曾被某些資安研究人員 [質疑](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) ,過去已發現一些弱點與補丁,因此如 CipherTrace 的宣稱並非不可能。 雖然 Monero 大規模監控工具不太可能像比特幣和其他工具一樣存在,但可以肯定的是,追蹤工具有助於進行針對性的調查。
Monero 是隱私友好的加密貨幣中最強大的競爭者,但它的隱私聲稱**尚未**被任何方式證明 。 需要更多的時間和研究來評估 Monero 是否足夠抵禦攻擊來提供足夠的隱私。
## 標準
**請注意,我們與所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 推薦項目時,我們會考慮與討論許多因素,且記錄下每一個項目種種工作流程。
- 預設情況下,加密貨幣必須提供私密/無法追蹤的交易。

145
i18n/zh-Hant/data-redaction.md Normal file
View File

@@ -0,0 +1,145 @@
---
title: "資料和中繼資料處理"
icon: material/tag-remove
description: 使用這些工具來移除所分享的相片和文件中的GPS定位和其他識別資訊等中繼資料。
---
分享檔案時,請務必移除相關的中繼資料。 映像文件通常包含 [Exif](https://en.wikipedia.org/wiki/Exif) 數據。 照片有時甚至在文件元數據中包含GPS坐標。
## 電腦版應用程式
### MAT2
!!! recommendation
! [MAT2 logo] (assets/img/data-redaction/mat2.svg) {align = right}
* * MAT2 * *是免費軟體,可以移除圖像,音頻,種子和文件文件類型的中繼資料。 它通過[ Nautilus 擴展元件] (https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus)提供命令行工具和圖形用戶界面Nautilus 是 [GNOME](https://www.gnome.org)的預設檔案管理器, [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin)是 [KDE](https://kde.org)的預設檔案管理器。
Linux 有MAT2 提供支持的第三方圖形界面工具[Metadata Cleaner] (https://gitlab.com/rmnvgr/metadata-cleaner) ,並且[可從 Flathub 取得] (https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner)。
[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation}
[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
??? 下載
- [:simple-windows11: Windows](https://pypi.org/project/mat2)
- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
- [:simple-linux: Linux](https://pypi.org/project/mat2)
- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
## 行動
### ExifEraser (Android)
!!! recommendation
! [ExifEraser logo] (assets/img/data-redaction/exiferaser.svg) {align = right}
* * ExifEraser * *是 Android 的現代無需許可的圖像中繼資料擦除應用程式。
它目前支持JPEG PNG和WebP 檔案格式。
[:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser)
- [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser)
- [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases)
被清除的元資料取決於影像的檔案類型:
* **JPEG**:可清除 ICC Profile、Exif、Photoshop Image Resources 和 XMP/ExtendedXMP 等中繼資料。
* **PNG**:可清除 ICC Profile、Exif和XMP等中繼資料。
* **WebP**: 可清除 ICC Profile、Exif 和XMP 等中繼資料。
處理完影像後, ExifEraser會為您提供一份完整的報告說明每張影像中究竟刪除了哪些內容。
該應用程式提供了多種方式來清除圖像中的中繼數據。 亦即:
* 您可以使用 ExifEraser 分享其他應用程序的圖像。
* 通過應用程序本身,可以一次選擇單個圖像,多個圖像,甚至是整個目錄。
* 它具有“相機”選項,該選項使用操作系統的相機應用程序拍攝照片,然後從中刪除中繼數據。
* 在應用分屏模式下,它可以從另一個應用程式拖放圖片到 ExifEraser 。
* 最後,它允許您從剪貼板黏貼圖像。
### Metapho (iOS)
!!! recommendation
! [Metapho logo] (assets/img/data-redaction/metapho.jpg) {align = right}
* * Metapho * *是一個簡單清晰的相片中繼資料檢視器,例如日期、檔案名稱、大小、相機型號、快門速度和位置。
[:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary }
[:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" }
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352)
### PrivacyBlur
!!! recommendation
! [PrivacyBlur logo] (assets/img/data-redaction/privacyblur.svg) {align = right}
* * PrivacyBlur * *是一個免費應用程式,在線上分享前先模糊圖片的敏感部分。
[:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106)
!!! 警告
您* *永遠不要* *使用模糊來編輯[圖片中的文字] (https://bishopfox.com/blog/unredacter-tool-never-pixelation)。 如果要編輯影像中的文字,請在文字上畫一個框。 為此,我們建議使用[Pocket Paint] (https://github.com/Catrobat/Paintroid)等應用程式。
## 命令行
### ExifTool
!!! recommendation
! [ExifTool logo] (assets/img/data-redaction/exiftool.png) {align = right}
* * ExifTool * *是原始的perl庫和命令行應用程式用於讀取、寫入和編輯各種檔案格式 (JPEG , TIFF , PNG, PDF, RAW等的中繼資訊(Exif , IPTC , XMP...)。
它通常是其他Exif 移除應用程式的組件,並且在大多數 Linux 發行版儲存庫中。
[:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" }
[:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://exiftool.org)
- [:simple-apple: macOS](https://exiftool.org)
- [:simple-linux: Linux](https://exiftool.org)
!!! 示例「從檔案目錄中刪除資料」
```bash
exiftool -all= *.file_extension
```
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 為開源作業系統開發的應用程式必須是開源的。
- 應用程式必須是免費的,不應包含廣告或其他限制。

362
i18n/zh-Hant/desktop-browsers.md Normal file
View File

@@ -0,0 +1,362 @@
---
title: "Desktop Browsers"
icon: material/laptop
description: These web browsers provide stronger privacy protections than Google Chrome.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Desktop Browser Recommendations
url: "./"
relatedLink: "../mobile-browsers/"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Mullvad Browser
image: /assets/img/browsers/mullvad_browser.svg
url: https://mullvad.net/en/browser
applicationCategory: Web Browser
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Firefox
image: /assets/img/browsers/firefox.svg
url: https://firefox.com
sameAs: https://en.wikipedia.org/wiki/Firefox
applicationCategory: Web Browser
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
sameAs: https://en.wikipedia.org/wiki/Brave_(web_browser)
applicationCategory: Web Browser
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@type": WebPage
url: "./"
---
These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. We recommend [Mullvad Browser](#mullvad-browser) if you are focused on strong privacy protections and anti-fingerprinting out of the box, [Firefox](#firefox) for casual internet browsers looking for a good alternative to Google Chrome, and [Brave](#brave) if you need Chromium browser compatibility.
If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. We make some configuration recommendations on this page, but all browsers other than Tor Browser will be traceable by *somebody* in some manner or another.
## Mullvad Browser
!!! recommendation
![Mullvad Browser logo](assets/img/browsers/mullvad_browser.svg){ align=right }
**Mullvad Browser** is a version of [Tor Browser](tor.md#tor-browser) with Tor network integrations removed, aimed at providing Tor Browser's anti-fingerprinting browser technologies to VPN users. It is developed by the Tor Project and distributed by [Mullvad](vpn.md#mullvad), and does **not** require the use of Mullvad's VPN.
[:octicons-home-16: Homepage](https://mullvad.net/en/browser){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mullvad.net/en/help/tag/mullvad-browser/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/applications/mullvad-browser){ .card-link title="Source Code" }
??? downloads
- [:simple-windows11: Windows](https://mullvad.net/en/download/browser/windows)
- [:simple-apple: macOS](https://mullvad.net/en/download/browser/macos)
- [:simple-linux: Linux](https://mullvad.net/en/download/browser/linux)
Like [Tor Browser](tor.md), Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default [security levels](https://tb-manual.torproject.org/security-settings/). Other modifications would make your fingerprint unique, defeating the purpose of using this browser. If you want to configure your browser more heavily and fingerprinting is not a concern for you, we recommend [Firefox](#firefox) instead.
### Anti-Fingerprinting
**Without** using a [VPN](vpn.md), Mullvad Browser provides the same protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) as other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
==For the strongest anti-fingerprinting protection, we recommend using Mullvad Browser in conjunction **with** a VPN==, whether that is Mullvad or another recommended VPN provider. When using a VPN with Mullvad Browser, you will share a fingerprint and a pool of IP addresses with many other users, giving you a "crowd" to blend in with. This strategy is the only way to thwart advanced tracking scripts, and is the same anti-fingerprinting technique used by Tor Browser.
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically [don't recommend](#extensions) adding *additional* browser extensions, these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
### Private Browsing Mode
Mullvad Browser operates in permanent private browsing mode, meaning your history, cookies, and other site data will always be cleared every time the browser is closed. Your bookmarks, browser settings, and extension settings will still be preserved.
This is required to prevent advanced forms of tracking, but does come at the cost of convenience and some Firefox features, such as Multi-Account Containers. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise don't work properly in Mullvad Browser, and Mullvad Browser for general browsing.
### Mullvad Leta
Mullvad Browser comes with DuckDuckGo set as the default [search engine](search-engines.md), but it also comes preinstalled with **Mullvad Leta**, a search engine which requires an active Mullvad VPN subscription to access. Mullvad Leta queries Google's paid search API directly (which is why it is limited to paying subscribers), however because of this limitation it is possible for Mullvad to correlate search queries and Mullvad VPN accounts. For this reason we discourage the use of Mullvad Leta, even though Mullvad collects very little information about their VPN subscribers.
## Firefox
!!! recommendation
![Firefox logo](assets/img/browsers/firefox.svg){ align=right }
**Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks).
[:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/firefox/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://firefox-source-docs.mozilla.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.mozilla.org/){ .card-link title=Contribute }
??? downloads
- [:simple-windows11: Windows](https://www.mozilla.org/firefox/windows)
- [:simple-apple: macOS](https://www.mozilla.org/firefox/mac)
- [:simple-linux: Linux](https://www.mozilla.org/firefox/linux)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.firefox)
!!! warning
Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/).
### Recommended Configuration
這些選項可以在 :material-menu: → **設定** → **隱私 & 安全性**中找到。
##### Enhanced Tracking Protection
- [x] Select **Strict** Enhanced Tracking Protection
This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability.
##### Sanitize on Close
If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data****Manage Exceptions...**
- [x] Check **Delete cookies and site data when Firefox is closed**
This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often.
##### Search Suggestions
- [ ] Uncheck **Provide search suggestions**
Search suggestion features may not be available in your region.
Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider.
##### 遙測
- [ ] Uncheck **Allow Firefox to send technical and interaction data to Mozilla**
- [ ] Uncheck **Allow Firefox to install and run studies**
- [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf**
> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs.
Additionally, the Firefox Accounts service collects [some technical data](https://www.mozilla.org/en-US/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out:
1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection)
2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts**
##### HTTPS-Only Mode
- [x] Select **Enable HTTPS-Only Mode in all windows**
This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing.
### Firefox Sync
[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE.
### Arkenfox (advanced)
!!! tip "Use Mullvad Browser for advanced anti-fingerprinting"
[Mullvad Browser](#mullvad-browser) provides the same anti-fingerprinting protections as Arkenfox out of the box, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Arkenfox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support.
Arkenfox only aims to thwart basic or naive tracking scripts through canvas randomization and Firefox's built-in fingerprint resistance configuration settings. It does not aim to make your browser blend in with a large crowd of other Arkenfox users in the same way Mullvad Browser or Tor Browser do, which is the only way to thwart advanced fingerprint tracking scripts. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise trust, and Mullvad Browser for general browsing.
## Brave
!!! recommendation
![Brave logo](assets/img/browsers/brave.svg){ align=right }
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
??? downloads annotate
- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
- [:simple-windows11: Windows](https://brave.com/download/)
- [:simple-apple: macOS](https://brave.com/download/)
- [:simple-linux: Linux](https://brave.com/linux/) (1)
1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc.
### Recommended Configuration
These options can be found in :material-menu: → **Settings**.
##### Shields
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
<div class="annotate" markdown>
- [x] Select **Prevent sites from fingerprinting me based on my language preferences**
- [x] Select **Aggressive** under Trackers & ads blocking
??? warning "Use default filter lists"
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
- [x] (Optional) Select **Block Scripts** (1)
- [x] Select **Strict, may break sites** under Block fingerprinting
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
##### Social media blocking
- [ ] Uncheck all social media components
##### Privacy and security
<div class="annotate" markdown>
- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [ ] Uncheck **Use Google services for push messaging**
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
- [ ] Uncheck **Automatically send daily usage ping to Brave**
- [ ] Uncheck **Automatically send diagnostic reports**
- [x] Select **Always use secure connections** in the **Security** menu
- [ ] Uncheck **Private window with Tor** (1)
!!! tip "Sanitizing on Close"
- [x] Select **Clear cookies and site data when you close all windows** in the *Cookies and other site data* menu
If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section.
</div>
1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](tor.md#tor-browser).
##### Extensions
Disable built-in extensions you do not use in **Extensions**
- [ ] Uncheck **Hangouts**
- [ ] Uncheck **WebTorrent**
##### Web3
<div class="annotate" markdown>
- [x] Select **Disabled** on Method to resolve IPFS resources (1)
</div>
1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
##### Additional settings
Under the *System* menu
<div class="annotate" markdown>
- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1)
</div>
1. This option is not present on all platforms.
### Brave Sync
[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
## Additional Resources
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. However, uBlock Origin may prove useful if you value content blocking functionality.
### uBlock Origin
!!! recommendation
![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right }
**uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts.
[:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" }
??? downloads
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak)
We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css).
##### Other lists
These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding:
- [x] Check **Privacy** > **AdGuard URL Tracking Protection**
- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt)
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 必須是開源軟體。
- Supports automatic updates.
- Receives engine updates in 0-1 days from upstream release.
- Available on Linux, macOS, and Windows.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Blocks third-party cookies by default.
- Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1]
### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- Includes built-in content blocking functionality.
- Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)).
- Supports Progressive Web Apps.
PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because you benefit from your browser's regular security updates.
- Does not include add-on functionality (bloatware) that does not impact user privacy.
- Does not collect telemetry by default.
- Provides open-source sync server implementation.
- Defaults to a [private search engine](search-engines.md).
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.
[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/).

183
i18n/zh-Hant/desktop.md Normal file
View File

@@ -0,0 +1,183 @@
---
title: "Desktop/PC"
icon: simple/linux
description: Linux distributions are commonly recommended for privacy protection and software freedom.
---
Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions.
- [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md)
## Traditional Distributions
### Fedora Workstation
!!! recommendation
![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right }
**Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org). These new technologies often come with improvements in security, privacy, and usability in general.
[:octicons-home-16: Homepage](https://getfedora.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months.
### openSUSE Tumbleweed
!!! recommendation
![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ align=right }
**openSUSE Tumbleweed** is a stable rolling release distribution.
openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem.
[:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary }
[:octicons-info-16:](https://doc.opensuse.org/){ .card-link title=Documentation}
[:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=Contribute }
Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality.
### Arch Linux
!!! recommendation
![Arch logo](assets/img/linux-desktop/archlinux.svg){ align=right }
**Arch Linux** is a lightweight, do-it-yourself (DIY) distribution meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions).
[:octicons-home-16: Homepage](https://archlinux.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://wiki.archlinux.org/){ .card-link title=Documentation}
[:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=Contribute }
Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently.
Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier.
A large portion of [Arch Linuxs packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org).
## Immutable Distributions
### Fedora Silverblue
!!! recommendation
![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ align=right }
**Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream.
[:octicons-home-16: Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation}
[:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute }
Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image.
After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed.
[Flatpak](https://www.flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image.
As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) to create [Podman](https://podman.io) containers with a shared home directory with the host operating system and mimic a traditional Fedora environment, which is a [useful feature](https://containertoolbx.org) for the discerning developer.
### NixOS
!!! recommendation
![NixOS logo](assets/img/linux-desktop/nixos.svg){ align=right }
NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability.
[:octicons-home-16: Homepage](https://nixos.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation}
[:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute }
NixOSs package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only.
NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system.
Nix the package manager uses a purely functional language - which is also called Nix - to define packages.
[Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config.
Nix is a source-based package manager; if theres no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible, thus making binaries reproducible.
## Anonymity-Focused Distributions
### Whonix
!!! recommendation
![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right }
**Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os).
[:octicons-home-16: Homepage](https://www.whonix.org/){ .md-button .md-button--primary }
[:simple-torbrowser:](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation}
[:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute }
Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden.
Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator.
Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system.
Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors.
### Tails
!!! recommendation
![Tails logo](assets/img/linux-desktop/tails.svg){ align=right }
**Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off.
[:octicons-home-16: Homepage](https://tails.boum.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation}
[:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute }
Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized.
Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device.
By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/persistent_storage/index.en.html) can be configured to store some data between reboots.
## Security-focused Distributions
### Qubes OS
!!! recommendation
![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right }
**Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers.
[:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary }
[:material-arrow-right-drop-circle: Overview](os/qubes-overview.md){ .md-button .md-button--primary }
[:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://www.qubes-os.org/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.qubes-os.org/doc/){ .card-link title=Documentation }
[:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute }
Qubes OS is a Xen-based operating system meant to provide strong security for desktop computing through secure virtual machines (VMs), also known as *Qubes*.
The Qubes OS operating system secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system. For further details see the Qubes [FAQ](https://www.qubes-os.org/faq/).
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
Our recommended operating systems:
- Must be open-source.
- Must receive regular software and Linux kernel updates.
- Linux distributions must support [Wayland](os/linux-overview.md#Wayland).
- Must support full-disk encryption during installation.
- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage.
- Must support a wide variety of hardware.

139
i18n/zh-Hant/dns.md Normal file
View File

@@ -0,0 +1,139 @@
---
title: "DNS解析器"
icon: material/dns
description: 我們建議切換到這些加密 DNS 提供商,以取代您 ISP 所預設的配置。
---
使用第三方伺服器的加密 DNS 只能避開基本的 [DNS 封鎖](https://en.wikipedia.org/wiki/DNS_blocking) ,當您確定不會有不良後果時。 加密的 DNS 無法為您隱藏瀏覽活動。
[了解更多 DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
## 推薦的 DNS 提供商
| DNS 提供者 | 隐私政策 | 協議 | 日誌記錄 | ECS | 篩選 |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------ | --- | --------------------------------------------------------------------------------------------------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | 一些[^1] | 不是 | 根據伺服器的選擇。 使用的過濾器列表可以在這裡找到。 [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | 明文 <br> DoH/3 <br> DoT | 一些[^2] | 不是 | 根據伺服器的選擇。 |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | 明文 <br> DoH/3 <br> DoT <br> DoQ | 可選[^3] | 不是 | 根據伺服器的選擇。 |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | 否[^4] | 不是 | 根據伺服器的選擇。 正在使用的過濾器列表可以在這裡找到。 [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | 明文 <br> DoH/3 <br> DoT | 可選[^5] | 可選的 | 根據伺服器的選擇。 |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | 明文 <br> DoH <br> DoT <br> DNSCrypt | 一些[^6] | 可選的 | 根據伺服器選擇,預設會封鎖惡意程式碼。 |
## 標準
**請注意,我們這裏所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用任何項目之前先熟悉此列表,並進行自己的研究,以確保您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請[在我們的論壇上提問] (https://discuss.privacyguides.net/latest) ,不要因為未列出而認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個專案時,會考慮和討論許多因素,記錄每一個項目都是一件持續的工作。
- 必須支援 [ DNSSEC ](advanced/dns-overview.md#what-is-dnssec)。
- [QNAME 最小化](advanced/dns-overview.md#what-is-qname-minimization).
- 可讓 [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs)禁用 。
- 首選 [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) 支援或地理轉向支援。
## 原生作業系統支援
### Android
Android 9 以上版本支持 DoT (DNS over TLS)。 設定方式可以在以下位置找到: **設定** &rarr; **網路 & 網際網路** &rarr; **私人 DNS**
### Apple裝置
最新版本的 iOS、iPadOS、tvOS 和 macOS 都支持 DoT 和 DoH。 這兩個通訊協議都透過 [組態檔](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) 或透過 [DNS 設定 API ](https://developer.apple.com/documentation/networkextension/dns_settings)獲得原生支援。
安裝設定設定檔或使用 DNS 設定API 的應用程式後,即可選擇 DNS 設定。 如果啟用 VPN 隧道內的解析將使用 VPN 的 DNS 設置,而不是設備系統的設置。
#### 已簽署的設定檔
Apple不提供用於建立加密DNS設定檔的原生介面。 [Secure DNS profile creator](https://dns.notjakob.com/tool.html) 是一款非正式工具用以建立您自己的加密 DNS 設定檔。不過這個軟體並未得到簽署。 最好是簽署過個人資設定檔;簽署會驗證個人資料的來源,並有助於確保個人資料的完整性。 綠色的「已驗證」標籤會提供給已簽署的配置文件。 代碼簽名的詳細資訊,請參閱 [關於代碼簽名](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)。 由 [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html)、 [NextDNS](https://apple.nextdns.io)和 [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/)提供的**簽名設定檔** 。
!!! 資訊
許多 Linux 發行版用來進行DNS查詢的`systemd-resolved` 還不[支援 DoH] (https://github.com/systemd/systemd/issues/8639)。 如果要使用 DoH ,您需要安裝一個類似 [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy)的代理,並[設定] (https://wiki.archlinux.org/title/Dnscrypt-proxy)讓系統解析器獲取所有 DNS 查詢,並透過 HTTPS 轉發。
## 加密的DNS代理
加密DNS代理軟體提供了一個本地代理用於將 [個未加密的DNS](advanced/dns-overview.md#unencrypted-dns) 解析器轉發到。 通常,它用於原本不支持 [加密 DNS ](advanced/dns-overview.md#what-is-encrypted-dns)的平臺。
### RethinkDNS
!!! recommendation
! [RethinkDNS logo] (assets/img/android/rethinkdns.svg#only-light) {align = right}
! [RethinkDNS logo] (assets/img/android/rethinkdns-dark.svg#only-dark) {align = right}
* * RethinkDNS * *是一個開源 Android 用戶端工具,支持 [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh)、 [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot)、 [DNSCrypt](advanced/dns-overview.md#dnscrypt)和 DNS 代理以及快取DNS 回應、本地記錄 DNS 查詢,也可用作防火牆。
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
### dnscrypt-proxy
!!! recommendation
! [dnscrypt-proxy logo] (assets/img/dns/dnscrypt-proxy.svg) {align = right}
* * dnscrypt-proxy * *是 DNS 代理,支持 [DNSCrypt](advanced/dns-overview.md#dnscrypt)、 [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh)和[Anonymized DNS] (https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS)。
!!! 警告 "匿名化 DNS 功能[* * 不會 * *] (advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)匿名化其他網路流量。
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
## 自主託管方案
在被控制平臺,自主託管 DNS 可提供有用的過濾,例如智能電視和其他物聯網設備,因為不需要客戶端軟件。
### AdGuard首頁
!!! recommendation
! [AdGuard 首頁標誌] (assets/img/dns/adguard-home.svg) {align = right}
* * AdGuard * *是一個開源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) ,使用[DNS 過濾] (https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)來封鎖不需要的網頁內容,例如廣告。
AdGuard 首頁提供精美的網頁介面,可查看有用資訊並管理被封鎖的內容。
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
### Pi-hole
!!! recommendation
! [Pi-hole logo] (assets/img/dns/pi-hole.svg) {align = right}
* * Pi-hole * *是一個開源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) ,它使用 [DNS 篩選] (https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)來阻止不需要的網頁內容,例如廣告。
Pi-hole 設計應用在 Raspberry Pi ,但它不限於這種硬體。 該軟體良好的 Web 界面,可查看有用資訊和管理被阻止的內容。
[:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
[^1]: AdGuard 儲存其 DNS 伺服器的總和效能指標,即對特定伺服器的全部請求數量、被封鎖的請求數量,以及處理請求的速度。 他們還會保存和儲存過去24小時內所請求的網域資料庫。 我們需要這些資訊來識別和阻止新的追蹤器和威脅。 我們還記錄了這些追蹤器被封鎖的次數。 我們需要這些資訊以便在過濾器中刪除過時的規則。 [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare 僅收集並儲存發送至 1.1.1.1解析器的有限 DNS 查詢資料。 1.1.1.1解析器服務不會記錄個人資料且大部分有限的非個人識別查詢資料僅存儲25小時。 [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D 只有記錄使用自定義 DNS 配置的高級解析器。 免費解析器不記錄數據。 [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad 的 DNS 服務可供 Mullvad VPN 的訂閱者和非訂閱者使用。 他們的隱私政策明確聲稱他們不會以任何方式記錄 DNS 請求。 [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS 可以在選擇加入的基礎上提供洞察和記錄功能。 您可以選擇保留的任何日誌選擇時間長短和日誌儲存位置。 如果沒有特別要求,則不會記錄任何數據。 [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9會收集一些資料以進行威脅監控和回應。 然後這些資料會被重新混合與共享,例如用於安全研究。 Quad9 不會收集或記錄 IP 位址或其他他們認為可識別個人身份的資料。 [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)

238
i18n/zh-Hant/email-clients.md Normal file
View File

@@ -0,0 +1,238 @@
---
title: "電子郵件客戶端程式"
icon: material/email-open
description: 這些電子郵件客戶端尊重隱私並支持OpenPGP電子郵件加密。
---
我們的推薦清單包含支援 [OpenPGP](encryption.md#openpgp) 和如[Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth)強認證的電子郵件用戶端 。 OAuth允許您使用 [多因素驗證](basics/multi-factor-authentication.md) 並防止帳戶被盜。
??? 警告:「電子郵件不提供前向保密」
當使用端到端加密( E2EE 技術如OpenPGP )時,電子郵件仍然會有一些未在電子郵件標頭中加密的[一些中繼數據] email.md#email-metadata-overview )。
OpenPGP 也不支援[前向保密] (https://en.wikipedia.org/wiki/Forward_secrecy) ,這意味著如果你或收件人的私鑰被盜,所有以前用它加密的訊息都會被曝光: [如何保護我的私鑰?] (basics/email-security.md)考慮使用提供前向保密的媒介:
[通時通訊] (real-time-communication.md){ .md-button }
## 跨平臺
### Thunderbird
!!! recommendation
! [Thunderbird logo] (assets/img/email-clients/thunderbird.svg) {align = right}
* * Thunderbird * *是一個免費、開源、跨平臺的電子郵件、新聞組、新聞提要和聊天(XMPP、IRC、Twitter)客戶端由Thunderbird 社區開發,之前由 Mozilla 基金會開發。
[:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation}
[:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" }
??? 下載
- [:simple-windows11: Windows](https://www.thunderbird.net)
- [:simple-apple: macOS](https://www.thunderbird.net)
- [:simple-linux: Linux](https://www.thunderbird.net)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird)
#### 建議配置
我們建議您變更其中一些設定讓Thunderbird更具私密性。
這些選項可以在 :material-menu: → **設定** → **隱私 & 安全性**中找到。
##### 網頁內容
- [ ]取消勾選 **記住我訪問過的網站和連結**
- [ ]取消勾選 **接受來自網站的cookie**
##### 遙測
- [ ]取消勾選 **允許Thunderbird 向Mozilla**發送技術和互動資訊。
#### Thunderbird-user.js (進階)
[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js),是一組配置選項,旨在禁用 Thunderbird 內過多的網頁瀏覽功能,以減少表面暴露並保持隱私。 其中一些更改是從 [Arkenfox 專案](https://github.com/arkenfox/user.js)中後移的。
## 平臺特定
### Apple Mail (macOS)
!!! recommendation
! [Apple Mail標誌] (assets/img/email-clients/applemail.png) {align = right}
* * Apple Mail * *包含在 macOS並可利用[GPG Suite] (encryption.md#gpg-suite)擴展支援 OpenPGP增加了發送PGP 加密電子郵件的能力。
[:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation}
### Canary Mail (iOS)
!!! recommendation
! [Canary Mail logo] (assets/img/email-clients/canarymail.svg) {align = right}
* * Canary Mail * *是一個付費的電子郵件用戶端,提供無縫的端到端加密安全功能,如生物識別應用程式鎖定。
[:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation}
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954)
- [:simple-windows11: Windows](https://canarymail.io/downloads.html)
!!! 警告
Canary Mail 最近才發布了 Windows 和 Android 用戶端,我們不認為它們已如 iOS和 Mac 用戶端一樣穩定。
Canary Mail 源碼為封閉式。 我們推薦它,因為 iOS 電子郵件客戶端支持 PGP E2EE 的選擇很少。
### FairEmail (Android)
!!! recommendation
! [FairEmail標誌] (assets/img/email-clients/fairemail.svg) {align = right}
* * FairEmail * *是一個極簡的開源電子郵件應用程式,使用開放標準(IMAP, SMTP, OpenPGP ),數據和電池使用量低。
[:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email)
- [:simple-github: GitHub](https://github.com/M66B/FairEmail/releases)
### GNOME Evolution (GNOME)
!!! recommendation
! [Evolution logo] (assets/img/email-clients/evolution.svg) {align = right}
* * Evolution * *是個人資訊管理應用程式,提供綜合郵件、行事曆和聯絡簿功能。 Evolution有廣泛的 [文檔](https://help.gnome.org/users/evolution/stable/)來幫助您開始。
[:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
[:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gnome.Evolution)
### K-9 Mail (Android)
!!! recommendation
! [K-9 Mail logo] (assets/img/email-clients/k9mail.svg) {align = right}
* * K-9 Mail * *是一個獨立的郵件應用程式,同時支援 POP3 和IMAP 郵箱,但只支援 IMAP 推送郵件。
未來 K-9 Mai l將成為[官方品牌] (https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html) Thunderbird Android 用戶端。
[:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" }
[:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9)
- [:simple-github: GitHub](https://github.com/k9mail/k-9/releases)
!!! 警告
當回覆郵件群組中的某人時,「回覆」選項也可能包括郵件群組。 如需更多資訊,請參閱[thundernest/k-9 # 3738] (https://github.com/thundernest/k-9/issues/3738)。
### Kontact (KDE)
!!! recommendation
! [Kontact logo] (assets/img/email-clients/kontact.svg) {align = right}
* * Kontact * *是來自 [KDE](https://kde.org)專案的個人資訊管理器(PIM)應用程式。 它提供了郵件客戶端、地址簿、待辦事項和 RSS 客戶端。
[:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? 下載
- [:simple-linux: Linux](https://kontact.kde.org/download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.kontact)
### Mailvelope (瀏覽器)
!!! recommendation
! [Mailvelope logo] (assets/img/email-clients/mailvelope.svg) {align = right}
* * Mailvelope * *是一個瀏覽器擴充功能,可按照 OpenPGP 加密標準交換加密電子郵件。
[:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" }
??? 下載
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc)
### NeoMutt (CLI)
!!! recommendation
! [NeoMutt logo] (assets/img/email-clients/mutt.svg) {align = right}
* * NeoMutt * *是 Linux 和 BSD 的開源命令行郵件閱讀器或MUA )。 它是 [Mutt](https://en.wikipedia.org/wiki/Mutt_ (email_client))的分支,具有附加功能。
NeoMutt 是一個文字指令的客戶端,具有陡峭的學習曲線。 然而,它有高度自制的特色。
[:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://neomutt.org/guide/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.paypal.com/paypalme/russon/){ .card-link title=Contribute }
??? 下載
- [:simple-apple: macOS](https://neomutt.org/distro)
- [:simple-linux: Linux](https://neomutt.org/distro)
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 為開源作業系統開發的應用程式必須是開源的。
- 必須不收集遙測,或有一個簡單的方法來禁用所有遙測。
- 必須支援OpenPGP訊息加密。
### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應該為開源的。
- 應為跨平臺。
- 預設情況下不應收集任何遙測。
- 應該原生支持OpenPGP ,即沒有擴展。
- 應該支持在本地存儲 OpenPGP 加密的電子郵件。

503
i18n/zh-Hant/email.md Normal file
View File

@@ -0,0 +1,503 @@
---
title: "電子郵件服務"
icon: material/email
description: 這些電子郵件提供商提供了一個好地方來安全地存儲您的電子郵件,也有不少能與其他供應商相互操作的 OpenPGP 加密。
---
電子郵件實際上是使用任何線上服務的必需品,但我們不建議把它應用於人與人之間的對話。 與其使用電子郵件聯繫他人,不如考慮使用支援前向保密的即時通訊媒介。
[推薦的即時通訊工具](real-time-communication.md ""){.md-button}
除此之外,我們還推薦各種基於可持續商業模式和內置安全和隱私功能的電子郵件提供商。
- [OpenPGP 兼容的郵件提供商 :material-arrow-right-drop-circle:](#openpgp-compatible-services)
- [其他加密提供者 :material-arrow-right-drop-circle:](#more-providers)
- [電子郵箱別名服務 :material-arrow-right-drop-circle:](#email-aliasing-services)
- [自主託管選項 :material-arrow-right-drop-circle:](#self-hosting-email)
## OpenPGP 兼容服務
這些供應商原生支持OpenPGP加密/解密和Web密鑰目錄 WKD 標準允許供應商無關的E2EE電子郵件。 例如, Proton Mail 用戶可以向 Mailbox.org 用戶發送 E2EE 消息,或者您可以從它支援的網際網路服務接收 OpenPGP 加密通知。
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
</div>
!!! 警告
當使用像 OpenPGP 這類 E2EE 技術時,電子郵件仍然會有一些未加密的元數據。 閱讀更多有關[電子郵件元數據] (basics/email-security.md#email-metadata-overview)的資訊。
OpenPGP 也不支持前向保密,這意味著如果你或收件人的私鑰被盜,所有以前用它加密的消息都會洩露。 [如何保護我的私鑰?] (basics/email-security.md#how-do-i-protect-my-private-keys)
### Proton Mail
!!! recommendation
! [Proton Mail logo] (assets/img/email/protonmail.svg) {align = right}
* * Proton Mail * *是一家專注於隱私、加密、安全性和易用性的電子郵件服務。 自* * 2013 年* *開始運營。 Proton AG 總部位於瑞士日內瓦。 免費帳戶有 500 MB 的存儲j容量。
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=ch.protonmail.android)
- [:simple-appstore: App Store] (https://apps.apple.com/app/apple-store/id979659905)
- [:simple-github: GitHub] (https://github.com/ProtonMail/proton-mail-android/releases)
- [:simple-windows11: Windows] (https://proton.me/mail/bridge#download)
- [:simple-apple: macOS] (https://proton.me/mail/bridge#download)
- [:simple-linux: Linux] (https://proton.me/mail/bridge#download)
- [:octicons-browser-16: Web] (https://mail.proton.me)
免費帳戶有一些功能限制,例如無法搜索正文文本和無法訪問 [Proton Mail Bridge](https://proton.me/mail/bridge),它可以用在 [推薦的桌面電子郵件客戶端](email-clients.md) 例如Thunderbird )。 付費帳戶包括Proton Mail Bridge、額外儲存空間和自訂網域支援等功能。 Proton Mail 應用程式於2021年11月9日由 [Securitum](https://research.securitum.com)提供 [認證函](https://proton.me/blog/security-audit-all-proton-apps) 。
如果您有 Proton Unlimited 、Business 或 Visionary 計劃,也可免費獲得 [SimpleLogin](#simplelogin) Premium。
Proton Mail 的內容崩潰報告 **不會**對其它第三方分享。 可以在以下位置停用此功能: **設定** > **前往設定** > **帳戶** > **安全和隱私** > **傳送崩潰報告**
#### :material-check:{ .pg-green } Custom Domains and Aliases
付費的 Proton Mail 訂閱者可以使用自定網域服務或 [通用電子郵件](https://proton.me/support/catch-all) 功能。 Proton Mail還支持 [子地址](https://proton.me/support/creating-aliases),這對於不想購買網域的人很有用。
#### :material-check:{ .pg-green } 私人付款方式
Proton Mail [除了標準信用卡/簽帳卡外,還接受](https://proton.me/support/payment-options) 現金郵寄, [比特幣](advanced/payments.md#other-coins-bitcoin-ethereum-etc)和 PayPal 付款。
#### :material-check:{ .pg-green } 帳戶安全
Proton Mail 支援使用 FIDO2 或 U2F標準 的 TOTP [雙因素驗證](https://proton.me/support/two-factor-authentication-2fa) 和 [硬體安全金鑰](https://proton.me/support/2fa-security-key) 。 使用硬體安全金鑰需要先設定 TOTP 雙因素驗證。
#### :material-check:{ .pg-green } 資料安全
在用戶未登入時Proton Mail 使用 [zero-access 加密技術](https://proton.me/blog/zero-access-encryption)來保護電子郵件[行事曆](https://proton.me/news/protoncalendar-security-model)的資料安全。 使用零訪問加密保護的數據只能由您訪問。
存儲在 [Proton 通錄](https://proton.me/support/proton-contacts)中的某些資訊,例如顯示名稱和電子郵件地址,並未使用零存取加密進行保護。 支援零存取加密的聯絡人欄位(例如電話號碼)會以掛鎖圖示顯示。
#### :material-check:{ .pg-green }電子郵件加密
Proton Mail 網頁郵件整合了 [OpenPGP 加密](https://proton.me/support/how-to-use-pgp) 。 發送到其他 Proton Mai l帳戶的電子郵件會自動加密並且可以在您的帳戶設置中輕鬆啟用使用 OpenPGP 金鑰對非 Proton Mail 地址進行加密。 它可以 [加密非 Proton Mail 郵件地址的訊息](https://proton.me/support/password-protected-emails),不必非得使用 Proton Mail 帳戶或 OpenPGP 之類的軟體。
Proton Mail 還支持通過 HTTP 的 [Web 密鑰目錄( WKD ](https://wiki.gnupg.org/WKD)發現公鑰。 這可讓非 Proton Mail 用戶可以輕鬆找到 Proton Mail 帳戶的 OpenPGP 金鑰,以利跨供應商進行 E2EE 。
#### :material-information-outline:{ .pg-blue } 帳戶終止
若您的付費帳戶逾期 14天[未付款](https://proton.me/support/delinquency) 您將無法讀取自己的資料。 30天後您的帳戶將標記為拖欠狀態無法再收取郵件。 在此期間,我們會繼續向你收費。
#### :material-information-outline:{ .pg-blue } 額外功能
Proton Mail 提供每月 9.99 歐元的“無限 Unlimited”帳戶除了提供多個帳戶、域名、別名和 500GB 儲存空間外,還可以使用 Proton VPN。
Proton Mail不提供數字遺產功能。
### Mailbox.org
!!! recommendation
! [Mailbox.org 標誌] (assets/img/email/mailboxorg.svg) {align = right}
* * Mailbox.org * *電子郵件服務,專注於安全、無廣告和使用 100% 民間環保發電能源。 自* * 2014 年* *開始運營。 Mailbox.org總部位於德國柏林。 初級帳戶有 2GB 儲存空間,可以根據需要升級。
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation}
??? downloads
- [:octicons-browser-16: Web](https://login.mailbox.org)
#### :material-check:{ .pg-green } Custom Domains and Aliases
Mailbox.org 可以使用自定網域,且支援 [通用電子郵件](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) 地址。 Mailbox.org 也支援 [子地址](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it),如果您不想購買網域,這很有用。
#### :material-check:{ .pg-green } 私人付款方式
Mailbox.org 不接受任何加密貨幣,因為他們的支付處理商 BitPay 暫停了德國業務。 不過他們可以收郵寄現金、銀行帳戶現金支付、銀行轉帳、信用卡、 PayPa l以及幾個德國特定處理商 paydirekt 和 Sofortüberweisung。
#### :material-check:{ .pg-green } 帳戶安全
Mailbox.org支援 [雙因素驗證](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) ,僅適用於他們的網絡郵件。 您可以通過 [Yubicloud ](https://www.yubico.com/products/services-software/yubicloud)使用 TOTP 或 [ Yubikey ](https://en.wikipedia.org/wiki/YubiKey) 。 Web 標準如 [WebAuthn ](https://en.wikipedia.org/wiki/WebAuthn) 尚不支援。
#### :material-information-outline:{ .pg-blue } 資料安全
Mailbox.org 允許使用 [加密郵箱](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox)對傳入郵件進行加密。 收到的新訊息將立即用您的公鑰加密。
但是, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange)---- Mailbox.org使用的軟件平臺 [不支持](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) 通訊錄和行事曆加密。 [獨立的選項](calendar.md) 可能更適合該資訊。
#### :material-check:{ .pg-green }電子郵件加密
Mailbox.org在他們的網絡郵件中有 [個集成的加密](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) 這簡化了向具有公開OpenPGP密鑰的人發送消息。 它們還允許 [遠端收件人解密 Mailbox.org伺服器上的電子郵件](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) 。 當遠端收件人沒有 OpenPGP 無法解密自己郵箱中的電子郵件時,此功能非常有用。
Mailbox.org 還支持通過 HTTP 的 [Web密鑰目錄 WKD ](https://wiki.gnupg.org/WKD)發現公鑰。 因此其它人可以輕鬆找到 Mailbox.org 帳戶的 OpenPGP 金鑰,便於跨提供者使用 E2EE。
#### :material-information-outline:{ .pg-blue } 帳戶終止
當合約到期後,您的帳戶將受到限制,在 [30天後它將被永久刪除](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract)。
#### :material-information-outline:{ .pg-blue } 額外功能
您可以透過 IMAP/SMTP 使用其 [.onion 服務](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org)存取您的 Mailbox.org 帳戶。 然而,他們的網頁郵件介面無法訪問其 .onion 服務,可能會遇到 TLS 憑證錯誤。
所有帳戶都附帶有限、[可以加密](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive)的雲端儲存空間 。 Mailbox.org 還提供別名 [@ secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely)它對郵件伺服器之間的連線強制進行TLS加密否則根本不會發送訊息。 Mailbox.org 除了支援 IMAP 和 POP3 等標準存取通訊協議外,還支援 [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) 。
Mailbox.org 所有方案都提供了數位遺產功能。 你可以選擇是否要將任何資料傳遞給繼承人,但對方必須提出你的遺囑證明。 或者,您可以通過姓名和地址提出人選。
## 更多供應商
這些提供商以零知識加密方式儲存您的電子郵件,使其成為保護儲存電子郵件安全的絕佳選擇。 但是,它們不支持供應商之間可相互操作 E2EE 通信的加密標準。
<div class="grid cards" markdown>
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>
### StartMail
!!! recommendation
! [StartMail logo] (assets/img/email/startmail.svg#only-light) {align = right}
! [StartMail標誌] (assets/img/email/startmail-dark.svg#only-dark) {align = right}
* * StartMail * *是一項電子郵件服務通過使用標準OpenPGP加密來關注安全和隱私。 StartMail 自 2014 年開始運營,總部位於荷蘭 Zeist Boulevard 11。 帳戶以10GB開始。 提供 30天的試用期。
[:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
??? 下載
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
#### :material-check:{ .pg-green } Custom Domains and Aliases
個人帳戶可以使用 [自定或系統生成](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) 別名。 也可用[自定網域](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) 。
#### :material-alert-outline:{ .pg-orange } 私人付款方式
StartMail 接受 Visa 、MasterCard 、American Express 信用卡和 Paypal。 StartMail還有其他 [付款選項](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) ,例如 [比特幣](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (目前僅適用於個人帳戶)和 SEPA 直接扣賬(使用超過一年的帳戶)。
#### :material-check:{ .pg-green } 帳戶安全
StartMail 只支援網頁郵件 [ TOTP 雙因素驗證](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA)。 他們無法透過 U2F 安全金鑰驗證。
#### :material-information-outline:{ .pg-blue } 資料安全
StartMail 還有 [零存取加密](https://www.startmail.com/en/whitepaper/#_Toc458527835),透過其「使用者保管庫」系統保護用戶未登入時的資料安全。 當您登入後,保管庫將被打開,並將電子郵件移出佇列,由相應的私鑰解密。
StartMail 支援匯入 [聯絡人](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) ,但它們只能在網頁郵件中存取,而不能透過 [ CalDAV ](https://en.wikipedia.org/wiki/CalDAV)等協議存取。 連絡人資料也不會使用零知識加密儲存。
#### :material-check:{ .pg-green }電子郵件加密
StartMail 網頁郵件 [整合了加密](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) 以便使用公開OpenPGP 密鑰發送加密消息。 但是,它們不支持 Web 密鑰目錄標準,這讓其他電子郵件提供商或客戶端軟體不容易找到 Startmail 郵箱的公鑰。
#### :material-information-outline:{ .pg-blue } 帳戶終止
若帳戶遲未按時繳款 StartMail 在[六個月內三階段警告](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration),最後會永久刪除帳戶。
#### :material-information-outline:{ .pg-blue } 額外功能
StartMail 允許在電子郵件中使用代理圖像。 如果您允許載入遠端影像發件人將不會知道您的IP位址。
Proton Mail不提供數字遺產功能。
### Tutanota
!!! recommendation
! [Tutanota標誌] (assets/img/email/tutanota.svg) {align = right}
* * Tutanota * * 使用加密、關注安全和隱私的電子郵件服務。 Tutanota自* * 2011 年* *開始運營,總部位於德國漢諾威。 免費帳戶有 1GB 儲存空間。
[:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609)
- [:simple-github: GitHub](https://github.com/tutao/tutanota/releases)
- [:simple-windows11: Windows](https://tutanota.com/#download)
- [:simple-apple: macOS](https://tutanota.com/#download)
- [:simple-linux: Linux](https://tutanota.com/#download)
- [:octicons-browser-16: Web](https://mail.tutanota.com/)
Tutanota 不支援 [ IMAP 協議](https://tutanota.com/faq/#imap) 或使用第三方 [電子郵件客戶端](email-clients.md),您也無法將 [外部電子郵件帳戶](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) 添加到 Tutanota應用程式。 目前不支援 [電子郵件匯入](https://github.com/tutao/tutanota/issues/630) 與 [子資料夾](https://github.com/tutao/tutanota/issues/927) ,但很快就 [會改善](https://tutanota.com/blog/posts/kickoff-import)。 電子郵件可以單個 [或選擇資料夾批量](https://tutanota.com/howto#generalMail)匯出 ,但若您有許多資料夾,可能會不方便。
#### :material-check:{ .pg-green } Custom Domains and Aliases
付費Tutanota 帳戶可以有5 [別名](https://tutanota.com/faq#alias) 和 [自定網域](https://tutanota.com/faq#custom-domain)。 Tutanota 不能 [子地址(加號 +定址)](https://tutanota.com/faq#plus),但您可以使用自定義域名的 [通用電于郵件](https://tutanota.com/howto#settings-global)功能 。
#### :material-information-outline:{ .pg-blue } 私人付款方式
Tutanota 僅接受信用卡和 PayPal ,但 [加密貨幣](cryptocurrency.md) 可用於通過其[ 合作伙伴 Proxystore ](https://tutanota.com/faq/#cryptocurrency) 購買禮品卡。
#### :material-check:{ .pg-green } 帳戶安全
Tutanota支援 TOTP 或 U2F 的 [雙因素驗證](https://tutanota.com/faq#2fa) 。
#### :material-check:{ .pg-green } 資料安全
Tutanota 提供 [未登入零存取](https://tutanota.com/faq#what-encrypted) 支援,其應用在電子郵件、 [通訊錄](https://tutanota.com/faq#encrypted-address-book)以及 [行事曆](https://tutanota.com/faq#calendar)。 這意味著儲存在您帳戶中的訊息和其他資料只有您能讀取。
#### :material-information-outline:{ .pg-blue } 電子郵件加密
Tutanota [不使用 OpenPGP ](https://www.tutanota.com/faq/#pgp)。 只能透過 [臨時 Tutanota郵箱](https://www.tutanota.com/howto/#encrypted-email-external)才能接收非Tutanota電子郵件帳戶寄出的加密電子郵件。
#### :material-information-outline:{ .pg-blue } 帳戶終止
Tutanota [刪除六個月未登入使用的免費帳戶](https://tutanota.com/faq#inactive-accounts) 。 付費後,可以重用激活已停用的免費帳戶。
#### :material-information-outline:{ .pg-blue } 額外功能
Tutanota 向非營利組織提供免費 [商業版本](https://tutanota.com/blog/posts/secure-email-for-non-profit) 或大幅折扣。
Tutanota 付費版還有一種 [Secure Connect](https://tutanota.com/secure-connect/)功能。 這可以確保客戶的業務聯繫使用 E2EE。 價格爲一年 € 240 歐元。
Tutanota不提供數字遺產功能。
## 郵箱別名
電子郵件別名服務可讓您輕鬆地為每次網站註冊生成一個新的電子郵件地址。 您電子郵件別名會自動把郵件轉發到您選擇的電子郵件地址,以隱藏您“主要”電子郵件地址和電子郵件提供商。 真正的電子郵件別名比許多提供商常用和支持的加地址更好這允許您創建別名如yourname +[anythinghere]@ example.com ,因為網站,廣告商和跟蹤網絡可以簡單地刪除+符號之後的任何內容,以知道您的真實電子郵件地址。
<div class="grid cards" markdown>
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
電子郵件別名可以作為一種保護措施,一旦您的電子郵件提供商停止運營。 在這種情況下,您可以輕鬆地將別名重新路由到新的電子郵件地址。 但這也意謂,您把信任轉移到另一家別名服務以繼續享用此功能。
使用專門的電子郵件別名服務比自定網域上的通用別名有許多好處:
- 有需要時,可以單獨開啟和關閉別名,防止網站隨機發送電子郵件給您。
- 從別名地址發送回覆,屏蔽真實電子郵件地址。
與「臨時電子郵件」服務相比,它們還有許多好處:
- 別名是永久性的,如果您需要接收密碼重設等內容,可以再次開啟別名。
- 電子郵件會發送到您信任的郵箱,而不是儲存在別名服務提供者。
- 臨時電子郵件服務通常會有公共郵箱,任何知道地址的人都可以訪問,別名則您所私有的。
我們建議的電子郵件別名供應商,可讓您在他們控制的網域上創建別名,或您支付適度的年費來自定網域。 如果您想要最大限度的控制,也可以自主託管。 但是,使用自定網域可能會有隱私上的缺點:如果您是唯一使用該自定網域的人,只需查看電子郵件地址中的網域名稱並忽略 (@) 符號之前的所有內容,即可輕鬆跟蹤您的動作。
使用別名服務需要信任您的電子郵件提供商和您的別名提供商如何對待您未加密的消息。 有些供應商會透過自動 PGP 加密來稍微減輕這種情況,傳送到最終信箱供應商之前加密所傳送的電子郵件,將您需要信任的各方數量從兩個減少到一個。
### AnonAddy
!!! recommendation
! [AnonAddy logo] (assets/img/email/anonaddy.svg#only-light) {align = right}
! [AnonAddy標誌] (assets/img/email/anonaddy-dark.svg#only-dark) {align = right}
* * AnonAddy * *可讓您在共享網域上免費創建 20 個網域別名,或無限制的「標準」別名,但後者匿名度低。
[:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
您可以創建的共享別名數量(以@ anonaddy.me等共享網域結束在AnonAddy的免費計劃上限制為20個在$ 12/年計劃上限制為50個。 您可以創建無限的標準別名(以 @[username].anonaddy.com 或付費方案上的自定域名) ,但是如前所述,這可能不利隱私,因為人們可以僅根據域名將您的標準別名綁定在一起。 無限共享別名的價格爲36美元/年。
值得注意的免費功能:
- [x] 20共享別名
- [x] 無限的別名
- [ ] No Outgoing Replies
- [x] 2 個收件人郵箱
- [x] 自動PGP加密
### SimpleLogin
!!! recommendation
! [Simplelogin logo] (assets/img/email/simplelogin.svg) {align = right}
* * SimpleLogin * *是一項免費服務,可在各種共享域名上提供電子郵件別名,並可選擇提供無限別名和自訂域名等付費功能。
[:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
- [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
SimpleLogin 在 2022年4 月 8 日被 [ Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) 買下。 如果您的主要郵箱使用質子郵件, SimpleLogin是一個不錯的選擇。 由於這兩種產品現在都由同一家公司擁有,您現在只需要信任單一實體。 我們預計 SimpleLogin 未來會與 Proton 產品更緊密地整合。 SimpleLogin 繼續支援轉寄至您所選擇的任何電子郵件供應商。 Securitum [在2022年初審核了](https://simplelogin.io/blog/security-audit/) SimpleLogin ,所有問題 [都已解決](https://simplelogin.io/audit2022/web.pdf)。
您可以在設定中將您的 SimpleLogin 帳戶與 Proton 帳戶連結。 如果您有 Proton Unlimited 、Business 或 Visionary 計劃,也可免費獲得 SimpleLogin Premium。
值得注意的免費功能:
- [x] 10共享別名
- [x] 無限回復
- [x] 1收件人郵箱
## 自主託管電子郵件
進階系統管理員可以考慮設定自己的電子郵件伺服器。 郵件伺服器需要注意和持續維護,以確保安全性和郵件傳遞的可靠性。
### 結合軟體解決方案
!!! recommendation
! [Mailcow logo] (assets/img/email/mailcow.svg) {align = right}
* * Mailcow * *是一個更先進的郵件伺服器,非常適合有豐富 Linux 經驗者。 它的 Docke r容器中擁有您需要的一切支援 DKIM 的郵件伺服器、防毒和垃圾郵件監控、具有SOGo 的 Webmail 和 ActiveSync 以及具有2FA 支援的網頁管理介面。
[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute }
!!! recommendation
! [Mail-in-a-Box logo] (assets/img/email/mail-in-a-box.svg) {align = right}
* * Mail-in-a-Box * *是部署 Ubuntu 郵件伺服器的自動設置腳本。 它的目標是讓人們更容易建立自己的郵件伺服器。
[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
為了更清楚手動設定方法,我們挑選了這兩篇文章:
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017)
## 標準
**請注意,我們與以下推薦的任何供應商並無瓜葛。** 除了 [我們的條件標準](about/criteria.md)外,我們還為任何希望獲得推薦的電子郵件供應商制定了一套明確要求,包括實施業界最佳做法,現代技術等。 我們建議您在選擇電子郵件提供商之前熟悉此列表,並進行自己的研究,以確保您選擇的電子郵件提供商是您的正確選擇。
### 技術
我們認為這些功能很重要,以便提供安全和最佳的服務。 您應該考慮提供商是否具有您需要的功能。
**最低合格要求:**
- 使用零存取加密技術全程加密電子郵件帳戶資料。
- 匯出功能為 [Mbox](https://en.wikipedia.org/wiki/Mbox) 或滙出符合 [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) 標準的個人.eml 格式。
- 允許使用者使用自己的 [網域名稱](https://en.wikipedia.org/wiki/Domain_name)。 自定網域名稱對用戶來說很重要,因為它允許用戶在使用服務時仍維持持自我代理,以防服務變差或被另一家不優先考慮隱私的公司收購。
- 在自有基礎設施上運作,即不建立在第三方電子郵件服務提供商之上。
**最佳案例:**
- 使用零存取加密對所有帳戶資料(通訊錄、行事曆等)進行加密。
- 網頁郵件整合 E2EE/PGP加密以更方便使用。
- 支援 [WKD](https://wiki.gnupg.org/WKD) 以改善透過HTTP發現公開的OpenPGP金鑰。 GnuPG 使用者可以透過輸入: `gpg --locate-key example_user@example.com` 取得金鑰。
- 支援外部使用者的臨時信箱。 當您想要發送加密的電子郵件時,這非常有用,而無需將實際副本發送給您的收件人。 這些電子郵件通常具有限定時效,之後會被自動刪除。 它們也不需要收件人配置任何像OpenPGP這樣的加密技術。
- 可提供 [onion 服務](https://en.wikipedia.org/wiki/.onion)的電子郵件服務供應商。
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) 支持.
- 為擁有自己網域的用戶提供通用地址或別名功能。
- 使用標準電子郵件存取協定,例如 IMAP、SMTP 或 [ JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol)。 標準存取協議確保客戶可以輕鬆下載所有電子郵件,一旦他們想切換到其它提供商。
### 隱私
我們希望所推薦的提供商盡可能少地收集客戶資料。
**最低合格要求:**
- 保護發件人的IP位址。 在 `Received` 標題欄位中過濾它。
- 除了使用者名稱和密碼外,不要求提供個人身份識別資訊(PII)。
- 符合 GDPR 的隱私政策
- 主機機房不要放在美國,因為 [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) [尚未改革](https://epic.org/ecpa/)。
**最佳案例:**
- 接受 [匿名付款選項](advanced/payments.md) [加密貨幣](cryptocurrency.md),現金,禮品卡等)
### 安全
電子郵件伺服器處理大量非常敏感的資料。 我們期望供應商採用行業最佳實踐來保護其會員。
**最低合格要求:**
- 使用 2FA 保護網頁郵件如TOTP。
- 無存取的靜態加密,如零存取加密。 提供者沒有其所持有資料的解密金鑰。 這可以防止流氓員工外洩所存取的資料或遠程對手通過獲得對伺服器的未經授權的訪問來竊取資料。
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 支持。
- 使用 [Hardenize](https://www.hardenize.com/)、 [testssl.sh ](https://testssl.sh/)或 [ Qualys SSL Labs ](https://www.ssllabs.com/ssltest)等工具進行剖繪時沒有TLS 錯誤或漏洞;這包括與憑證相關的錯誤和弱 DH參數例如導致 [ Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) 的錯誤。
- 伺服器套件偏好在TLS v1.3上可選),適用於支持正向保密和已驗證加密的強大密碼套件。
- 有效的 [MTA-STS](https://tools.ietf.org/html/rfc8461) 和[TLS-RPT](https://tools.ietf.org/html/rfc8460) 政策。
- 有效 [ DANE ](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) 紀錄。
- 有效的 [SPF ](https://en.wikipedia.org/wiki/Sender_Policy_Framework) 和 [ DKIM ](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) 記錄。
- 擁有適當的 [DMARC ](https://en.wikipedia.org/wiki/DMARC) 記錄和原則,或使用 [ ARC ](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) 進行驗證。 如果正在使用 DMARC 驗證,則必須將原則設置為 `拒絕``隔離`
- 伺服器套件最好為 TLS 1.2或更高版本以及 [ RFC8996](https://datatracker.ietf.org/doc/rfc8996/)計劃。
- 假設使用SMTP[SMTPS](https://en.wikipedia.org/wiki/SMTPS) 提交。
- 網站安全標準,例如:
- [HTTP 嚴格傳輸安全性](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- 如果從外部網域加載東西時,[子資源完整性](https://en.wikipedia.org/wiki/Subresource_Integrity) 。
- 必須支援檢視 [訊息表頭](https://en.wikipedia.org/wiki/Email#Message_header),因為它是確定電子郵件是否為網路釣魚嘗試的關鍵取證功能。
**最佳案例:**
- 支持硬體驗證,即 U2F 和 [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)。 U2F 和 WebAuthn 更安全,因為它們使用儲存於客戶端硬體設備上的私鑰來驗證人員,而使用 TOTP 時共享祕密則直接儲存在網頁伺服器和客戶端。 再者 U2F 和 WebAuthn 更能抵抗網絡釣魚,因為它們的驗證回應是基於已驗證過的 [域名](https://en.wikipedia.org/wiki/Domain_name)。
- [DNS憑證授權機構授權(CAA)資源記錄](https://tools.ietf.org/html/rfc6844) 除了DANE支持。
- 實現 [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain),這對於發佈郵件列表 [RFC8617](https://tools.ietf.org/html/rfc8617)非常有用。
- 漏洞獎勵計劃和/或協調漏洞披露過程。
- 網站安全標準,例如:
- [內容安全策略(CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
### 信任
您不會把財務資料給身份作假的人,那麼為什麼會信任讓他們來使用您的電子郵件? 我們要求我們推薦的供應商公開其所有權或領導層級狀況。 我們也希望看到頻繁的透明度報告,特別是關於如何處理政府要求的報告。
**最低合格要求:**
- 面向公眾的領導或所有權。
**最佳案例:**
- 面向公眾的領導
- 頻繁的透明度報告。
### 行銷
對於所推薦的電子郵件供應商,我們樂見其負責任的營銷。
**最低合格要求:**
- 必須自主託管資料分析沒有Google Analytics、Adobe Analytics等。 對於那些希望選擇退出者,供應商的網站還必須符合 [DNT (請勿追蹤)](https://en.wikipedia.org/wiki/Do_Not_Track) 。
不得有任何不負責任的行銷:
- 宣稱破解不了的加密 使用加密時應意識到,當有一天技術足以破解它時,它就不再是祕密的。
- 保證 100% 匿名性保護。 當有人聲稱某件事是100 %時,這意味著失敗沒有確定性。 我們知道人們可以很容易地以多種方式去匿名化自己,例如:
- 用戶在無使用匿名軟件( Tor VPN等時訪問留下個人資料電子郵件帳戶、獨特的假名等被一再使用
- [瀏覽器指紋](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
**最佳案例:**
- 清晰易讀的文件。 這包括諸如設置 2FA 、電子郵件客戶端、OpenPGP等。
### 附加功能
雖然不是嚴格要求,但我們在決定推薦哪些提供商時還會考慮其他一些便利或隱私因素。

356
i18n/zh-Hant/encryption.md Normal file
View File

@@ -0,0 +1,356 @@
---
title: "加密軟體"
icon: material/file-lock
description: 數據加密是控制誰可以訪問它的唯一方法。 這些工具允許您加密電子郵件和任何其他檔案。
---
數據加密是控制誰可以訪問它的唯一方法。 如果您目前沒有為您的硬盤,電子郵件或文件使用加密軟件,您應該在這裡選擇一個選項。
## 多平臺
此處列出的選項是多平臺的,非常適合建立資料的加密備份。
### Cryptomator (雲端)
!!! recommendation
! [Cryptomator logo] (assets/img/encryption-software/cryptomator.svg) {align = right}
* * Cryptomator * *是一種加密解決方案,專為將檔案私密保存到任何雲端提供商而設計。 它允許您創建存儲在虛擬驅動器上的保管庫,其內容已加密並與雲端儲存供應商同步。
[:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163)
- [:simple-android: Android](https://cryptomator.org/android)
- [:simple-windows11: Windows](https://cryptomator.org/downloads)
- [:simple-apple: macOS](https://cryptomator.org/downloads)
- [:simple-linux: Linux](https://cryptomator.org/downloads)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator)
Cryptomator 使用 AES-256 加密來加密檔案和檔案名稱。 Cryptomator 無法加密中繼資料,例如存取、修改和創建時間戳記,也無法加密檔案和資料夾的數量和大小。
一些 Cryptomator 加密程式庫 [已被Cure53審核](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) 。 稽核程式庫的範圍包括: [cryptolib](https://github.com/cryptomator/cryptolib)、 [cryptofs](https://github.com/cryptomator/cryptofs)、 [siv-mode](https://github.com/cryptomator/siv-mode) 和 [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor)。 審計並未包含[cryptolib-swift](https://github.com/cryptomator/cryptolib-swift)它是 Cryptomator 運用在 iOS 程式庫。
Cryptomator 詳細介紹了其預期的 [安全目標](https://docs.cryptomator.org/en/latest/security/security-target/)、[安全架構](https://docs.cryptomator.org/en/latest/security/architecture/)和 [最佳實踐](https://docs.cryptomator.org/en/latest/security/best-practices/) ,以進一步詳細使用。
### Picocrypt (檔案)
!!! recommendation
! [Picocrypt logo] (assets/img/encryption-software/picocrypt.svg) {align = right}
* * Picocrypt * *是一個小而簡單的加密工具,提供現代加密。 Picocrypt 使用安全的 XChaCha20 密碼和 Argon2id 密鑰派生功能來提供高級別的安全性。 它使用 Go 標準x/crypto 模塊作為其加密功能。
[:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases)
- [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases)
### VeraCrypt (磁碟)
!!! recommendation
! [VeraCrypt logo] (assets/img/encryption-software/veracrypt.svg#only-light) {align = right}
! [VeraCrypt logo] (assets/img/encryption-software/veracrypt-dark.svg#only-dark) {align = right}
* * VeraCrypt * *是一個開源的免費軟件實用程式,用於即時加密。 它可以在檔案中建立虛擬加密磁碟、加密分割區,或透過預先啟動驗證來加密整個儲存裝置。
[:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary }
[:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html)
- [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html)
VeraCrypt是已停產的 TrueCrypt 項目的分支。 根據其開發人員的說法已經實施了安全性改進並解決了最初的TrueCrypt 代碼審計提出的問題。
使用 VeraCrypt 加密時,您可以選擇不同的 [哈希函數](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme)。 我們建議您只需 **** 選擇 [SHA-512](https://en.wikipedia.org/wiki/SHA-512) 並堅持 [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) 區塊密碼。
Truecrypt 已完成[多次審計](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits),而 VeraCrypt 也曾接受 [獨立審計](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit)。
## 作業系統完整磁碟加密
現代作業系統包括 [FDE](https://en.wikipedia.org/wiki/Disk_encryption) ,並將有一個 [安全的加密處理器](https://en.wikipedia.org/wiki/Secure_cryptoprocessor)。
### BitLocker
!!! recommendation
! [BitLocker logo] (assets/img/encryption-software/bitlocker.png) {align = right}
* * BitLocker * *是 Microsoft Windows 捆綁的全磁區加密解決方案。 我們推薦它的主要原因是[使用 TPM] (https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm)。 取證公司[ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft)在[Understanding BitLocker TPM Protection] (https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/)中撰寫了有關此問題的文章。
[:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation}
BitLocker [僅支援](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) Windows 專業版、企業版和教育版。 它可以在家庭版上啓用,只要符合先決條件。
??? 示例“在Windows Home上啓用BitLocker”
若要在 Windows 家用版啟用 BitLocker ,必須使用 [GUID 分割表] (https://zh.wikipedia.org/wiki/GUID_Partition_Table)格式化的分割區並且具有專用的TPM (v1.2, 2.0+)模組。
1. 開啟命令提示符,並使用以下命令檢查磁碟機的分區表格格式。 您應該會在“分區樣式”下方看到“**GPT**”
```
powershell Get-Disk
```
2. 在管理員命令提示符中執行此命令以檢查您的TPM版本。 您應該會在 `個SpecVersion`旁邊看到 `2.0` 或 `1.2`
```
powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm
```
3. 訪問[進階啟動選項](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). 重新啟動時需要在 Windows 啟動前按下F8 鍵,然後進入 *命令提示符* in **疑難排解** → **進階選項** → **命令提示符**。
4. 使用管理員帳戶登入並在命令提示符中輸入指令以開始加密:
```
manage-bde -on c: - used
```
5. 關閉命令提示符並繼續啟動正常Windows。
6. 打開 admin 命令提示符並運行以下命令:
```
manage-bde c: -protectors -add -rp -tpm
manage-bde -protectors -enable c:
manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt
```
!!! 訣竅
將桌面上的「BitLocker-Recovery-Key.txt」備份到單獨的儲存裝置。 若遺失恢復代碼可能會導致資料無法回復。
### FileVault
!!! recommendation
! [FileVault logo] (assets/img/encryption-software/filevault.png) {align = right}
* * FileVault * *是 macOS 內建的即時磁區加密方案。 建議使用FileVault ,因為它打抵擋 Apple siliconSoC 或 T2 安全晶片[硬體安全問題](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web)。
[:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation}
我們建議您將本地恢復金鑰存放在安全的地方而不是使用您的iCloud 帳戶進行恢復。
### Linux Unified Key設定
!!! recommendation
! [LUKS logo] (assets/img/encryption-software/luks.png) {align = right}
* * LUKS * *是 Linux 預設 FDE 方法。 它可用於加密整個磁區、分割區或建立加密容器。
[:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" }
??? 示例"建立和開啟加密容器"
```
dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress
sudo cryptsetup luksFormat /path-to-file
```
#### 開啟加密容器
建議使用'udisksctl`開啟容器和磁區,因為這使用 [Polkit](https://en.wikipedia.org/wiki/Polkit)。 大多數檔案管理器,例如流行的桌面環境中包含的檔案管理器,都可以解鎖加密的檔案。 [udiskie](https://github.com/coldfix/udiskie) 這類工具執行在系統常駐區並提供有用的使用介面。
```
udisksctl loop-setup -f /path-to-file
udisksctl unlock -b /dev/loop0
```
!!! 備註 "記得備份磁區標頭"
我們建議您務必[備份您的LUKS標頭] (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore)以防部分驅動器故障。 可以通過以下方式完成:
```
cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
```
## 瀏覽器端
當您需要加密檔案但無法在裝置上安裝軟體或應用程式時,透過瀏覽器來加密可能很有用。
### hat.sh
!!! recommendation
! [hat.sh logo] (assets/img/encryption-software/hat-sh.png#only-light) {align = right}
! [hat.sh logo] (assets/img/encryption-software/hat-shark.png#only-dark) {align = right}
* * Hat.sh * *是一款在瀏覽器中提供安全用戶端檔案加密的網頁應用程式。 它也可以是自行託管,如果您需要加密文件,但由於組織政策無法在設備上安裝任何軟件,這個方法將非常有用。
[:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary }
[:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" }
## 命令列
命令行界面的工具可用於集成 [shell 腳本](https://en.wikipedia.org/wiki/Shell_script)。
### Kryptor
!!! recommendation
! [Kryptor logo] (assets/img/encryption-software/kryptor.png) {align = right}
* * Kryptor * *是一個免費的開源文件加密和簽名工具,利用現代安全的加密算法。 它旨在成為更好版本的 [age](https://github.com/FiloSottile/age)和 [Minisign](https://jedisct1.github.io/minisign/),提供一個簡單,更容易的 GPG 替代品。
[:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://www.kryptor.co.uk)
- [:simple-apple: macOS](https://www.kryptor.co.uk)
- [:simple-linux: Linux](https://www.kryptor.co.uk)
### Tomb
!!! recommendation
! [Tomb logo] (assets/img/encryption-software/tomb.png) {align = right}
* * Tomb * *是 LUKS 的命令行 shell 包裝器。 它通過[第三方工具] (https://github.com/dyne/Tomb#how-does-it-work)支持隱寫。
[:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute }
## OpenPGP
OpenPGP 有時需要執行特定任務,例如數位簽署和加密電子郵件。 PGP具有許多功能但也有爭議 [複數](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) ,因為它已經存在了很長時間。 對於簽署或加密檔案等任務,我們建議您使用上述選項。
使用 PGP 加密時,您可以選擇在 `gpg.conf` 檔案中設定不同的選項。 我們建議您繼續使用 [ GnuPG 用戶常見問題集](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf)中指定的標準選項。
!!! 訣竅 "在生成金鑰時使用未來的預設值"
[生成密鑰] (https://www.gnupg.org/gph/en/manual/c14.html)時,建議使用`future-default`命令,因為這將指示 GnuPG 使用現代密碼學,例如 [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History)和 [Ed25519](https://ed25519.cr.yp.to/)
```bash
gpg --quick-gen-key alice@example.com future-default
```
### GNU Privacy Guard
!!! recommendation
! [GNU Privacy Guard logo] (assets/img/encryption-software/gnupg.svg) {align = right}
* * GnuPG * *是 GPL授權的加密軟體 PGP 替代品。 GnuPG 符合[RFC 4880] (https://tools.ietf.org/html/rfc4880) ,這是目前 OpenPGP 的 IETF 規範。 GnuPG 專案一直致力於[更新] (https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) 試圖現代化OpenPGP。 GnuPG 是自由軟體基金會GNU 軟體項目的一部分,並已收到德國政府的重大 [資助](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html)。
[:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
- [:simple-apple: macOS](https://gpgtools.org)
- [:simple-linux: Linux](https://gnupg.org/download/index.html#binary)
### GPG4win
!!! recommendation
! [GPG4win logo] (assets/img/encryption-software/gpg4win.svg) {align = right}
* * GPG4win * *是[Intevation and g10 Code] (https://gpg4win.org/impressum.html) 的Windows 套件。 它包括[各種工具] (https://gpg4win.org/about.html) ,可協助您在 Microsoft Windows 上使用GPG。 該項目最初由德國聯邦信息安全辦公室 (BSI )於2005年發起並[資助](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography)。
[:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" }
[:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://gpg4win.org/download.html)
### GPG Suite
!!! 備註
我們建議[Canary Mail] (email-clients.md#canary-mail)在iOS裝置上使用PGP和電子郵件。
!!! recommendation
! [GPG Suite logo] (assets/img/encryption-software/gpgsuite.png) {align = right}
* * GPG Suite * *爲 [Apple Mail] (email-clients.md#apple-mail)和macOS 提供OpenPGP 支持。
我們建議您查看他們的[第一步指南] (https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email)和[使用知識庫] (https://gpgtools.tenderapp.com/kb)以取得支援。
[:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" }
??? 下載
- [:simple-apple: macOS](https://gpgtools.org)
### OpenKeychain
!!! recommendation
! [OpenKeychain logo] (assets/img/encryption-software/openkeychain.svg) {align = right}
* * OpenKeychain * *是 GnuPG 的Android 實作。 郵件客戶端通常需要它,例如[K-9 Mail] email-clients.md#k-9-mail )和 [FairEmail] email-clients.md#fairemail )以及其他 Android 應用程序提供加密支持。 Cure53 於2015年10月完成了 OpenKeychain 3.6 的[安全審核] (https://www.openkeychain.org/openkeychain-3-6)。 審核 OpenKeychain 方案的[技術細節在此](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015)。
[:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 跨平臺加密應用程序必須是開源的。
- 檔案加密應用程式必須支援 Linux、macOS 和 Windows 的解密。
- 外部磁碟加密應用程式必須支援 Linux、macOS 和 Windows 的解密。
- 作業系統內部磁碟加密應用程式必須是跨平臺或原生內建作業系統。
### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 作業系統(FDE)加密應用程式應使用硬體安全性,例如 TPM 或Secure Enclave。
- 檔案加密應用程式應有自己的或第三方支援行動平臺。

147
i18n/zh-Hant/file-sharing.md Normal file
View File

@@ -0,0 +1,147 @@
---
title: "文件共享和同步"
icon: material/share-variant
description: 探索如何在不同裝置、與朋友和家人私下分享檔案,或匿名上線。
---
探索如何在裝置之間、與朋友和家人私下分享檔案,或匿名上線。
## 檔案分享
### Send
!!! recommendation
! [Send logo] (assets/img/file-sharing-sync/send.svg) {align = right}
* * Send * *是分支自 Mozilla 已停止的 Firefox Send服務它允許您使用鏈接將檔案發送給其他人。 檔案在您的裝置上已加密,因此無法被伺服器讀取,並且它們也可以選擇受密碼保護。 Send 維護者託管[公共實例] (https://send.vis.ee/)。 你可以利用其他公開實例,也可以自行託管 Send。
[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
Send 可利用網頁界面或文字指令 [ffsend](https://github.com/timvisee/ffsend) 來傳送檔案。 如果您熟悉命令行並經常發送檔案我們建議您使用文字指令的用戶端以避免基於JavaScript 的加密。 您可以利用 `--host` 指令來標記使用特定的伺服器:
```bash
ffsend upload --host https://send.vis.ee/ FILE
```
### OnionShare
!!! recommendation
! [OnionShare logo] (assets/img/file-sharing-sync/onionshare.svg) {align = right}
* * OnionShare * *是一個開源工具,可讓您安全匿名地共享任何大小的檔案。 它的工作原理是啟動可作為 Tor 洋蔥服務訪問的網頁伺服器具有一個無法猜測的URL ,您可以與收件人共享以下載或發送檔案。
[:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
??? 下載
- [:simple-windows11: Windows](https://onionshare.org/#download)
- [:simple-apple: macOS](https://onionshare.org/#download)
- [:simple-linux: Linux](https://onionshare.org/#download)
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 不得將解密的資料儲存在遠端伺服器上。
- 必須是開源軟體。
- 必須有 Linux、macOS 和 Windows 用戶端;或 Web 網頁界面。
## FreedomBox
!!! recommendation
! [FreedomBox logo] (assets/img/file-sharing-sync/freedombox.svg) {align = right}
* * FreedomBox * *是設計在[單板電腦(SBC)] (https://en.wikipedia.org/wiki/Single-board_computer)上執行的作業系統。 其目的是讓設置自主託管的伺服器應用程式變得容易。
[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
[:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute }
## 文件同步
### Nextcloud (客戶端-伺服器)
!!! recommendation
! [Nextcloud logo] (assets/img/productivity/nextcloud.svg) {align = right}
* * Nextcloud * *是一套免費開源用戶端伺服器軟體,可在您控制的私人伺服器上建立自己的檔案託管服務。
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
- [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients)
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
!!! 危險
我們不建議使用 Nextcloud [E2EE App] (https://apps.nextcloud.com/apps/end_to_end_encryption) ,因為它可能會導致資料丟失;目前它仍是高度實驗性,未達穩定品質。
### Syncthing P2P
!!! recommendation
! [Syncthing logo] (assets/img/file-sharing-sync/syncthing.svg) {align = right}
* * Syncthing * *是一個開源的點對點連續檔案件同步實用程式。 它可用在本地網路或網際網路的多個設備之間同步檔案。 Syncthing 不使用集中式伺服器;它使用 [Block Exchange Protocol] (https://docs.syncthing.net/specs/bep-v1.html # bep-v1)在裝置之間傳輸資料。 所有資料都使用 TLS 加密。
[:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" }
[:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid)
- [:simple-windows11: Windows](https://syncthing.net/downloads/)
- [:simple-apple: macOS](https://syncthing.net/downloads/)
- [:simple-linux: Linux](https://syncthing.net/downloads/)
- [:simple-freebsd: FreeBSD](https://syncthing.net/downloads/)
- [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/)
- [:simple-netbsd: NetBSD](https://syncthing.net/downloads/)
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
#### 最低合格要求
- 必須不需要第三方遠端/雲端伺服器。
- 必須是開源軟體。
- 必須有 Linux、macOS 和 Windows 用戶端;或 Web 網頁界面。
#### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 具有適用於 iOS 和 Android 的移動客戶端,其至少支持文件預覽。
- 支援 iOS 和 Android 照片備份, 或是最好能 支援Android 檔案/資料夾同步。

94
i18n/zh-Hant/financial-services.md Normal file
View File

@@ -0,0 +1,94 @@
---
title: 金融服務
icon: material/bank
---
在線支付是隱私面臨的最大挑戰之一。 這些服務可以幫助您保護隱私,免受商家和其他追蹤者的影響,前提是您對如何有效地進行私人付款有深入的了解。 我們強烈建議您在網路購買前先閱讀本站私密付款之介紹:
[私密付款 :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
## 付款掩蔽服務
有許多服務提供“虛擬簽帳卡” ,在線商家接受此種付款方式則在大多數情況下不會透露您實際銀行或帳單信息。 請注意,這些金融服務 **並不是** 匿名,且受「了解您的客戶」( KYC )法律的約束,並可能需要客戶身份證明文件或其他識別信息。 這些服務主要保護您免受商家資料洩露、營銷機構粗糙的跟蹤或購買聯結以及線上資料盜竊;這些並 **不能** 在購買時完全匿名。
!!! 提示「檢查您目前的銀行」
許多銀行和信用卡提供商提供本機虛擬卡功能。 如果您使用已提供的選項,則在大多數情況下使用時請依循以下建議。 你不信任把個人資料託付給各方人士。
### Privacy.com (美國)
!!! recommendation
! [Privacy.com logo] (assets/img/financial-services/privacy_com.svg#only-light) {align = right}
! [Privacy.com標誌] (assets/img/financial-services/privacy_com-dark.svg#only-dark) {align = right}
* * Privacy.com * *的免費方案每月最多創建12 張虛擬卡,設定卡片的支付上限與立即關閉卡片。 付費計劃則每月最多創建 36 張卡購買時可獲得1% 現金返還,並向銀行隱藏交易信息。
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
Privacy.com 預設情況下將您購買的商家資訊提供給您的銀行。 付費版的「謹慎商家」功能會向您的銀行隱藏商家資訊,因此銀行只會看到使用 Privacy.com 進行購買,不會看到這筆錢花在哪裡,但這並不是萬無一失的, Privacy.com 仍然了解您花錢的商家。
### MySudo (美國,付費)
!!! recommendation
! [MySudo logo] (assets/img/financial-services/mysudo.svg#only-light) {align = right}
! [MySudo標誌] (assets/img/financial-services/mysudo-dark.svg#only-dark) {align = right}
* * MySudo * *根據您購買的方案最多提供 9張虛擬卡。 付費方案還包括一些有助於私密購物的功能,例如虛擬電話號碼和電子郵件地址,但我們通常建議使用專業[電子郵件別名提供商] (email.md)進行廣泛的別名使用保護。
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
### 標準
**請注意,我們與所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 允許創建多張卡片,作為商家和您的個人財務之間的盾牌。
- 卡片公司不得要求您向商戶提供準確的帳單地址資訊。
## 禮品卡市集
這些服務可接受 [加密貨幣](cryptocurrency.md)來購買各種商家禮品卡。 其中一些服務提供更高限額的身份驗證選項,它們也只淮許有電子郵件地址的帳戶。 基本帳戶的限額為每天 5,000-10,000 美元,身份驗證帳戶的限額則更高(如果提供)。
### Cake Pay
!!! recommendation
! [CakePay標誌] (assets/img/financial-services/cakepay.svg) {align = right}
* * Cake Pay * * 可用 Monero 購買禮品卡和相關產品。 Cake Wallet 行動應用程式僅購限美國商家可用 ,而 Cake Pay 網頁應用則包括廣泛的全球商家可選。
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation}
### CoinCards
!!! recommendation
! [CakePay標誌] (assets/img/financial-services/coincards.svg) {align = right}
* * CoinCards * * (在美國、加拿大和英國)允許您購買各種商家禮品卡。
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 接受付款 [使用推薦加密貨幣](cryptocurrency.md)。
- 無需提供身份證件。

267
i18n/zh-Hant/frontends.md Normal file
View File

@@ -0,0 +1,267 @@
---
title: "前端"
icon: material/flip-to-front
description: 這些用在各式網際網路服務的開源前端,可讓您訪問內容而無需 JavaScript 或其他干援。
---
有時,某些服務會以煩人的彈出窗口來封鎖訪問內容,強迫訪客須註冊帳戶。 如果不啓用JavaScript ,也可能會中斷。 這些前端可以讓您避開這些限制。
## LBRY
### Librarian
!!! recommendation
! [Librarian logo] (assets/img/frontends/librarian.svg#only-light) {align = right}
! [Librarian logo] (assets/img/frontends/librarian-dark.svg#only-dark) {align = right}
* * Librarian * *是 [Odysee](https://odysee.com/) (LBRY)的免費開源前端,也是可自我託管的。
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
[:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
!!! 警告
預設情況下,圖書館員不會代理影片串流。 透過 Libraria 觀看的影片仍可直接連接至 Odysee伺服器例如 "odycdn.com" ;然而某些情況下可能會啟用代理服務,詳情請參閱實例的隱私權政策。
!!! 提示
如果您希望在行動裝置上觀看 LBRY 內容而無需強制遙測,以及想要瀏覽器禁用 JavaScript ,例如 [Tor瀏覽器] https://www.torproject.org/ 最安全的級別設置Librarian 非常有用。
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 Librarian 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
當使用 Libraian 實例時,請務必閱讀該實例的隱私權政策。 Librarian 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 librarian 實例有「隱私營養標籤」功能,以提供政策的概覽。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## Twitter
### Nitter
!!! recommendation
! [Nitter logo] (assets/img/frontends/nitter.svg) {align = right}
* * Nitter * *是 [Twitter](https://twitter.com)的免費開源前端,也是可自我託管。
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
!!! 提示
如果想在不登錄的情況下瀏覽 Twitter 內容,或是在瀏覽器中禁用 JavaScript Nitter非常有用就像[Tor 瀏覽器] https://www.torproject.org/ )在最安全級別會關閉 JavaScript 。 它還可以[為 Twitter 建立 RSS 新聞源] (news-aggregators.md#twitter)。
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 小心處理 Nitter 的託管 ,因為其他人的使用將與您的託管息息相關。
當使用 Nitter 實例時,請務必閱讀該實例的隱私權政策。 Nitter 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## TikTok
### ProxiTok
!!! recommendation
! [ProxiTok logo] (assets/img/frontends/proxitok.svg) {align = right}
* * ProxiTok * *是 [TikTok](https://www.tiktok.com)網站的開源前端,也可自主託管。
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
!!! 提示
如果想在瀏覽器中禁用 JavaScript ,例如[Tor瀏覽器] (https://www.torproject.org/)最安全級別, ProxiTok 非常有用。
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 ProxiTok 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
當使用 ProxiTok 實例時,請務必閱讀該實例的隱私權政策。 ProxiTok 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## YouTube
### FreeTube
!!! recommendation
! [FreeTube logo] (assets/img/frontends/freetube.svg) {align = right}
* * FreeTube * *是 [YouTube](https://youtube.com)的免費開源桌面應用程式。 使用 FreeTube 時,訂閱清單和播放列表會在本地儲存在 本地裝置上。
預設情況下, FreeTube 會封鎖所有 YouTube 廣告。 此外, FreeTube 可選擇與 [SponsorBlock](https://sponsor.ajay.app) 整合,可以跳過贊助的影片段。
[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://freetubeapp.io/#download)
- [:simple-apple: macOS](https://freetubeapp.io/#download)
- [:simple-linux: Linux](https://freetubeapp.io/#download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
!!! 警告
使用 FreeTube 時IP 位址可能會被 YouTube、[Invidious](https://instances.invidious.io)或 [SponsorBlock](https://sponsor.ajay.app/)所知,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md)或 [Tor](https://www.torproject.org)。
### Yattee
!!! recommendation
! [Yattee logo] (assets/img/frontends/yattee.svg) {align = right}
* * Yattee * *是一款免費的開源隱私導向影片播放器適用於iOS、tvOS 和 macOS 觀看 [YouTube](https://youtube.com)。 使用 Yattee 時,訂閱清單和播放列表會儲存在 本地裝置上。
由於 App Store 限制,您需要採取一些[額外步驟] (https://gonzoknows.com/posts/Yattee/)才能使用 Yattee 觀看YouTube。
[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute }
??? 下載
- [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629)
- [:simple-github: GitHub](https://github.com/yattee/yattee/releases)
!!! 警告
使用 Yattee 時IP位址可能仍會被 YouTube、 [Invidious](https://instances.invidious.io)、 [Piped](https://github.com/TeamPiped/Piped/wiki/Instances)或 [SponsorBlock](https://sponsor.ajay.app/)所知曉,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md)或 [Tor](https://www.torproject.org)。
預設情況下, Yattee 會封鎖所有 YouTube 廣告。 此外, Yattee 可選擇與 [SponsorBlock](https://sponsor.ajay.app) 整合,可以跳過贊助的影片段。
### LibreTube (Android)
!!! recommendation
! [LibreTube logo] (assets/img/frontends/libretube.svg#only-light) {align = right}
! [LibreTube logo] (assets/img/frontends/libretube-dark.svg#only-dark) {align = right}
* * LibreTube * *是一款免費的 [YouTube](https://youtube.com)開源Android應用程序使用 [Piped](# piped) API。
LibreTube 可將訂閱列表和播放列表存儲於 Android 設備,或者存儲到您選擇的 Piped 實例帳戶,以便利用其他設備無縫訪問。
[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
??? 下載
- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases)
!!! 警告
使用 LibreTube 時IP 位址會為所用的 [Piped](https://github.com/TeamPiped/Piped/wiki/Instances)實例和 [SponsorBlock](https://sponsor.ajay.app/)看見,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md)或 [Tor](https://www.torproject.org)。
預設情況下, LibreTube 會封鎖所有 YouTube 廣告。 此外, LibreTube 利用[SponsorBlock](https://sponsor.ajay.app) 來跳過贊助的影片段。 可以自行配置 SponsorBlock 要跳過的影片段類型,或完全禁用它。 播放器上有一個按鈕,如果需要,可以為特定影片禁用它。
### NewPipe (Android)
!!! recommendation annotate
! [Newpipe logo] (assets/img/frontends/newpipe.svg) {align = right}
* * NewPipe * *是 [YouTube](https://youtube.com)、 [SoundCloud](https://soundcloud.com)、 [media.ccc.de](https://media.ccc.de)、 [Bandcamp](https://bandcamp.com)和 [PeerTube](https://joinpeertube.org/) (1)的免費開源 Android應用程式。
訂閱清單和播放列表會儲存在本地的 Android裝置。
[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
[:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
??? 下戴
- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
1. 預設實例為 [FramaTube](https://framatube.org/),但可在 **Settings****Content****PeerTube instance ** 添加更多實例。
!!! 警告
使用NewPipe時IP 位址會被所使用的影片供應商看見。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md)或 [Tor](https://www.torproject.org)。
### Invidious
!!! recommendation
! [Invidious logo] (assets/img/frontends/invidious.svg#only-light) {align = right}
! [INVIDIOUS LOGO] (assets/img/frontends/invidious-dark.svg#only-dark) {align = right}
* * Invidious * *是 [YouTube](https://youtube.com)的免費開源前端,也可自行託管。
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
[:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
[:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
!!! 警告
預設情況下, Invidious不會代理影片串流。 通過 Invidious 觀看的影片會直接連接到 Google 伺服器(例如`googlevideo.com` ),但是有些實例支持影片代理-只需在實例設置中啟用*Proxy videos*或在 URL 中添加`&local = true`
!!! 提示
如果您想在瀏覽器中停用JavaScript ,例如[Tor瀏覽器] (https://www.torproject.org/)最安全級別Invidious 非常有用。 它本身不提供隱私,故不建議登入任何帳戶。
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 Invidious 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
當使用 Invidious 實例時,請務必閱讀該實例的隱私權政策。 Invidious 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
### Piped
!!! recommendation
! [Piped logo] (assets/img/frontends/piped.svg) {align = right}
* * Piped * *是 [YouTube](https://youtube.com)的免費開源前端,也是可自主託管。
Piped 需要JavaScript 才能運行,它有許多公共實例。
[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
[:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
!!! 提示
如果您想使用 [SponsorBlock](https://sponsor.ajay.app)但不安裝瀏覽器擴展或在不登入帳戶訪問有年齡限制的內容, Piped 非常有用。 它本身不提供隱私,故不建議登入任何帳戶。
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 小心處理 Piped 託管 ,因為其他人的使用將與您的託管息息相關。
當使用 Piped 實例時,請務必閱讀該實例的隱私權政策。 Piped 實例可以由其擁有者修改,因此不見得會完全依照預設政策。
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
推薦的前端…
- 必須是開源軟體。
- 必須是可自行託管。
- 必須提供匿名訪客完整的網站基本功能。
我們只考慮網站的前端是...
- 沒 JavaScript 無法正常存取。

70
i18n/zh-Hant/index.md Normal file
View File

@@ -0,0 +1,70 @@
---
template: overrides/home.zh-Hant.html
hide:
- navigation
- toc
- feedback
schema:
-
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
-
"@context": https://schema.org
"@type": WebSite
name: Privacy Guides
url: "https://www.privacyguides.org/"
sameAs:
- https://www.wikidata.org/wiki/Q111710163
potentialAction:
"@type": SearchAction
target:
"@type": EntryPoint
urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
query-input: required name=search_term_string
---
<!-- markdownlint-disable-next-line -->
## 為何我該關心?
##### “我沒有什麼可隱瞞的。 為何我該在意自己的隱私?
就像異族通婚、女性投票權、言論自由等等權利,隱私權並非總是好好地受保障 在一些獨裁政權下,根本無隱私可言 前人已為隱私權奮鬥了數個世代 ==隱私作為一種基本人權是人人生而固有==每個人都可(不受歧視地)享受此權利。
別再把隱私和祕密混為一談 人人都知道浴室裏發生了什麼,但你還是把門關上。 這是因為您需要隱私,而不是保密。 **每個人**都有要保護的東西 隱私讓我們之所以為人
[:material-target-account:共同的網際網路威脅](basics/common-threats.md ""){.md-button.md-button--primary}
## 我該怎麼辦
##### 首先,您需要製定計劃
冀望您所有的資料完全免受任何人的侵害是不實際、昂貴且耗神的。 但別擔心 安全是一種過程,向前思考以製定出一個適合您的正確計劃。 安全性不是只限於您使用的工具或下載的軟件。 相反,它始於了解您面臨的獨特威脅,以及如何減輕它們。
==這個識別威脅和定義對策的過程稱為 **威脅模型**= = ,它構成了完整安全和隱私計劃的基礎。
[:material-book-outline: 了解更多關於威脅模型](basics/threat-modeling.md ""){.md-button.md-button--primary}
---
## ## 我们需要你! 參與方式如下:
[:simple-discourse:](https://discuss.privacyguides.net/){title = "加入我們的論壇"}
[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){rel = me title = "關注我們的Mastodon"}
[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){title = "提供貢獻"}
[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){title = "幫助網站翻譯"}
[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){title = "在Matrix上與我們聊天"}
[:material-information-outline:](about/index.md){title = "更了解我們"}
[:material-hand-coin-outline:](about/donate.md){title = "支持本項目"}
像 Privacy Guides 這類網站必須維持最新狀態。 我們需要觀眾留意網站上列出的應用程式的軟體更新,並掌握推薦供應商的最新消息。 跟上互聯網快速變化並不容易,但我們盡力而為。 如果您發現錯誤、認為不應該列出提供商、注意到沒列上的適格提供商、認為瀏覽器附加元件不再是最佳選擇或發現任何其他問題,請告訴我們。

17
i18n/zh-Hant/kb-archive.md Normal file
View File

@@ -0,0 +1,17 @@
---
title: KB Archive
icon: material/archive
description: Some pages that used to be in our knowledge base can now be found on our blog.
---
# Pages Moved to Blog
Some pages that used to be in our knowledge base can now be found on our blog:
- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/)
- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
- [Linux - System Hardening](https://blog.privacyguides.org/2022/04/22/linux-system-hardening/)
- [Linux - Application Sandboxing](https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/)
- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/)
- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/)

22
i18n/zh-Hant/meta/brand.md Normal file
View File

@@ -0,0 +1,22 @@
---
title: Branding Guidelines
---
The name of the website is **Privacy Guides** and should **not** be changed to:
<div class="pg-red" markdown>
- PrivacyGuides
- Privacy guides
- PG
- PG.org
</div>
The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**.
Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand)
## Trademark
"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project.
Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions.

46
i18n/zh-Hant/meta/git-recommendations.md Normal file
View File

@@ -0,0 +1,46 @@
---
title: Git Recommendations
---
If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations.
## Enable SSH Key Commit Signing
You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent).
1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo):
```
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global tag.gpgSign true
```
2. Copy your SSH public key to your clipboard, for example:
```
pbcopy < ~/.ssh/id_ed25519.pub
# Copies the contents of the id_ed25519.pub file to your clipboard
```
3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard:
```
git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com'
```
Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key).
## Rebase on Git pull
Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo).
You can set this to be the default behavior:
```
git config --global pull.rebase true
```
## Rebase from `main` before submitting a PR
If you are working on your own branch, run these commands before submitting a PR:
```
git fetch origin
git rebase origin/main
```

89
i18n/zh-Hant/meta/uploading-images.md Normal file
View File

@@ -0,0 +1,89 @@
---
title: Uploading Images
---
Here are a couple of general rules for contributing to Privacy Guides:
## Images
- We **prefer** SVG images, but if those do not exist we can use PNG images
Company logos have canvas size of:
- 128x128px
- 384x128px
## Optimization
### PNG
Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image:
```bash
optipng -o7 file.png
```
### SVG
#### Inkscape
[Scour](https://github.com/scour-project/scour) all SVG images.
In Inkscape:
1. File Save As..
2. Set type to Optimized SVG (*.svg)
In the **Options** tab:
- **Number of significant digits for coordinates** > **5**
- [x] Turn on **Shorten color values**
- [x] Turn on **Convert CSS attributes to XML attributes**
- [x] Turn on **Collapse groups**
- [x] Turn on **Create groups for similar attributes**
- [ ] Turn off **Keep editor data**
- [ ] Turn off **Keep unreferenced definitions**
- [x] Turn on **Work around renderer bugs**
In the **SVG Output** tab under **Document options**:
- [ ] Turn off **Remove the XML declaration**
- [x] Turn on **Remove metadata**
- [x] Turn on **Remove comments**
- [x] Turn on **Embeded raster images**
- [x] Turn on **Enable viewboxing**
In the **SVG Output** under **Pretty-printing**:
- [ ] Turn off **Format output with line-breaks and indentation**
- **Indentation characters** > Select **Space**
- **Depth of indentation** > **1**
- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element**
In the **IDs** tab:
- [x] Turn on **Remove unused IDs**
- [ ] Turn off **Shorten IDs**
- **Prefix shortened IDs with** > `leave blank`
- [x] Turn on **Preserve manually created IDs not ending with digits**
- **Preserve the following IDs** > `leave blank`
- **Preserve IDs starting with** > `leave blank`
#### CLI
The same can be achieved with the [Scour](https://github.com/scour-project/scour) command:
```bash
scour --set-precision=5 \
--create-groups \
--renderer-workaround \
--remove-descriptive-elements \
--enable-comment-stripping \
--enable-viewboxing \
--indent=space \
--nindent=1 \
--no-line-breaks \
--enable-id-stripping \
--protect-ids-noninkscape \
input.svg output.svg
```

87
i18n/zh-Hant/meta/writing-style.md Normal file
View File

@@ -0,0 +1,87 @@
---
title: Writing Style
---
Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt.
In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below.
## Writing for our audience
Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with.
### Address only what people want to know
People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details.
> Tell your audience why the material is important to them. Say, “If you want a research grant, heres what you have to do.” Or, “If you want to mine federal coal, heres what you should know.” Or, “If youre planning a trip to Rwanda, read this first.”
### Address people directly
We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly.
> More than any other single technique, using “you” pulls users into the information and makes it relevant to them.
>
> When you use “you” to address users, they are more likely to understand what their responsibility is.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/)
### Avoid "users"
Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for.
## Organizing content
Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas.
- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages.
- Mark important ideas with **bold** or *italics*.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/)
### Begin with a topic sentence
> If you tell your reader what theyre going to read about, theyre less likely to have to read your paragraph again. Headings help, but theyre not enough. Establish a context for your audience before you provide them with the details.
>
> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where youre going. Dont make readers hold a lot of information in their heads before getting to the point.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/)
## Choose your words carefully
> Words matter. They are the most basic building blocks of written and spoken communication. Dont complicate things by using jargon, technical terms, or abbreviations that people wont understand.
We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly.
> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences:
>
> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends.
>
> And the original, using stronger, simpler words:
>
> > More night jobs would keep youths off the streets.
## Be concise
> Unnecessary words waste your audiences time. Great writing is like a conversation. Omit information that the audience doesnt need to know. This can be difficult as a subject matter expert so its important to have someone look at the information from the audiences perspective.
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/)
## Keep text conversational
> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting.
>
> Verbs tell your audience what to do. Make sure its clear who does what.
### Use active voice
> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.”
Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/)
### Use "must" for requirements
> - “must” for an obligation
> - “must not” for a prohibition
> - “may” for a discretionary action
> - “should” for a recommendation

224
i18n/zh-Hant/mobile-browsers.md Normal file
View File

@@ -0,0 +1,224 @@
---
title: "Mobile Browsers"
icon: material/cellphone-information
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Mobile Browser Recommendations
url: "./"
relatedLink: "../desktop-browsers/"
-
"@context": http://schema.org
"@type": MobileApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
applicationCategory: Web Browser
operatingSystem:
- Android
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": MobileApplication
name: Safari
image: /assets/img/browsers/safari.svg
url: https://www.apple.com/safari/
applicationCategory: Web Browser
operatingSystem:
- iOS
subjectOf:
"@type": WebPage
url: "./"
---
These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
## Android
On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196).
### Brave
!!! recommendation
![Brave logo](assets/img/browsers/brave.svg){ align=right }
**Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default.
Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues.
[:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" }
??? downloads annotate
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser)
- [:simple-github: GitHub](https://github.com/brave/brave-browser/releases)
#### Recommended Configuration
Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another.
These options can be found in :material-menu: → **Settings****Brave Shields & privacy**
##### Shields
Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit.
##### Brave shields global defaults
Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following:
<div class="annotate" markdown>
- [x] Select **Aggressive** under Block trackers & ads
??? warning "Use default filter lists"
Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use.
- [x] Select **Upgrade connections to HTTPS**
- [x] Select **Always use secure connections**
- [x] (Optional) Select **Block Scripts** (1)
- [x] Select **Strict, may break sites** under **Block fingerprinting**
</div>
1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension.
##### Clear browsing data
- [x] Select **Clear data on exit**
##### Social Media Blocking
- [ ] Uncheck all social media components
##### Other privacy settings
<div class="annotate" markdown>
- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc)
- [ ] Uncheck **Allow sites to check if you have payment methods saved**
- [ ] Uncheck **IPFS Gateway** (1)
- [x] Select **Close tabs on exit**
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
- [ ] Uncheck **Automatically send diagnostic reports**
- [ ] Uncheck **Automatically send daily usage ping to Brave**
</div>
1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it.
#### Brave Sync
[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE.
## iOS
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser.
### Safari
!!! recommendation
![Safari logo](assets/img/browsers/safari.svg){ align=right }
**Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades.
[:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation}
#### Recommended Configuration
These options can be found in :gear: **Settings****Safari****Privacy and Security**.
##### Cross-Site Tracking Prevention
- [x] Enable **Prevent Cross-Site Tracking**
This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability.
##### Privacy Report
Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time.
Privacy Report is accessible via the Page Settings menu.
##### Privacy Preserving Ad Measurement
- [ ] Disable **Privacy Preserving Ad Measurement**
Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy.
The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature.
##### Always-on Private Browsing
Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list.
- [x] Select **Private**
Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpages address to Apple when using Safari's translation feature.
Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience.
##### iCloud Sync
Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/).
You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**.
- [x] Turn On **Advanced Data Protection**
If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings****Safari****General****Downloads**.
### AdGuard
!!! recommendation
![AdGuard logo](assets/img/browsers/adguard.svg){ align=right }
**AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker).
AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge.
[:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" }
??? downloads
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162)
Additional filter lists do slow things down and may increase your attack surface, so only apply what you need.
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- Must support automatic updates.
- Must receive engine updates in 0-1 days from upstream release.
- Any changes required to make the browser more privacy-respecting should not negatively impact user experience.
- Android browsers must use the Chromium engine.
- Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android.
- iOS browsers are limited to WebKit.
### Extension Criteria
- Must not replicate built-in browser or OS functionality.
- Must directly impact user privacy, i.e. must not simply provide information.

139
i18n/zh-Hant/multi-factor-authentication.md Normal file
View File

@@ -0,0 +1,139 @@
---
title: "多重因素驗證"
icon: 'material/two-factor-authentication'
description: 這些工具可協助您透過多重身份驗證保護網路帳戶,而無需將您的祕密傳送給第三方。
---
## 安全金鑰硬體
### YubiKey
!!! recommendation
![YubiKeys](assets/img/multifactor-authentication/yubikey.png)
* * YubiKeys * *是最常用的安全金鑰之一。 有些 YubiKey 型號具廣泛的功能,例如: [Universal 2nd Factor (U2F)] (https://en.wikipedia.org/wiki/Universal_2nd_Factor)、[FIDO2 and WebAuthn] (basics/multifactor-authentication.md#fido-fast-identity-online)、[Yubico OTP] (basics/multifactor-authentication.md#yubico-otp)、[Personal Identity Verification (PIV)] (https://developers.yubico.com/PIV)、 [OpenPGP](https://developers.yubico.com/PGP/)、[TOTP and HOTP] (https://developers.yubico.com/OATH)驗證。
YubiKey 好處之一是,一支密鑰( 例如 YubiKey 5 )可以滿足對安全密鑰硬體的全部期待。 我們建議您在購買前先[作個小測驗](https://www.yubico.com/quiz/) ,以確保您做出正確的選擇。
[:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
[比較表](https://www.yubico.com/store/compare/) 顯示了各型號 YubiKeys 功能比較。 我們強烈建議您從YubiKey 5系列中挑選。
YubiKeys可以利用 [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) 或 [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/)來收授指令。 若要管理 TOTP 代碼,您可以使用 [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)。 Yubico 所有客戶端軟體都是開源。
支持 HOTP 和 TOTP 的機型, OTP 介面中有2個插槽可用於HOTP 和32個插槽來存儲 TOTP 機密。 這些機密經加密後存儲在密鑰上,永遠不會將它們暴露在插入的設備上。 一旦向 Yubico Authenticator 提供種子(共享祕密) ,它將只會給出六位數的代碼,但永遠不會提供種子。 此安全模型有助於限制攻擊者,即便運行 Yubico Authenticator的設備受到破壞讓受到物理攻擊時 Yubikey 仍具抵抗力。
!!! 警告
YubiKey 軔體沒有開源,不可更新。 如果您想要使用較新韌體版本的功能,或者使用中的韌體版本存在漏洞,則需要購買新的金鑰。
### Nitrokey
!!! recommendation
![Nitrokey](assets/img/multifactor-authentication/nitrokey.jpg) {align = right}
* * Nitrokey * * 能夠[FIDO2 和 WebAuthn] (basics/multifactor-authentication.md#fido-fast-identity-online)的安全金鑰,稱為* * Nitrokey FIDO2 * *。 若要獲得 PGP 支援,您需要購買他們其他鑰匙,例如* * Nitrokey Start * *、* * Nitrokey Pro 2 * *或* * Nitrokey Storage 2 * *。
[:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation}
[比較表](https://www.nitrokey.com/#comparison) 顯示了各型號 Nitrokey 功能比較。 **Nitrokey 3** 具有組合的功能集。
可以使用 [Nitrokey 應用程序](https://www.nitrokey.com/download)配置 Nitrokey 模型。
支持 HOTP 和 TOTP 的型號有3個 HOTP 插槽15 個 TOTP 插槽。 有些 Nitrokeys 可以充當密碼管理器。 可以存儲 16 組憑證,並使用與 OpenPGP 接口相同的密碼對憑證加密。
!!! 警告
雖然 Nitrokeys 不會將 HOTP/TOTP 機密釋放給所插入的設備但HOTP 和 TOTP存儲* *未經加密* * ,容易受到物理攻擊。 如果您需要存儲 HOTP 或 TOTP 這類祕密強烈建議您使用Yubikey 代替。
!!! 警告
重置 Nitrokey 的 OpenPGP 介面會使密碼資料庫變為 [無法存取](https://docs.nitrokey.com/pro/linux/factory-reset)。
Nitrokey Pro 2、Nitrokey Storage 2 和即將推出的 Nitrokey 3 支持筆記型電腦的 [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) 軔體與系統完整性驗證。
不同於 YubiKeyNitrokey 軔體是開源。 NitroKey 型號可( **NitroKey Pro 2**除外)可更新軔體。
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
#### 最低合格要求
- 必須使用高品質、防篡改的硬體安全模組。
- 必須支援最新的 FIDO2 規格。
- 必須不允許私鑰提取。
- 價格超過 35美元的裝置必須支援處理 OpenPGP 和 S/MIME。
#### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應採用 USB-C 格式。
- 應與 NFC一起使用。
- 支持 TOTP 機密儲存。
- 應支持安全軔體更新。
## 認證器應用程式
驗證器應用程式實施網際網路工程任務組( IETF)採行的安全標準,稱為 **依據時間的單次密碼**或 **TOTP**。 這是一種網站與您共享祕密的方法,驗證器應用程式使用該祕密根據當前時間生成(通常為)六位數驗證碼,您在登錄網站時輸入以供網站檢查。 通常這些驗證碼每30 秒重新生成一次,一旦生成新碼,舊碼就無用了。 即使駭客獲得六位數的驗證碼,也無法逆轉該代碼去取得原始祕密或透過其他方式去預測以後的驗證碼。
我們強烈建議您使用行動 TOTP 應用程式而不是桌面替代方案,因為 Android 和 iOS 比大多數桌面作業系統具有更好的安全性和應用程式隔離性。
### Aegis Authenticator (Android)
!!! recommendation
! [Aegis logo] (assets/img/multifactor-authentication/aegis.png) {align = right}
* * Aegis Authenticator * *是一款免費、安全且開源的應用程式,可為您的線上服務管理兩步驗證令牌。
[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
- [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
### Raivo OTP (iOS)
!!! recommendation
! [Raivo OTP logo] (assets/img/multifactor-authentication/raivo-otp.png) {align = right}
* * Raivo OTP * *是原生、輕量和安全的時間基礎(TOTP) & 計數器(HOTP)密碼用戶端應用適用於iOS。 Raivo OTP 提供可選的 iCloud 備份 & 同步。 Raivo OTP也以狀態列應用程式的形式提供給macOS 但Mac應用程式並不獨立於iOS應用程式運作。
[:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
[:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute }
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 源代碼必須公開。
- 無需網際網路連線。
- 不得同步至第三方雲端同步/備份服務。
- **可選** 支援與作業系統原生工具的 E2EE 同步是可以的,例如透過 iCloud 進行加密同步。

172
i18n/zh-Hant/news-aggregators.md Normal file
View File

@@ -0,0 +1,172 @@
---
title: "新聞聚合器"
icon: material/rss
description: 這些新聞聚合器客戶端可利使用 RSS 等網際網路標準來訂閱追蹤您最喜愛的部落格和新聞網站。
---
[新聞聚合器](https://en.wikipedia.org/wiki/News_aggregator) 是一種訂閱最喜愛的部落格和新聞網站的追蹤方式。
## 聚合器客戶端
### Akregator
!!! recommendation
! [Akregator logo] (assets/img/news-aggregators/akregator.svg) {align = right}
* * Akregator * *是 [KDE](https://kde.org) 項目的一部分。 它具有快速搜索、先進的存檔功能和內部瀏覽器可輕鬆閱讀新聞。
[:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation}
[:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? 下載
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator)
### Feeder
!!! recommendation
! [Feeder logo] (assets/img/news-aggregators/feeder.png) {align = right}
* * Feeder * *是 Android 版本的 RSS 客戶端,具有許多[特色](https://gitlab.com/spacecowboy/Feeder#features) 且可與RSS 訊息來源的資料夾配合使用。 它支持 [RSS](https://en.wikipedia.org/wiki/RSS ), [Atom]( https://en.wikipedia.org/wiki/Atom_ 網頁標準 ) , [RDF](https://en.wikipedia.org/wiki/RDF%2FXML)和 [JSON Feed] (https://en.wikipedia.org/wiki/JSON_Feed)。
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
### Fluent Reader
!!! recommendation
! [Fluent Reader logo] (assets/img/news-aggregators/fluent-reader.svg) {align = right}
* * Fluent Reader * *是一個安全的跨平臺新聞聚合器,具有方便的隱私功能,例如在退出時刪除 cookie ,嚴格的[內容安全政策(CSP)] (https://en.wikipedia.org/wiki/Content_Security_Policy)和代理支持,這意味著您可以透過 [Tor](tor.md)來使用它。
[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://hyliu.me/fluent-reader)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427)
### GNOME Feeds
!!! recommendation
! [GNOME Feeds logo] (assets/img/news-aggregators/gfeeds.svg) {align = right}
* * GNOME Feeds * *是 [RSS](https://en.wikipedia.org/wiki/RSS)和 [Atom](https://en.wikipedia.org/wiki/Atom_ (Web_standard))新聞閱讀器,適用於 [GNOME](https://www.gnome.org)。 它的界面很簡單,執行快速。
[:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
??? 下載
- [:simple-linux: Linux](https://gfeeds.gabmus.org/#install)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds)
### Miniflux
!!! recommendation
! [Miniflux logo] (assets/img/news-aggregators/miniflux.svg#only-light) {align = right}
! [Miniflux標誌] (assets/img/news-aggregators/miniflux-dark.svg#only-dark) {align = right}
* * Miniflux * *是一個網頁版的新聞聚合器,允許自行託管。 它支持 [RSS](https://en.wikipedia.org/wiki/RSS ), [Atom]( https://en.wikipedia.org/wiki/Atom_ 網頁標準 ) , [RDF](https://en.wikipedia.org/wiki/RDF%2FXML)和 [JSON Feed] (https://en.wikipedia.org/wiki/JSON_Feed)。
[:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" }
[:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute }
### NetNewsWire
!!! recommendation
! [NetNewsWire標誌] (assets/img/news-aggregators/netnewswire.png) {align = right}
* * NetNewsWire * *是一款免費開源的訊息源閱讀器適用於macOS 和 iOS ,專注於原生設計和功能集。 它支持典型 feed 格式,以及對 Twitter 和 Reddit feed 的內置支持。
[:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
- [:simple-apple: macOS](https://netnewswire.com)
### Newsboat
!!! recommendation
! [Newsboat logo] (assets/img/news-aggregators/newsboat.svg) {align = right}
* * Newsboat * *是文字控制界面的RSS/Atom 新聞閱讀器。 分支自 [Newsbeuter]( https://zh.wikipedia.org/wiki/Newsbeuter )後,維持積極維護。 非常輕量,適合在[Secure Shell] (https://zh.wikipedia.org/wiki/Secure_Shell )上使用。
[:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! !!! 例如 "本节是新的"
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 必須是開源軟體。
- 必須在本地運作,即不得是雲端服務。
## 社交媒體 RSS 支援
一些社交媒體服務也支持 RSS ,儘管它很少受到推廣。
### Reddit
Reddit 允許您通過 RSS 訂閱 subreddits。
!!! 案例
替換 `subreddit_name` 改為所要訂閱的 subreddit
```text
https://www.reddit.com/r/{{ subreddit_name }}/new/.rss
```
### Twitter
使用任何 Nitter [實例](https://github.com/zedeus/nitter/wiki/Instances) ,您可以使用 RSS 輕鬆訂閱。
!!! 例子
1. 選取實例並設定 `nitter_instance`。
2. 將 `twitter_account` 替換為帳戶名稱。
```text
https://{{ nitter_instance }}/{{ twitter_account }}/rss
```
### YouTube
您可以訂閱 YouTube頻道而無需登入不會把使用情況資訊與Google 帳戶關聯。
!!! 例子
若要使用 RSS 客戶端訂閱 YouTube 頻道,請先查看您的[channel code] (https://support.google.com/youtube/answer/6180214) ,然後在下方替換[CHANNE ID]」:
```text
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
```

114
i18n/zh-Hant/notebooks.md Normal file
View File

@@ -0,0 +1,114 @@
---
title: "記事本"
icon: material/notebook-edit-outline
description: 這些加密的筆記錄應用程式可讓您跟進記錄,而無需將它們提供給第三方。
---
保存記錄您的筆記和日誌,不要將它們提供給第三方。
如果您目前使用的是 Evernote、Google Keep 或 Microsoft OneNote 等應用程式,我們建議您在這裡選擇一個支援 E2EE 的替代方案。
## 雲端型
### Joplin
!!! recommendation
! [Joplin logo] (assets/img/notebooks/joplin.svg) {align = right}
* * Joplin * *是一個免費、開源且功能齊全的筆記和待辦事項應用程式,可以處理大量 Markdown 文件並組織成筆記本和標籤功能。 它提供E2EE 可以通過Nextcloud Dropbox等同步。 它也可以輕鬆自 Evernote 和純文本筆記導入。
[:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" }
[:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797)
- [:simple-github: GitHub](https://github.com/laurent22/joplin-android/releases)
- [:simple-windows11: Windows](https://joplinapp.org/#desktop-applications)
- [:simple-apple: macOS](https://joplinapp.org/#desktop-applications)
- [:simple-linux: Linux](https://joplinapp.org/#desktop-applications)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek)
Joplin 不支援 [應用程式本身或個別筆記和筆記本](https://github.com/laurent22/joplin/issues/289)的密碼/PIN保護。 但是您的資料在傳輸與同步位置中仍會使用主密鑰加密。 自2023年1月起 Joplin 支援 [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) 和 [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z)的生物識別應用程式鎖定功能。
### Standard Notes
!!! recommendation
! [Standard Notes 標誌] (assets/img/notebooks/standard-notes.svg) {align = right}
* *Standard Notes * *是一款簡單而私密的筆記應用程式,可隨時隨地輕鬆使用筆記功能。 它在每個平臺上都具有E2EE ,並且具有強大的主題和自訂編輯器的桌面體驗。 它也經過[獨立審計(PDF)] (https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf)。
[:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" }
[:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450)
- [:simple-github: GitHub](https://github.com/standardnotes/app/releases)
- [:simple-windows11: Windows](https://standardnotes.com)
- [:simple-apple: macOS](https://standardnotes.com)
- [:simple-linux: Linux](https://standardnotes.com)
- [:octicons-globe-16: Web](https://app.standardnotes.com/)
### Cryptee
!!! recommendation
! [Cryptee logo] (./assets/img/notebooks/cryptee.svg#only-light) {align = right}
! [Cryptee logo] (./assets/img/notebooks/cryptee-dark.svg#only-dark) {align = right}
* * Cryptee * *是一個開源的,網頁版本的 E2EE 文件編輯器和照片存儲應用程式。 Cryptee 為漸進式網路應用程式(PWA) ,這意味著它可以在所有現代設備上無縫工作,而無需為每個平臺提供原生應用程序。
[:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" }
??? 下載
- [:octicons-globe-16: PWA](https://crypt.ee/download)
Cryptee 免費提供100MB 的儲存空間,如果需要更多容量,則另有付費選項。 註冊不需要電子郵件或其他個人身份資訊。
## 本地端的記事簿
### Org-mode
!!! recommendation
! [Org-mode logo] (assets/img/notebooks/org-mode.svg) {align = right}
* * Org-mode * *是GNU Emacs的[主要模式] (https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html)。 Org-mode 用於記錄筆記,維護待辦事項列表,規劃項目,並使用快速有效的純文本系統撰寫文件。 可以利用[檔案同步] (file-sharing.md#file-sync)工具進行同步。
[:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation}
[:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute }
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 客戶端應是開源的。
- 任何雲端同步都必須是 E2EE。
- 必須支援將文件匯出為標準格式。
### 最佳案例:
- 本地備份/同步功能應支援加密。
- 基於雲的平臺應支持文件共享。

169
i18n/zh-Hant/os/android-overview.md Normal file
View File

@@ -0,0 +1,169 @@
---
title: Android Overview
icon: simple/android
description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones.
---
Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system.
## Choosing an Android Distribution
When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android.
This problem could be solved by using a custom Android distribution that does not come with such invasive integration. Unfortunately, many custom Android distributions often violate the Android security model by not supporting critical security features such as AVB, rollback protection, firmware updates, and so on. Some distributions also ship [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) builds which expose root via [ADB](https://developer.android.com/studio/command-line/adb) and require [more permissive](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) SELinux policies to accommodate debugging features, resulting in a further increased attack surface and weakened security model.
Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria.
[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button}
## Avoid Rooting
[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses.
Adblockers, which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server.
AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations.
We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps.
## Verified Boot
[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection).
Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Your data is encrypted using unique encryption keys, and the operating system files are left unencrypted.
Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting the device.
Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended.
Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage.
## Firmware Updates
Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin).
As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC and they will provide a minimum of 5 years of support.
EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed.
Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates.
## Android Versions
It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution.
## Android Permissions
[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps.
A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel.
Android 10:
- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there.
- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user.
Android 11:
- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once.
- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened.
- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features.
Android 12:
- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location).
- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation).
- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access.
Android 13:
- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location.
- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only.
- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission.
An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need.
[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal.
!!! 警告
If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely.
!!! 備註
Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics.
## Media Access
Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter.
## User Profiles
Multiple user profiles can be found in **Settings****System****Multiple users** and are the simplest way to isolate in Android.
With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation.
## Work Profile
[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles.
A **device controller** app such as [Shelter](#recommended-apps) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one.
The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile.
This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously.
## VPN Killswitch
Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
## Global Toggles
Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled.
## Google
If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play.
### Advanced Protection Program
If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support.
The Advanced Protection Program provides enhanced threat monitoring and enables:
- Stricter two factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth)
- Only Google and verified third-party apps can access account data
- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts
- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome
- Stricter recovery process for accounts with lost credentials
If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as:
- Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
- Warning you about unverified applications
### Google Play System Updates
In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with Android 10, and Google can push security updates for **some** system components via the privileged Play Services.
If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible.
### Advertising ID
All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you.
On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings****Apps****Sandboxed Google Play****Google Settings****Ads**, and select *Delete advertising ID*.
On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check
- :gear: **Settings****Google****Ads**
- :gear: **Settings****Privacy****Ads**
You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID.
### SafetyNet and Play Integrity API
[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities.
As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services.

142
i18n/zh-Hant/os/linux-overview.md Normal file
View File

@@ -0,0 +1,142 @@
---
title: Linux Overview
icon: simple/linux
description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal.
---
It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isnt always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years.
At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.:
- A verified boot chain, like Apples [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Androids [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windowss [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack)
- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go
- Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations)
Despite these drawbacks, desktop Linux distributions are great if you want to:
- Avoid telemetry that often comes with proprietary operating systems
- Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms)
- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/)
Our website generally uses the term “Linux” to describe desktop Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here.
[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button}
## Choosing your distribution
Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use.
### Release cycle
We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often dont update package versions and fall behind on security updates.
For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
We dont believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this:
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/i8c0mg_mS7U?local=true" title="Regular Releases are Wrong, Roll for your life" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
### Traditional vs Atomic updates
Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating.
Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic.
A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state."
The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue:
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/-hpV5l-gJnQ?local=true" title="Let's try Fedora Silverblue — an immutable desktop OS! - Adam Šamalik" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
### “Security-focused” distributions
There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They dont include any “extra security” or defensive mitigations intended for regular use.
### Arch-based distributions
Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own.
For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit).
Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora.
If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically:
- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes dont break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Archs repositories.
- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages dont suffer from supply chain attacks.
### Kicksecure
While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default.
### Linux-libre kernel and “Libre” distributions
We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons.
## 一般性建議
### Drive Encryption
Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isnt set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device:
- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/)
### Swap
Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
### Wayland
We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it was developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland.
Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If youre using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)).
We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3.
### Proprietary Firmware (Microcode Updates)
Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) dont come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates that often patch vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html).
We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default.
### Updates
Most Linux distributions will automatically install updates or remind you to do so. It is important to keep your OS up to date so that your software is patched when a vulnerability is found.
Some distributions (particularly those aimed at advanced users) are more barebones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates.
Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd).
## Privacy Tweaks
### MAC Address Randomization
Many desktop Linux distributions (Fedora, openSUSE, etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings.
It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network youre connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/).
If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
There isnt many points in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fis firmware.
### Other Identifiers
There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md):
- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings.
- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name.
- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id).
### System Counting
The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary.
This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer.
openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file.

55
i18n/zh-Hant/os/qubes-overview.md Normal file
View File

@@ -0,0 +1,55 @@
---
title: "Qubes Overview"
icon: simple/qubesos
description: Qubes is an operating system built around isolating apps within virtual machines for heightened security.
---
[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
## How does Qubes OS work?
Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines.
![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png)
<figcaption>Qubes Architecture, Credit: What is Qubes OS Intro</figcaption>
Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser.
![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
<figcaption>Qubes window borders, Credit: Qubes Screenshots</figcaption>
## Why Should I use Qubes?
Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources.
Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control.
### Copying and Pasting Text
You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions:
1. Press **Ctrl+C** to tell the VM you're in that you want to copy something.
2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard.
3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available.
4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer.
### File Exchange
To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system.
??? info "AppVMs or qubes do not have their own file systems"
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident.
### Inter-VM Interactions
The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/).
## Additional Resources
For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc).
- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/)
- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf)
- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html)
- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles)

341
i18n/zh-Hant/passwords.md Normal file
View File

@@ -0,0 +1,341 @@
---
title: "密碼管理器。"
icon: material/form-textbox-password
description: 密碼管理員允許您安全地存儲和管理密碼和其他憑證。
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Password Manager Recommendations
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Bitwarden
image: /assets/img/password-management/bitwarden.svg
url: https://bitwarden.com
sameAs: https://en.wikipedia.org/wiki/Bitwarden
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: 1Password
image: /assets/img/password-management/1password.svg
url: https://1password.com
sameAs: https://en.wikipedia.org/wiki/1Password
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Psono
image: /assets/img/password-management/psono.svg
url: https://psono.com
applicationCategory: 密碼管理器。
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassXC
image: /assets/img/password-management/keepassxc.svg
url: https://keepassxc.org/
sameAs: https://en.wikipedia.org/wiki/KeePassXC
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassDX
image: /assets/img/password-management/keepassdx.svg
url: https://www.keepassdx.com/
applicationCategory: 密碼管理器。
operatingSystem: Android
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Strongbox
image: /assets/img/password-management/strongbox.svg
url: https://strongboxsafe.com/
applicationCategory: 密碼管理器。
operatingSystem: iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: gopass
image: /assets/img/password-management/gopass.svg
url: https://www.gopass.pw/
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- FreeBSD
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
---
密碼管理員讓您用主密碼安全地儲存、管理密碼和其他憑證。
[密碼介紹 :material-arrow-right-drop-circle:](./basics/passwords-overview.md)
!!! 資訊
瀏覽器和作業系統所內置的密碼管理器常常不如專用密碼管理器軟體。 內建的密碼管理器優點是與原生軟體很好地整合,但它通常非常簡單,並且缺乏獨立產品具有的隱私和安全功能。
例如Microsoft Edge 的密碼管理器根本不提供 E2EE。 Google的密碼管理員有 [optional](https://support.google.com/accounts/answer/11350823)個E2EE ,而[Apple] (https://support.apple.com/en-us/HT202303)預設提供E2EE。
## 雲端型
這些密碼管理員會將您的密碼同步到雲端伺服器,以便您從所有裝置輕鬆存取,並安全地防止裝置丟失。
### Bitwarden
!!! recommendation
! [Bitwarden logo] (assets/img/password-management/bitwarden.svg) {align = right}
* * Bitwarden * *是一個免費的開源密碼管理器。 它旨在解決個人、團隊和商業組織的密碼管理問題。 Bitwarden 是最佳和最安全的解決方案之一,可存儲所有登錄名和密碼,同時方便地在所有設備之間保持同步。
[:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
- [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744)
- [:simple-github: GitHub](https://github.com/bitwarden/mobile/releases)
- [:simple-windows11: Windows](https://bitwarden.com/download)
- [:simple-linux: Linux](https://bitwarden.com/download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb)
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh)
Bitwarden還具有 [Bitwarden Send](https://bitwarden.com/products/send/)功能,允許您使用 [端到端加密](https://bitwarden.com/help/send-encryption)安全地共享文本和檔案。 發送分享鏈接時可以要求帶[分享密碼](https://bitwarden.com/help/send-privacy/#send-passwords) 。 Bitwarden Send 還具[自動刪除功能](https://bitwarden.com/help/send-lifespan)。
您需要使用 [高級付費方案](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) 才能共享檔案。 免費方案只允許文字分享。
Bitwarden 伺服器端代碼是 [開源](https://github.com/bitwarden/server),因此如果不想使用 Bitwarden 雲端,可以輕鬆地託管自己的 Bitwarden 同步伺服器。
**Vaultwarden** 是以Rust 編寫的Bitwarden 同步伺服器的替代實作,相容官方 Bitwarden 客戶端,非常適合自託管部署取代 Bitwarden 官方資源過載的情況。 如果你想在自己的伺服器上自我託管 Bitwarden ,你幾乎肯定想在 Bitwarden 的官方伺服器代碼上使用 Vaultwarden。
[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute }
### 1Password
!!! recommendation
! [1Password logo] (assets/img/password-management/1password.svg) {align = right}
* * 1Password * *是一個密碼管理器,非常注重安全性和易用性,允許您將密碼、信用卡、軟體許可證和任何其他敏感資訊存儲在安全的數位保管庫。 您的保管庫託管在 1Password 伺服器,費用為[每月收取] (https://1password.com/sign-up/)。 1Password 定期[接受審計](https://support.1password.com/security-assessments/)並提供卓越的客戶支援。 1Password 是封閉原始碼;但是,產品的安全性已徹底記錄在他們的[安全白皮書] (https://1passwordstatic.com/files/security/1password-white-paper.pdf)。
[:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation}
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8)
- [:simple-windows11: Windows](https://1password.com/downloads/windows/)
- [:simple-apple: macOS](https://1password.com/downloads/mac/)
- [:simple-linux: Linux](https://1password.com/downloads/linux/)
過去**1Password** 僅為 macOS和 iOS的用戶提供了最佳的密碼管理器用戶體驗不過它現在已在所有平臺上實現了功能平等。 它擁有許多針對家庭和非技術人員方便使用的特色,也有先進的功能。
您的1Password保管庫使用您的主密碼和隨機34個字符的安全密鑰來加密其伺服器上的數據。 此安全金鑰為您的資料添加了一層保護,因為無論您的主密碼如何,資料都受到高熵保護。 許多其他密碼管理器解決方案完全依賴於您的主密碼的強度來保護您的數據。
相較Bitwarden , 1Password一大優勢是其對原生客戶端的一流支持。 Bitwarden 將許多職責特別是帳戶管理功能降級到他們的網頁保管庫界面而1Password 則是在其原生行動或桌面客戶端中提供了所有功能。 1Password 客戶端也有更直觀的用戶界面 ,更容易使用和導航。
### Psono
!!! recommendation
! [Psono logo] (assets/img/password-management/psono.svg) {align = right}
* * Psono * *是來自德國的免費開源密碼管理器,專注於團隊的密碼管理。 Psono支援安全分享密碼、檔案、書籤和電子郵件。 所有機密都受到主密碼的保護。
[:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo)
- [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client)
Psono為其產品提供廣泛的文檔。 Psono 的網頁用戶端可以自行託管或者您可以選擇完整的Community Edition或具有附加功能的Enterprise Edition。
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
#### 最低合格要求
- 必須使用強大的、基於標準的/現代的E2EE。
- 必須有徹底記錄的加密和安全實踐。
- 必須公開由信譽良好、獨立的第三方進行的審計。
- 所有非必要的遙測都必須是可選的。
- 除了收費之必要外,不得收集過多個人識別資訊(PII)。
#### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 遙測應選擇加入(預設情況下禁用)或根本不收集。
- 應該是開源的,並且可以合理地自我託管。
## 本地儲存
這些選項允許您在本地管理加密密碼資料庫。
### KeePassXC
!!! recommendation
! [KeePassXC logo] (assets/img/password-management/keepassxc.svg) {align = right}
* * KeePassXC * *是 KeePassX 的社區分支, KeePassX 是KeePass Password Safe 的原生跨平臺端口,其目標是通過新功能和錯誤修復來擴展和改善它,以提供功能豐富,跨平臺和現代開源密碼管理器。
[:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" }
[:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://keepassxc.org/download/#windows)
- [:simple-apple: macOS](https://keepassxc.org/download/#mac)
- [:simple-linux: Linux](https://keepassxc.org/download/#linux)
- [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk)
KeePassXC 將其匯出數據存儲為 [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) 文件。 如果您將此檔案匯入另一個密碼管理員,這可能意味著資料丟失。 我們建議您手動檢查每個記錄。
### KeePassDX (安卓)
!!! recommendation
! [KeePassDX標誌] (assets/img/password-management/keepassdx.svg) {align = right}
* * KeePassDX * *是 Android 輕量級密碼管理器允許編輯KeePass 格式文件中的加密資料,與安全填寫密碼表單。 [Contributor Pro] (https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro)允許解鎖上妝的內容和非標準協議功能,但更重要的是,它有助於並鼓勵開發。
[:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
- [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases)
### Strongbox (iOS & macOS)
!!! recommendation
! [Strongbox logo] (assets/img/password-management/strongbox.svg) {align = right}
* * Strongbox * *是 iOS 和 macOS 原生開源密碼管理器。 支援 KeePass 和 Password Safe 格式, Strongbox 可以與其他密碼管理器如KeePassXC )一起在非 Apple 平臺上使用。 通過採用[免費增值模式] (https://strongboxsafe.com/pricing/) Strongbox 免費會員等級提供了大多數功能,而更方便的 [功能](https://strongboxsafe.com/comparison/) -例如生物識別驗證-則必須在訂閱或購買永久授權之後才能享受。
[:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute }
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731)
此外,還有一個僅限離線版本: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638)。 這個版本被剝離許多特色,以試圖減少攻擊面。
### 命令行
這些產品是最低限度的密碼管理器,可以在腳本應用程序中使用。
#### gopass
!!! recommendation
! [gopass logo] (assets/img/password-management/gopass.svg) {align = right}
* * gopass * *是用Go編寫的命令行的密碼管理器。 它適用於所有主要的桌面和伺服器作業系統( Linux macOS BSD Windows )。
[:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute }
??? 下載
- [:simple-windows11: Windows](https://www.gopass.pw/#install-windows)
- [:simple-apple: macOS](https://www.gopass.pw/#install-macos)
- [:simple-linux: Linux](https://www.gopass.pw/#install-linux)
- [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd)
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 需為跨平臺。

155
i18n/zh-Hant/productivity.md Normal file
View File

@@ -0,0 +1,155 @@
---
title: "工作效率工具"
icon: material/file-sign
description: 大多數線上辦公套件不支持 E2EE ,這意味著雲提供商可以存取您所做的一切。
---
大多數線上辦公套件不支持 E2EE ,這意味著雲提供商可以存取您所做的一切。 隱私權政策可在法律上保護您的權利,但不提供技術存取限制。
## 協作平台
### Nextcloud
!!! recommendation
! [Nextcloud logo] (assets/img/productivity/nextcloud.svg) {align = right}
* * Nextcloud * *是一套免費開源用戶端伺服器軟體,可在您控制的私人伺服器上建立自己的檔案託管服務。
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
[:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
- [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients)
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud)
!!! 危險
我們不建議使用 Nextcloud [E2EE App] (https://apps.nextcloud.com/apps/end_to_end_encryption) ,因為它可能會導致資料丟失;目前它仍是高度實驗性,未達穩定品質。 因此我們不推薦第三方Nextcloud提供商。
### CryptPad
!!! recommendation
! [CryptPad logo] (assets/img/productivity/cryptpad.svg) {align = right}
* * CryptPad * *隱私設計可替代流行的辦公工具。 網頁服務上的所有內容都是端到端加密,也可輕鬆與其他用戶共享。
[:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
[:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
一般來說我們將協作平臺定義為成熟的套件可以合理地替代Google Drive 等協作平臺。
- 開源。
- 使檔案可透過 WebDAV 訪問,除非因 E2EE 緣故。
- 具有Linux、macOS和Windows的同步客戶端。
- 支援文件和試算表編輯。
- 支持即時文件協作。
- 支援將文件匯出為標準文件格式例如ODF )。
#### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應將檔案儲存在傳統檔案系統中。
- 必須支援 TOTP 或 FIDO2 多因素驗證,或 Passkey 登入。
## 辦公套件
### LibreOffice
!!! recommendation
! [LibreOffice logo] (assets/img/productivity/libreoffice.svg) {align = right}
* * LibreOffice * *是一個免費且開源的辦公套件,具有廣泛的功能。
[:octicons-home-16: Homepage](https://www.libreoffice.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Documentation}
[:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play](https://www.libreoffice.org/download/android-and-ios/)
- [:simple-appstore: App Store](https://www.libreoffice.org/download/android-and-ios/)
- [:simple-windows11: Windows](https://www.libreoffice.org/download/download/)
- [:simple-apple: macOS](https://www.libreoffice.org/download/download/)
- [:simple-linux: Linux](https://www.libreoffice.org/download/download/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.libreoffice.LibreOffice)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/)
### OnlyOffice
!!! recommendation
! [OnlyOffice logo] (assets/img/productivity/onlyoffice.svg) {align = right}
* * OnlyOffice * *是一個基於雲的免費開源辦公套件具有廣泛的功能包括與Nextcloud的整合。
[:octicons-home-16: Homepage](https://www.onlyoffice.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents)
- [:simple-appstore: App Store](https://apps.apple.com/app/id944896972)
- [:simple-windows11: Windows](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/)
### 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
一般來說,我們將辦公套件定義為可以合理地替代 Microsoft Word 以滿足大多數需求的應用程式。
- 需為跨平臺。
- 必須是開源軟體。
- 必須離線運作。
- 必須支援編輯文件、電子表格和投影片製作投放。
- 必須將檔案匯出為標準文件格式。
## 網路黏貼服務
### PrivateBin
!!! recommendation
! [PrivateBin logo] (assets/img/productivity/privatebin.svg) {align = right}
* * PrivateBin * *是一個極簡主義的開源網路剪貼板 ,伺服器對黏貼的資料一無所知。 資料在瀏覽器中使用 256位元AES 來加密/解密。 它是 ZeroBin 的改進版本。 有一個[實例列表] (https://privatebin.info/directory/)。
[:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary }
[:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" }

194
i18n/zh-Hant/real-time-communication.md Normal file
View File

@@ -0,0 +1,194 @@
---
title: "Real-Time Communication"
icon: material/chat-processing
description: Other instant messengers make all of your private conversations available to the company that runs them.
---
These are our recommendations for encrypted real-time communication.
[Types of Communication Networks :material-arrow-right-drop-circle:](./advanced/communication-network-types.md)
## Encrypted Messengers
These messengers are great for securing your sensitive communications.
### Signal
!!! recommendation
![Signal logo](assets/img/messengers/signal.svg){ align=right }
**Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling.
All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with.
[:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.signal.org/hc/en-us){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" }
[:octicons-heart-16:](https://signal.org/donate/){ .card-link title=Contribute }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
- [:simple-appstore: App Store](https://apps.apple.com/app/id874139669)
- [:simple-android: Android](https://signal.org/android/apk/)
- [:simple-windows11: Windows](https://signal.org/download/windows)
- [:simple-apple: macOS](https://signal.org/download/macos)
- [:simple-linux: Linux](https://signal.org/download/linux)
Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier.
The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/).
We have some additional tips on configuring and hardening your Signal installation:
[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/)
### SimpleX Chat
!!! recommendation
![Simplex logo](assets/img/messengers/simplex.svg){ align=right }
**SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.
[:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/simplex-chat/simplex-chat/tree/stable/docs){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/simplex-chat/id1605771084)
- [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases)
SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022.
Currently SimpleX Chat only provides a client for Android and iOS. Basic group chatting functionality, direct messaging, editing of messages and markdown are supported. E2EE Audio and Video calls are also supported.
Your data can be exported, and imported onto another device, as there are no central servers where this is backed up.
### Briar
!!! recommendation
![Briar logo](assets/img/messengers/briar.svg){ align=right }
**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works/) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briars local mesh mode can be useful when internet availability is a problem.
[:octicons-home-16: Homepage](https://briarproject.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://briarproject.org/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title=Documentation}
[:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" }
[:octicons-heart-16:](https://briarproject.org/){ .card-link title="Donation options are listed on the bottom of the homepage" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android)
- [:simple-windows11: Windows](https://briarproject.org/download-briar-desktop/)
- [:simple-linux: Linux](https://briarproject.org/download-briar-desktop/)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.briarproject.Briar)
To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contacts QR code if they are nearby.
The client software was independently [audited](https://briarproject.org/news/2017-beta-released-security-audit/), and the anonymous routing protocol uses the Tor network which has also been audited.
Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec).
Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol.
## Additional Options
!!! 警告
These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications.
### Element
!!! recommendation
![Element logo](assets/img/messengers/element.svg){ align=right }
**Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication.
Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.
[:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://element.io/help){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app)
- [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067)
- [:simple-github: GitHub](https://github.com/vector-im/element-android/releases)
- [:simple-windows11: Windows](https://element.io/get-started)
- [:simple-apple: macOS](https://element.io/get-started)
- [:simple-linux: Linux](https://element.io/get-started)
- [:octicons-globe-16: Web](https://app.element.io)
Profile pictures, reactions, and nicknames are not encrypted.
Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings.
The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history.
The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signals [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/).
### Session
!!! recommendation
![Session logo](assets/img/messengers/session.svg){ align=right }
**Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls.
Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network.
[:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" }
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868)
- [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases)
- [:simple-windows11: Windows](https://getsession.org/download)
- [:simple-apple: macOS](https://getsession.org/download)
- [:simple-linux: Linux](https://getsession.org/download)
Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design.
Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information.
Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.”
Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol.
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Must have open-source clients.
- Must use E2EE for private messages by default.
- Must support E2EE for all messages.
- Must have been independently audited.
### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- Should have Perfect Forward Secrecy.
- Should have open-source servers.
- Should be decentralized, i.e. federated or P2P.
- Should use E2EE for all messages by default.
- Should support Linux, macOS, Windows, Android, and iOS.

50
i18n/zh-Hant/router.md Normal file
View File

@@ -0,0 +1,50 @@
---
title: "路由器軔體"
icon: material/router-wireless
description: 這些替代作業系統可用於保護您的路由器或Wi-Fi接入點。
---
以下是一些替代操作系統,可用於路由器, Wi-Fi接入點等。
## OpenWrt
!!! recommendation
! [OpenWrt logo] (assets/img/router/openwrt.svg#only-light) {align = right}
! [OpenWrt logo] (assets/img/router/openwrt-dark.svg#only-dark) {align = right}
* * OpenWrt * *是一個基於 Linux 的操作系統;它主要用於嵌入式設備以路由網路流量。 它包括util-linux uClibc和BusyBox。 所有組件都已為家庭路由器進行了優化。
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute }
您可以參考 OpenWrt 的 [硬體表格](https://openwrt.org/toh/start) 檢查您的設備是否支援。
## OPNsense
!!! recommendation
! [OPNsense logo] (assets/img/router/opnsense.svg) {align = right}
* * OPNsense * *是開源的、基於FreeBSD 的防火牆和路由平臺,它包含許多進階功能,如流量整形、負載平衡和 VPN 功能,且有插件的形式提供更多功能。 OPNsense 通常部署作邊界防火牆、路由器、無線存取點、DHCP伺服器、DNS伺服器和 VPN 端點。
[:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute }
OPNsense 一開始是從 [pfSense](https://en.wikipedia.org/wiki/PfSense)分支另外發展出來,兩個項目都以免費和可靠的防火牆發行版而聞名,它們提供了通常只有昂貴的商業防火牆才具備的功能。 2015 年啟動後OPNsense 開發人員[引述](https://docs.opnsense.org/history/thefork.html) pfSense 專案中一連串安全與代碼品質問題,因此覺得有必要對須目作分支。再者 Netgate 取得 pfSense 大部份所有權, pfSense 未來的方向也令他們擔憂。
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 它必須是開源的。
- 必須定期更新。
- 需要支持各種各樣的硬體。

116
i18n/zh-Hant/search-engines.md Normal file
View File

@@ -0,0 +1,116 @@
---
title: "搜尋引擎"
icon: material/search-web
description: 這些尊重隱私的搜尋引擎不會根據您的搜尋建立廣告剖繪。
---
這些尊重隱私的搜尋引擎不會根據您的搜尋建立廣告剖繪。
這裡的建議是基於每個服務的隱私政策的優點。 **不能保證**這些隱私政策都有好好落實。
如果您的威脅模型需要向搜尋供應商隱藏您的IP位址請考慮使用 [VPN](vpn.md) 或 [Tor](https://www.torproject.org/) 。
## Brave Search
!!! recommendation
! [Brave Search logo] (assets/img/search-engines/brave-search.svg) {align = right}
* * Brave Search * *由 Brave 開發,主要提供自己獨立索引的結果。 該索引是針對 Google 搜索進行優化,因此與其他替代方案相比,可以提供更具上下文準確性的結果。
Brave Search 包括獨特的功能,如討論,突出了對話為中心的結果,如論壇文章。
我們建議您停用[匿名使用指標] (https://search.brave.com/help/usage-metrics) ,因為它預設為啟用,可在設定中停用。
[:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary }
[:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation}
Brave Search 總部在美國。 他們的 [隱私政策](https://search.brave.com/help/privacy-policy) 規定他們收集聚合使用指標,其中包括正在使用的作業系統和瀏覽器,但沒有收集個人識別資訊。 IP位址會暫時處理但不會保留。
## DuckDuckGo
!!! recommendation
! [DuckDuckGo logo] (assets/img/search-engines/duckduckgo.svg) {align = right}
* * DuckDuckGo * *最主流的隱私搜尋引擎選項之一。 著名的 DuckDuckGo 搜索功能包括 [bangs]( https://duckduckgo.com/bang)和許多[即時答案] (https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features/)。 搜尋引擎依賴商業 Bing API 來提供大多數結果,但它確實使用許多[其他來源](https://help.duckduckgo.com/results/sources/ )來獲取即時答案和其他非主要結果。
DuckDuckGo 是 Tor瀏覽器的預設搜尋引擎也是 Apple Safari 瀏覽器上為數不多的可用選項之一。
[:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary }
[:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation}
Brave Search 總部在美國。 他們的[隱私政策](https://duckduckgo.com/privacy)聲明他們**確實** 記錄使用者搜尋以改善其產品,但不會記錄 IP 地址或其它可識別的個人資訊。
DuckDuckGo 提供兩種 [其它版本](https://help.duckduckgo.com/features/non-javascript/) 搜尋引擎兩者皆不需要JavaScript。 然而,這些版本缺少特色。 這些版本也可以與其 [Tor 洋蔥地址](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) 一起使用,通過為相應的版本附加 [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) 或 [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) 後綴。
## SearXNG
!!! recommendation
! [SearXNG logo] (assets/img/search-engines/searxng.svg) {align = right}
* * SearXNG * *是一個開源、自我託管的中繼搜索引擎,聚合其他搜索引擎的結果,而自身不儲存任何資訊。 它是一個積極維護的 [SearX] (https://github.com/searx/searx)分支。
[:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary }
[:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"}
[:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" }
SearXNG 是您和它所聚合的搜尋引擎之間的代理。 您的搜尋查詢仍會傳送至 SearXNG 取得搜尋結果的搜尋引擎。
在自我託管時,重要的是要讓其他人使用您的實例,以便查詢能夠混入其中。 您應該小心處理 SearXNG 託管,因為若有人在您的執行實例上查找非法內容,可能會引起當局的關注。
當您使用 SearXNG 實體時,請務必閱讀他們的隱私權政策。 由於 SearXNG 實體可能會被其擁有者修改,因此它們不一定反映其隱私政策。 有些實體是以 Tor 隱藏服務運行,只要您的搜尋查詢不包含 PII ,這可能會授予一些隱私。
## Startpage
!!! recommendation
! [Startpage logo] (assets/img/search-engines/startpage.svg#only-light) {align = right}
! [Startpage logo] (assets/img/search-engines/startpage-dark.svg#only-dark) {align = right}
* * Startpage * *是一個提供 Google 搜索結果而聞名的私密搜索引擎。 Startpage 的獨特功能之一是[匿名視圖] (https://www.startpage.com/en/anonymous-view/) ,它努力標準化用戶活動,使其更難被突出識別。 這個功能可用來隱藏 [某些](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) 網路與瀏覽器特徵。 不像名字所暗示的,該功能不應該依賴於匿名。 如果您正在尋找匿名性,請改用[Tor瀏覽器] (tor.md#tor-browser)。
[:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation}
!!! 警告
Startpage 定期限制服務對某些 IP位址的存取例如為 VPN 或Tor 保留的IP。 [DuckDuckGo](#duckduckgo)和[Brave Search] (#brave-search)是更友好的選項如果您的威脅模型需要向搜索提供商隱藏您的IP位址。
Startpage位於荷蘭。 根據他們的 [隱私政策](https://www.startpage.com/en/privacy-policy/),他們記錄細節如:作業系統、瀏覽器類型和語言。 他們不會記錄您的IP位址、搜尋查詢或其他個人識別資訊。
Startpage 大股東是System1它是一家廣告技術公司。 我們不認為這是問題,因為他們有明顯分開的 [隱私政策](https://system1.com/terms/privacy-policy)。 Privacy Guides 團隊2020年</a> 聯繫 Startpage
,以消除對 System1對該服務大量投資的擔憂。 我們對收到的答案感到滿意。</p>
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 不得根據其隱私權政策收集個人身份資訊。
- 不得要求使用者建立帳戶。
### 最佳案例
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 應該以開源軟體為基礎。
- 不應該封鎖 Tor退出節點的 IP位址。

477
i18n/zh-Hant/tools.md Normal file
View File

@@ -0,0 +1,477 @@
---
title: "Privacy Tools"
icon: material/tools
hide:
- toc
description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats.
---
If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs.
If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community!
For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page.
## Tor Network
<div class="grid cards annotate" markdown>
- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser)
- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot)
- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1)
</div>
1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy.
[Learn more :material-arrow-right-drop-circle:](tor.md)
## Desktop Web Browsers
<div class="grid cards" markdown>
- ![Mullvad Browser logo](assets/img/browsers/mullvad_browser.svg){ .twemoji } [Mullvad Browser](desktop-browsers.md#mullvad-browser)
- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox)
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
</div>
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md)
### Additional Resources
<div class="grid cards" markdown>
- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
</div>
[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources)
## Mobile Web Browsers
<div class="grid cards" markdown>
- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave)
- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari)
</div>
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md)
### Additional Resources
<div class="grid cards annotate" markdown>
- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard)
</div>
[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard)
## Operating Systems
### 行動
<div class="grid cards" markdown>
- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos)
- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos)
</div>
[Learn more :material-arrow-right-drop-circle:](android.md)
#### Android Apps
<div class="grid cards" markdown>
- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store)
- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter)
- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor)
- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera)
- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
</div>
[Learn more :material-arrow-right-drop-circle:](android.md#general-apps)
### Desktop/PC
<div class="grid cards" markdown>
- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os)
- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](desktop.md#fedora-workstation)
- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed)
- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](desktop.md#arch-linux)
- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](desktop.md#fedora-silverblue)
- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](desktop.md#nixos)
- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](desktop.md#whonix)
- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](desktop.md#tails)
</div>
[Learn more :material-arrow-right-drop-circle:](desktop.md)
### Router Firmware
<div class="grid cards" markdown>
- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt)
- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense)
</div>
[Learn more :material-arrow-right-drop-circle:](router.md)
## Service Providers
### Cloud Storage
<div class="grid cards" markdown>
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
</div>
[Learn more :material-arrow-right-drop-circle:](cloud.md)
### DNS
#### DNS Providers
We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended.
[Learn more :material-arrow-right-drop-circle:](dns.md)
#### Encrypted DNS Proxies
<div class="grid cards" markdown>
- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns)
- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy)
</div>
[Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies)
#### Self-hosted Solutions
<div class="grid cards" markdown>
- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji } [AdGuard Home](dns.md#adguard-home)
- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji } [Pi-hole](dns.md#pi-hole)
</div>
[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions)
### Email
<div class="grid cards" markdown>
- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail)
- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg)
- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail)
- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
</div>
[Learn more :material-arrow-right-drop-circle:](email.md)
#### Email Aliasing Services
<div class="grid cards" markdown>
- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy)
- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin)
</div>
[Learn more :material-arrow-right-drop-circle:](email.md#email-aliasing-services)
#### Self-Hosting Email
<div class="grid cards" markdown>
- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email)
- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email)
</div>
[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email)
### Financial Services
#### Payment Masking Services
<div class="grid cards" markdown>
- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free)
- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid)
</div>
[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services)
#### Online Gift Card Marketplaces
<div class="grid cards" markdown>
- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay)
- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards)
</div>
[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces)
### Search Engines
<div class="grid cards" markdown>
- ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search)
- ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo)
- ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji } [SearXNG](search-engines.md#searxng)
- ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage)
</div>
[Learn more :material-arrow-right-drop-circle:](search-engines.md)
### VPN Providers
??? 注意 "VPN 不會讓您匿名"
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN.
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
[Learn more :material-arrow-right-drop-circle:](vpn.md)
<div class="grid cards" markdown>
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
</div>
[Learn more :material-arrow-right-drop-circle:](vpn.md)
## Software
### Calendar Sync
<div class="grid cards" markdown>
- ![Tutanota logo](assets/img/calendar/tutanota.svg){ .twemoji } [Tutanota](calendar.md#tutanota)
- ![Proton Calendar logo](assets/img/calendar/proton-calendar.svg){ .twemoji } [Proton Calendar](calendar.md#proton-calendar)
</div>
[Learn more :material-arrow-right-drop-circle:](calendar.md)
### Cryptocurrency
<div class="grid cards" markdown>
- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji } [Monero](cryptocurrency.md#monero)
</div>
[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md)
### 資料和中繼資料處理
<div class="grid cards" markdown>
- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2)
- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android)
- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios)
- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur)
- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool)
</div>
[Learn more :material-arrow-right-drop-circle:](data-redaction.md)
### Email Clients
<div class="grid cards" markdown>
- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird)
- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos)
- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios)
- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android)
- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome)
- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android)
- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde)
- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser)
- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
</div>
[Learn more :material-arrow-right-drop-circle:](email-clients.md)
### 加密軟體
??? info "Operating System Disk Encryption"
For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems.
[Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)
<div class="grid cards" markdown>
- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator-cloud)
- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file)
- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk)
- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh)
- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor)
- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
</div>
[Learn more :material-arrow-right-drop-circle:](encryption.md)
#### OpenPGP Clients
<div class="grid cards" markdown>
- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard)
- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win)
- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite)
- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain)
</div>
[Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp)
### File Sharing and Sync
<div class="grid cards" markdown>
- ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji } [Send](file-sharing.md#send)
- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare)
- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox)
- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud)
- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing)
</div>
[Learn more :material-arrow-right-drop-circle:](file-sharing.md)
### Frontends
<div class="grid cards" markdown>
- ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](frontends.md#librarian)
- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter)
- ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube)
- ![Yattee logo](assets/img/frontends/yattee.svg){ .twemoji } [Yattee (YouTube; iOS, tvOS, macOS)](frontends.md#yattee)
- ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ .twemoji }![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ .twemoji } [LibreTube (YouTube, Android)](frontends.md#libretube-android)
- ![NewPipe logo](assets/img/frontends/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](frontends.md#newpipe-android)
- ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](frontends.md#invidious)
- ![Piped logo](assets/img/frontends/piped.svg){ .twemoji } [Piped (YouTube, Web)](frontends.md#piped)
</div>
[Learn more :material-arrow-right-drop-circle:](frontends.md)
### Multi-Factor Authentication Tools
<div class="grid cards" markdown>
- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey)
- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
</div>
[Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md)
### News Aggregators
<div class="grid cards" markdown>
- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator)
- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder)
- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader)
- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds)
- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux)
- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire)
- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat)
</div>
[Learn more :material-arrow-right-drop-circle:](news-aggregators.md)
### Notebooks
<div class="grid cards" markdown>
- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin)
- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes)
- ![Cryptee logo](assets/img/notebooks/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/notebooks/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](notebooks.md#cryptee)
- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode)
</div>
[Learn more :material-arrow-right-drop-circle:](notebooks.md)
### Password Managers
<div class="grid cards" markdown>
- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden)
- ![1Password logo](assets/img/password-management/1password.svg){ .twemoji } [1Password](passwords.md#1password)
- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono)
- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc)
- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android)
- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos)
- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass)
</div>
[Learn more :material-arrow-right-drop-circle:](passwords.md)
### Productivity Tools
<div class="grid cards" markdown>
- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud)
- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice)
- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice)
- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad)
- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin)
</div>
[Learn more :material-arrow-right-drop-circle:](productivity.md)
### Real-Time Communication
<div class="grid cards" markdown>
- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal)
- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar](real-time-communication.md#briar)
- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat)
- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element)
- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session)
</div>
[Learn more :material-arrow-right-drop-circle:](real-time-communication.md)
### Video Streaming Clients
<div class="grid cards" markdown>
- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry)
</div>
[Learn more :material-arrow-right-drop-circle:](video-streaming.md)

119
i18n/zh-Hant/tor.md Normal file
View File

@@ -0,0 +1,119 @@
---
title: "Tor Network"
icon: simple/torproject
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
---
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
**Tor** 網絡是一組由志願者操作的伺服器,可讓您免費連線,並改善您的隱私權和安全性。 個人和組織還可以通過 Tor 網絡與“.onion 隱藏服務”分享資訊,而不會損害他們的隱私。 很難阻止和追蹤 Tor 流量,因此它是一種有效的審查規避工具。
[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
Tor 的工作原理是通過志願者運營的服務器來引導您的網際網路路徑,而不是直接連接到您試圖訪問的網站。 這樣可以混淆流量來源,所連接的伺服器都無法看到流量來去的完整路徑,也意味著即使您連接的伺服器無法破壞您的匿名性。
[詳細的 Tor 總覽 :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
## 正在連接到Tor
有多種方式可以從您的設備連上 Tor 網絡,最常用的是 ** Tor 瀏覽器**,這是 Firefox 的一個分支,專為桌面電腦和 Android 的匿名瀏覽而設計。 除了下面列出的應用程序外,還有專門設計用於連接到 Tor 網絡的操作系統,例如 [Qubes OS 作業系統](desktop.md#qubes-os) [Whonix](desktop.md#whonix),它們提供比標準 Tor 瀏覽器更高的安全性和保護。
### Tor Browser
!!! recommendation
! [Tor 瀏覽器標誌] (assets/img/browsers/tor.svg) {align = right}
* * Tor 瀏覽器* *需要匿名的好選擇,為您提供 Tor 網絡和橋接的存取權限,它包含預設設置和擴展其自動配置安全級別有: *標準* 、 *更安全*和*最安全*三種。
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation }
[:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:simple-android: Android] (https://www.torproject.org/download/#android)
- [:simple-windows11: Windows] (https://www.torproject.org/download/)
- [:simple-apple: macOS] (https://www.torproject.org/download/)
- [:simple-linux: Linux] (https://www.torproject.org/download/)
- [:simple-freebsd: FreeBSD] (https://www.freshports.org/security/tor)
!!! 危險
您應該* *永遠不要* *在Tor瀏覽器上安裝任何其他擴充功能或編輯「關於配置」設定包括我們為Firefox建議的設定。 瀏覽器擴充套件和非標準設置會使您在 Tor 網絡上突顯出來,從而使您的瀏覽器更容易變成 [fingerprint] https://support.torproject.org/glossary/browser-fingerprinting )。
Tor 瀏覽器旨在防止指紋識別----根據您的瀏覽器配置識別您。 因此,您 **不應** 修改瀏覽器超出預設 [安全級別](https://tb-manual.torproject.org/security-settings/)。
### Orbot
!!! recommendation
! [Orbot標誌] (assets/img/self-contained-networks/orbot.svg) {align = right}
* * Orbot * *是一款免費的Tor VPN ,適用於智慧型手機,可讓裝置上的任何應用程式流量通過 Tor 網絡。
[:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation}
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store] (https://apps.apple.com/us/app/orbot/id1609461599)
- [:simple-github: GitHub] (https://github.com/guardianproject/orbot/releases)
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
!!! 提示“ Android 使用訣竅”
Orbot 可以代理個別應用程式,如果它們有支援 SOCKS 或 HTTP 代理。 它也能使用 [VpnService] https://developer.android.com/reference/android/net/VpnService )代理您的所有網路連接,其 VPN killswitch 設置在 :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.。
Guardian Project 的[F-Droid repository] (https://guardianproject.info/fdroid)和[Google Play] (https://play.google.com/store/apps/details?id=org.torproject.android)上Orbot 往往不是最新版,因此請考慮直接從 [GitHub repository] (https://github.com/guardianproject/orbot/releases) 下載。
所有版本都使用同一個簽名,因此它們應該相互兼容。
## 中繼和橋接
### Snowflake
!!! recommendation
! [Snowflake logo] (assets/img/browsers/snowflake.svg#only-light) {align = right}
! [Snowflake logo] (assets/img/browsers/snowflake-dark.svg#only-dark) {align = right}
* * Snowflake * *允許您在瀏覽器中操作「Snowflake proxy」將網路頻寛捐給 Tor 專案。
被審查的人可以使用 Snowflake 代理來連接 Tor 網絡。 Snowflake 是貢獻 Tor 網絡的好方法,即便您沒有運行 Tor 中繼或橋接的技術知識。
[:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? 下載
- [:simple-firefoxbrowser: Firefox] (https://addons.mozilla.org/zh-CN/firefox/addon/torproject-snowflake/)
- [:simple-googlechrome: Chrome] (https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
- [:octicons-browser-16: Web] (https://snowflake.torproject.org/embed "保持此頁面開啟成為Snowflake代理")
??? 提示: Embedded Snowflake
您可以在瀏覽器中啟用 Snowflake ,只需按下下方開關,即可= =保持此頁面開啟= =。 您還可以安裝 Snowflake 瀏覽器擴充元件,當開啟瀏覽器時它會一直執行,但添加第三方擴充元件可能會增加遭攻擊面。
<center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
<small>如果沒有顯示嵌入,請確保您沒有封鎖來自`torproject.org`的第三方框架。 或者,請造訪[此頁面] (https://snowflake.torproject.org/embed.html)。</small>
Snowflake 無法加強隱私,也不會在您的個人瀏覽器中連接 Tor網絡。 但如果您的網際網路連接沒有被審查的情形,請考慮使用它,幫助受審查網路中的人們能有更好的隱私。 無需擔心人們通過您的代理訪問哪些網站----他們的可見瀏覽 IP 地址將與其 Tor 出口節點相匹配,而不是您的 IP 地址。
運行 Snowflake 代理風險很低,甚至低於運行 Tor 中繼或橋接器,而這些中繼器或橋接器已經不算是特別高風險的工作。 但是,它通過您的網路進行代理流量,在某些方面可能會產生影響,特別是您的網路頻寬有限制的話。 在運行代理之前,要確保已清楚了解[ Snowflake 運作方式](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) 。
[^1]: The `IsolateDestAddr` setting is discussed on the [Tor mailing list](https://lists.torproject.org/pipermail/tor-talk/2012-May/024403.html) and [Whonix's Stream Isolation documentation](https://www.whonix.org/wiki/Stream_Isolation), where both projects suggest that it is usually not a good approach for most people.

51
i18n/zh-Hant/video-streaming.md Normal file
View File

@@ -0,0 +1,51 @@
---
title: "影片串流"
icon: material/video-wireless
description: 這些服務可讓您串流互聯網內容,而不會記錄個人興趣建立廣告剖繪。
---
使用影片串流平臺時的主要威脅是您的串流習慣和訂閱清單可能被用來剖繪分析您的個人喜好。 您應該將這些工具與 [VPN](vpn.md) 或 [Tor](https://www.torproject.org/) 相結合,以便更難分析您的使用情況。
## LBRY
!!! recommendation
! [LBRY標誌] (assets/img/video-streaming/lbry.svg) {align = right}
* * LBRY 網路* *是一個分散式視頻共享網絡。 它透過類似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-l網路來儲存影片內容再利用 [區塊錬](https://wikipedia.org/wiki/Blockchain) 來存儲影片之索引。 這種設計的主要好處是抵抗審查。
* * LBRY 桌面用戶端* *可協助串流來自 LBRY 網路的影片,並將訂閱清單儲存在自己的 LBRY 錢包。
[:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" }
??? 下載
- [:simple-windows11: Windows](https://lbry.com/windows)
- [:simple-apple: macOS](https://lbry.com/osx)
- [:simple-linux: Linux](https://lbry.com/linux)
!!! 備註
建議僅使用* * LBRY桌面用戶端* * ,因為 F-Droid、Play Store 和App Store 中的 [Odysee](https://odysee.com)網站和 LBRY 用戶端具有強制同步和遙測功能。
!!! 警告
在觀看和託管影片時LBRY 網路可看到您的 IP 位址。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md)或 [Tor](https://www.torproject.org)。
建議**不要** 錢包與 LBRY Inc. 設為同步,因為尚不支援錢包同步的加密功能。 如果您將錢包與 LBRY Inc.同步,則必須信任他們不會查看您的訂閱列表, [LBC](https://lbry.com/faq/earn-credits) 資金或控制您的頻道。
您可以禁用 *儲存託管資料,其設置方法為* 選項中的 :gear: **設置****進階設置**,來避免在長時間使用 LBRY 時暴露 IP 地址和觀看的視頻。
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- 無需集中式帳戶就可觀看影片。
- 分散式驗證,例如通過行動錢包的私鑰進行驗證是可以接受的。

404
i18n/zh-Hant/vpn.md Normal file
View File

@@ -0,0 +1,404 @@
---
title: "VPN 服務"
icon: material/vpn
description: 這些是保護您線上隱私和安全的最佳 VPN 服務。 在這裡找一個不會監視您的供應商。
---
連接到網際網路連線供應商、公共Wi-Fi 網路或下載文件時,如何能有更好的 **隱私**保護 ,只要了解所涉及的風險, VPN 可能是您的解決方案。 我們認為這些供應商高於其他供應商:
<div class="grid cards" markdown>
- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn)
- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad)
- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn)
</div>
!!! 注意 "VPN 不會讓您匿名"
使用 VPN 將* *不會* *讓您的瀏覽習慣被匿名,也不會替不安全( HTTP )流量增加額外的安全性。
如果您追求的是* *匿名性* * ,應該使用 Tor 瀏覽器* *代替* * VPN。
如果要的是更多* *安全性* * ,您應該確保您全程使用 HTTPS 連接到網站。 VPN 不能取代良好的安全措施。
[Download Tor] (https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ] (advanced/tor-overview.md){ .md-button }
[VPN 概述 :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
## 推薦的 DNS 提供商
我們推薦的提供商使用加密、可接受Monero 、支持WireGuard & OpenVPN ,且具有不記錄政策。 閱讀我們的 [完整列表標準](#criteria) 以獲取更多信息。
### IVPN
!!! recommendation
! [IVPN logo] (assets/img/vpn/ivpn.svg) {align = right}
* * IVPN * *是另一家高級 VPN 提供商,自 2009年開始運營。 IVPN 位於直布羅陀。
[:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
??? 下載
- [:simple-android: Android] (https://www.ivpn.net/apps-android/)
- [:simple-appstore: App Store] (https://apps.apple.com/app/ivpn-serious-privacy-protection/id1193122683)
- [:simple-windows11: Windows] (https://www.ivpn.net/apps-windows/)
- [:simple-apple: macOS] (https://www.ivpn.net/apps-macos/)
- [:simple-linux: Linux] (https://www.ivpn.net/apps-linux/)
#### :material-check:{ .pg-green } 35 個國家
IVPN 在 35 個國家/地區擁有 [伺服器](https://www.ivpn.net/server-locations)。 (1)選擇離您最近的伺服器 VPN 供應商,將減少發送網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. 上次檢查日期: 2022-09-16
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } 獨立稽核
IVPN 通過 Cure53</a>
不留記錄審計,該審計結果與 IVPN 的不留記錄聲明一致。 IVPN 還在2020年1月完成了Cure53 [全面的 pentest 報告](https://cure53.de/summary-report_ivpn_2019.pdf) 。 IVPN 也表示打算未來會定期提出 [年度報告](https://www.ivpn.net/blog/independent-security-audit-concluded)。 2022年4月進行[進一步評估](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) ,並由執行單位 Cure53 發佈[在其網站](https://cure53.de/pentest-report_IVPN_2022.pdf)。</p>
#### :material-check:{ .pg-green } 開源客戶端
2020 二月後 [IVPN 應用程式已公開其源代碼](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source)。 源代碼可以從他們的 [GitHub組織](https://github.com/ivpn)獲得。
#### :material-check:{ .pg-green } 接受現金和Monero
除了接受信用卡/簽帳卡和 PayPal 外, IVPN 還接受比特幣 **Monero****現金/當地貨幣** (年度方案繳費)作為匿名付款方式。
#### :material-check:{ .pg-green } WireGuard支持
IVPN 支援 WireGuard 協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
IVPN [建議](https://www.ivpn.net/wireguard/)搭配 WireGuard 一起使用, IVPN's 所有應用程式皆已預設 WireGuard 協議。 IVPN 亦提供 WireGuard 設置生成器以用於官方版本的 WireGuard [應用軟體](https://www.wireguard.com/install/)。
#### :material-check:{ .pg-green } 遠端端口轉發
使用昇級方案可用遠端 [端口轉發](https://en.wikipedia.org/wiki/Port_forwarding) 。 [可以由客戶端區域激活](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html)端口轉發 。 只有使用 WireGuard 或 OpenVPN 協議IVPN 方可轉發端口,但在[美國的伺服器](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html) 不支援此功能。
#### :material-check:{ .pg-green } 手機客戶端
除標準的 OpenVPN 配置文件外, IVPN可以在 [App Store ](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683)、 [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client)和 [GitHub](https://github.com/ivpn/android-app/releases) 下載移動客戶端,以輕鬆連接到他們的伺服器。
#### :material-information-outline:{ .pg-blue } 額外功能
IVPN 客戶端支援雙因素驗證Mullvad 客戶端不支援)。 IVPN 有"[反追蹤](https://www.ivpn.net/antitracker)" 功能,以阻絕來自網路層的廣告與追蹤。
### Mullvad
!!! recommendation
! [Mullvad 標誌] (assets/img/vpn/mullvad.svg) {align = right}
* * Mullvad * *是一個快速且便宜的VPN ,非常注重透明和安全性。 自* * 2009 年* *開始運營。 Mullvad 總部位於瑞典,不提供免費試用。
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
[:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store] (https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub] (https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows] (https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS] (https://mullvad.net/en/download/macos/)
- [:simple-linux: ] (https://mullvad.net/en/download/linux/)
#### :material-check:{ .pg-green } 41 個國家
Mullvad 在 41 個國家/地區設有 [伺服器](https://mullvad.net/servers/)。(1)選擇離您最近伺服器,這將減少您網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. 上次檢查日期: 2023-01-19
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } 獨立稽核
Cure53 審計了 Mullvad's VPN 客戶端軟體, Assured AB 對他們進行穿透測試,相關報告在[ cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf)。 安全研究人員得出結論:
> Cure53 和 Assured AB 對審計結果感到滿意Mullvad 留下整體正面的印象。 由於 Mullvad VPN 內部團隊在安全上的投入,測試人員肯定了該項目從安全角度來看是正確的。
2020年宣布第二次審計 [](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) [最終報告結果](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) 可在 Cure53 網站上獲得:
> 2020年5月~6月針對 Mullvad 的專案結果是相當正面。 [...] Mullvad 使用的整體應用生態系統給人留下了結構完善之印象。 該應用程序的整體結構更容易以結構化的方式推出補丁和修復。 Cure53 的發現展示了不斷審核和重新評估當前泄漏向量的重要性,以始終確保最終用戶的隱私。 Mullvad 在保護最終用戶免受常見 PII 洩漏和隱私相關風險方面做得很好。
2021年宣布[基礎設施審計](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) ,並在 Cure53 網站上公布[最終審計報告](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) 。 2022年6月</>另一份委託 Assured 所作的報告 。</p>
#### :material-check:{ .pg-green } 開源客戶端
Mullvad 在[GitHub 提供其桌面和移動客戶端的源代碼](https://github.com/mullvad/mullvadvpn-app)。
#### :material-check:{ .pg-green } 接受現金和Monero
除了接受信用卡/簽帳卡和 PayPal 外, IVPN 還接受比特幣 **Monero****現金/當地貨幣** (年度方案繳費)作為匿名付款方式。 他們也接受 Swish 和銀行電匯。
#### :material-check:{ .pg-green } WireGuard支持
Mullvad 支持 WireGuard ®協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
Mullvad [建議](https://mullvad.net/en/help/why-wireguard/) 搭配 WireGuard 使用。 Android, iOS, macOS, 與 Linux Mullvad 應用軟體已將 WireGuard 調為預設協議,但 Windows 則須要自行 [手動打開](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard。 Mullvad 提供 WireGuard 配置生成器,搭配 WireGuard 官方 [應用程序](https://www.wireguard.com/install/)。
#### :material-check:{ .pg-green } IPv6 支持
Mullvad 支持未來的網路主流 [IPv6](https://en.wikipedia.org/wiki/IPv6)。 他們的網路可讓您 [存取託管在 IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) 的服務有些供應商會阻止IPv6 連接。
#### :material-check:{ .pg-green } Remote Port Forwarding
遠端 [端口輚發](https://en.wikipedia.org/wiki/Port_forwarding) 可允許單次付款的使用者,但長期/訂閱付款的帳戶不可使用。 這是為了防止 Mullvad 能夠根據端口使用情況和存儲的訂閱資訊來辨識使用者。 請參見 Mullvad VPN</a> 端口轉發 了解更多資訊。</p>
#### :material-check:{ .pg-green } 手機客戶端
Mullvad 有 [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) 和 [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) 用戶端,兩者易於使用的界面,無須手動配置 WireGuard 連接。 Android 客戶端也從 [GitHub](https://github.com/mullvad/mullvadvpn-app/releases)下載。
#### :material-information-outline:{ .pg-blue } 額外功能
Mullvad 對 [自有或租用](https://mullvad.net/en/servers/)的節點非常透明。 他們在 ShadowSocks + OpenVPN 配置中使用 [ShadowSocks](https://shadowsocks.org/) ,以更能抵抗 [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) 試圖阻止 VPN 之防火牆。 據推測, [中國使用不同的方法來阻止 ShadowSocks 伺服器](https://github.com/net4people/bbs/issues/22)。 Mullvad 網站也可以通過 Tor 訪問 [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion)。
### Proton VPN
!!! recommendation annotate
! [Proton VPN標誌] (assets/img/vpn/protonvpn.svg) {align = right}
* * Proton VPN * *是 VPN 領域強大競爭者,自 2016 年開始營運。 Proton AG 總部位於瑞士,提供有限的免費會員等級,以及更多功能的付費選項。
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=ch.protonvpn.android)
- [:simple-appstore: App Store] (https://apps.apple.com/app/apple-store/id1437005085)
- [:simple-github: GitHub] (https://github.com/ProtonVPN/android-app/releases)
- [:simple-windows11: Windows] (https://protonvpn.com/download-windows)
- [:simple-linux: Linux] (https://protonvpn.com/support/linux-vpn-setup/)
#### :material-check:{ .pg-green } 67個國家
Proton VPN 在67個國家/地區設有 [伺服器](https://protonvpn.com/vpn-servers). (1)選擇距離您最近的伺服器的VPN供應商將減少您網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. 上次檢查日期: 2022-09-16
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } 獨立稽核
截至 2020年1月 Proton VPN 已接受 SEC Consult 的獨立審計。 SEC Consult 在 Proton VPN Windows、Android 和 iOS應用程序中發現一些中低風險漏洞Proton VPN 已在報告發布之前全部“正確修復”這些漏洞。 所發現的問題都不會讓攻擊者遠端存取您的裝置或流量。 您可以透過 [protonvpn.com](https://protonvpn.com/blog/open-source/)查看各個平臺的報告。 2022 年 4月Proton VPN 通過 [另一次審計](https://protonvpn.com/blog/no-logs-audit/) [ Securitum 所作的報告在此](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf)。 [Securitum](https://research.securitum.com) 在 2021年11月9日簽發 [Proton VPN 的應用程式認證函](https://proton.me/blog/security-audit-all-proton-apps) 。
#### :material-check:{ .pg-green } 開源客戶端
Proton VPN 在 [GitHub](https://github.com/ProtonVPN) 提供其桌面和移動客戶端的源代碼。
#### :material-check:{ .pg-green } 接受現金
除信用卡/簽帳卡、PayPal 和 [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc)之外Proton VPN 還接受 **現金/當地貨幣** 等匿名付款方式。
#### :material-check:{ .pg-green } WireGuard支持
Proton VPN 支持 WireGuard ®協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
Proton VPN [建議](https://protonvpn.com/blog/wireguard/) 搭配 WireGuard 使用。 Proton VPN 在 Windows, macOS, iOS, Android, ChromeOS, 以及 Android TV 等平台的應用軟體, WireGuard 已是預設協議,不過[尚未支援](https://protonvpn.com/support/how-to-change-vpn-protocols/) Linux 作業系統的應用軟體。
#### :material-alert-outline:{ .pg-orange } 遠端端口轉發
Proton VPN 目前只支援 Windows 遠端 [端口轉發](https://protonvpn.com/support/port-forwarding/) ,它可能會影響某些應用程式。 尤其是像 Torrent 客戶端這類 P2P 應用程式。
#### :material-check:{ .pg-green } 手機客戶端
除了提供標準的 OpenVPN 配置檔案外, Proton VPN 還有 [ App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085)、 [ Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US)和 [個GitHub](https://github.com/ProtonVPN/android-app/releases) 的移動客戶端,可以輕鬆連接到其伺服器。
#### :material-information-outline:{ .pg-blue } 額外功能
除 Linux 以外Proton VPN 客戶端目前支持所有平臺上的雙因素身份驗證。 在瑞士、冰島和瑞典Proton VPN 擁有自己的伺服器和資料中心。 他們透過自己的 DNS 服務,來封鎖廣告和已知的惡意軟體網域。 此外, Proton VPN 還提供“Tor”伺服器讓您可輕鬆連接到洋蔥網站但我們仍然強烈建議這類目的最好還是使用 [官方 Tor 瀏覽器](https://www.torproject.org/) 。
#### :material-alert-outline:{ .pg-orange } Killswitch 無法用在 Intel 處理器的 Mac 電腦
Intel 處理器的 Mac 電腦 若用 VPN killswitch 會發生 [系統崩潰](https://protonvpn.com/support/macos-t2-chip-kill-switch/) 。 如果您需要此功能,但使用的是搭載 Intel 晶片組的Mac ,則應考慮使用其他 VPN 服務。
## 標準
!!! 危險
重要的是要注意,使用 VPN 不會使您匿名,但在某些情況下可以提供更好的隱私。 VPN不是非法活動的工具。 不要依靠“不留記錄”政策。
**請注意我們和所推薦的服務商沒有任何利害關係。 這使我們能夠提供完全客觀的建議。** 除了 [我們的標準條件](about/criteria.md)外,我們還為任何希望獲得推薦的 VPN 服務商制定了一套明確的要求,包括強大的加密、獨立的安全審計、現代技術等。 我們建議您在選擇 VPN 供應商之前先熟悉此清單,並進行自己的研究,盡可能地確保您選擇的 VPN 供應商值得信賴。
### 技術
我們要求所有推薦的 VPN 服務商有提供 OpenVPN 配置檔案,以便用在任何客戶端。 **如果** VPN 提供自定用戶端,則要求有 killswitch 來阻止未連接 VPN 時網路資料遭洩漏。
**最低合格要求:**
- 支援強固的協議,如 WireGuard & OpenVPN。
- 客戶端內建 Killswitch。
- Multihop支持。 萬一單個節點受損,多跳方式就非常重要,才能保持數據的私密性。
- 如果提供 VPN 用戶端,它們應該為 [開源](https://en.wikipedia.org/wiki/Open_source),就如同所內置的 VPN 軟體。 我們相信, 可取得的[源代碼](https://en.wikipedia.org/wiki/Source_code) 可為用戶設備實際運作提供更高的透明度。
**最佳案例:**
- 支持 WireGuard 和 OpenVPN。
- Killswitch 具高度可配置選項(啟用/禁用某些網路、開機時啟閉等上)
- 易於使用的 VPN 客戶端
- 支援 [IPv6](https://en.wikipedia.org/wiki/IPv6)協議 我們預期伺服器將允許透過 IPv6 傳入連線並允許您存取託管在IPv6 位址上的服務。
- [遠端端口轉發](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) 的功能可協助在使用P2P [對等](https://en.wikipedia.org/wiki/Peer-to-peer)檔案共享軟體或自建伺服器例如Mumble )時建立連接。
### 隱私
我們希望所推薦的提供商盡可能減少客戶資料收集。 不收集註冊時的個人資訊,並接受匿名形式的付款是必需的。
**最低合格要求:**
- [匿名加密貨幣](cryptocurrency.md) **或** 現金支付選項。
- 註冊時無需個人資料:最多只需提供使用者名稱、密碼和電子郵件。
**最佳案例:**
- 接受多種 [匿名付款方式](advanced/payments.md)。
- 無需任何個人資訊(自動生成的用戶名稱、不要求電子郵件等)。
### 安全
若 VPN 不能提供足夠安全性,它就毫無意義。 我們要求所有推薦的供應商遵守其 OpenVPN 連接的現行安全標準。 理想中,預設他們會使用更多面向未來的加密方案。 我們要求有獨立的第三方來審核供應商的安全性,理想情況下是每年都能進行全方方面審計。
**最低合格要求:**
- 強固加密方案:具有 SHA-256 驗證的 OpenVPN; RSA-2048 或更好的握手; AES-256-GCM 或 AES-256-CBC 數據加密。
- 完全前向保密 (PFS)
- 公佈信譽良好第三方公司的安全審計。
**最佳案例:**
- 最強加密: RSA-4096。
- 完全前向保密 (PFS)
- 由信譽良好的第三方公司執行公佈的全面安全審計。
- 漏洞獎勵計劃和/或協調漏洞披露過程。
### 信任
您不會把財務資料交給身份作假的人,又怎會信任他們來處置您的網路資料? 我們要求推薦的供應商公開其所有權或領導層級狀況。 我們也希望看到頻繁的透明度報告,特別是關於如何處理政府要求的報告。
**最低合格要求:**
- 面向公眾的領導或所有權。
**最佳案例:**
- 面向公眾的領導
- 頻繁的透明度報告。
### 行銷
對於所推薦的 VPN 服務商,我們樂見更負責任的營銷。
**最低合格要求:**
- 必須自行託管分析工具(例如不用 Google Analytics )。 供應商的網站還必須符合 [DNT請勿追蹤](https://en.wikipedia.org/wiki/Do_Not_Track) 的要求。
不得有任何不負責任的行銷:
- 保證 100% 匿名性保護。 當有人聲稱某件事是100% 時,這意味他對失敗也無從確定。 我們知道有許多方式可以輕易地去匿名化,例如:
- 重複未用匿名軟體( Tor 、VPN等情況下所留的個人資料例如電子郵件帳戶、獨特的假名等
- [瀏覽器指紋](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- 聲稱單一迴路中 VPN 比 Tor “更匿名” Tor 是由三個或更多個跳組成經常變化的迴路。
- 使用負責任的語言也就是說可以說VPN “已斷開”或“未連接” ,但是聲稱某人“暴露” “易受攻擊”或“受損”是不必要的使用可能不正確的警告語言。 例如此人可能只是使用其他VPN提供商的服務或使用Tor。
**最佳案例:**
負責任的行銷,既具教育意義又對消費者實用,可能包括:
- 與何時應使用 [Tor](tor.md) 的準確比較。
- VPN 服務商網站可否透過 [.onion服務](https://en.wikipedia.org/wiki/.onion)訪問。
### 附加功能
雖不是嚴格要求,在決定推薦哪些服務商時我們還會考慮其他一些便利或隱私因素。 其中包括i廣告/跟蹤阻擋功能、warrant canaries、多跳連接、出色的客戶支持、允許同時連接的數量等。