privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-05-31 15:39:12 +00:00
Code Issues Activity

style!: Convert recommendations to Hugo formatting

Browse Source
This commit is contained in:
Jonah Aragon
2026-05-12 15:09:02 -05:00
parent caed4eb4b6
commit 3dd0363cca
71 changed files with 1553 additions and 2613 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/tools/advanced/alternative-networks/_index.md
+38 -67
View File
@@ -12,25 +12,29 @@ description: These tools allow you to access networks other than the World Wide
When it comes to anonymizing networks, we want to specially note that [Tor](../../../wiki/advanced/tor-overview.md) is our top choice. It is by far the most utilized, robustly studied, and actively developed anonymous network. Using other networks could be more likely to endanger your [:material-incognito: Anonymity](../../../wiki/basics/common-threats.md#anonymity-vs-privacy){ .pg-purple }, unless you know what you're doing.
<div class="pg-card-logos">
{{< cards >}}
{{< card link="#tor" title="Tor" image="./tor.svg" subtitle="The Tor network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with “.onion hidden services” without compromising their privacy." >}}
{{< card link="#orbot" title="Orbot" image="./orbot.svg" subtitle="Orbot is a mobile application which routes traffic from any app on your device through the Tor network." >}}
{{< card link="#snowflake" title="Snowflake" image="./snowflake.svg" subtitle="Snowflake allows you to donate bandwidth to the Tor Project by operating a “Snowflake proxy” within your browser." >}}
{{< card link="#i2p-the-invisible-internet-project" title="I2P" image="./i2p.svg" subtitle="I2P is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous." >}}
{{< /cards >}}
</div>
### Tor
<div class="admonition recommendation" markdown>
![Tor logo](tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray } circumvention tool.
[:octicons-home-16:](https://torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
[:octicons-info-16:](https://tb-manual.torproject.org){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/core/tor){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</div>
{{< cards >}}
{{< card link="https://torproject.org" title="Homepage" icon="home" >}}
{{< card link="https://tb-manual.torproject.org" title="Documentation" icon="document-text" >}}
{{< /cards >}}
The recommended way to access the Tor network is via the official Tor Browser, which we have covered in more detail on a dedicated page:
[Tor Browser Info :material-arrow-right-drop-circle:](tor.md){ .md-button .md-button--primary } [Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button }
[Tor Browser Info :material-arrow-right-drop-circle:](../../software/tor/_index.md){ .md-button .md-button--primary }
[Detailed Tor Overview :material-arrow-right-drop-circle:](../../../wiki/advanced/tor-overview.md){ .md-button }
You can access the Tor network using other tools; making this determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
@@ -43,29 +47,17 @@ You can try connecting to *Privacy Guides* via Tor at [xoe4vn5uwdztif6goazfbmogh
#### Orbot
<div class="admonition recommendation" markdown>
![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
**Orbot** is a mobile application which routes traffic from any app on your device through the Tor network.
[:octicons-home-16: Homepage](https://orbot.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://orbot.app/faqs){ .card-link title="Documentation" }
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title="Contribute" }
{{< cards >}}
{{< card link="https://orbot.app" title="Homepage" icon="home" >}}
{{< card link="https://orbot.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1609461599)
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
- [:simple-fdroid: F-Droid](https://guardianproject.info/fdroid)
</details>
</div>
[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=org.torproject.android)
[{{< badge content="App Store" color="blue" >}}](https://apps.apple.com/app/id1609461599)
[{{< badge content="GitHub" >}}](https://github.com/guardianproject/orbot/releases)
[{{< badge content="F-Droid" >}}](https://guardianproject.info/fdroid)
We previously recommended enabling the *Isolate Destination Address* preference in Orbot settings. While this setting can theoretically improve privacy by enforcing the use of a different circuit for each IP address you connect to, it doesn't provide a practical advantage for most applications (especially web browsing), can come with a significant performance penalty, and increases the load on the Tor network. We no longer recommend adjusting this setting from its default value unless you know you need to.[^1]
@@ -81,23 +73,14 @@ We previously recommended enabling the *Isolate Destination Address* preference
#### Snowflake
<div class="admonition recommendation" markdown>
![Snowflake logo](assets/img/self-contained-networks/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/self-contained-networks/snowflake-dark.svg#only-dark){ align=right }
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
[:octicons-home-16: Homepage](https://snowflake.torproject.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org){ .card-link title=Contribute }
</details>
</div>
{{< cards >}}
{{< card link="https://snowflake.torproject.org" title="Homepage" icon="home" >}}
{{< card link="https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview" title="Documentation" icon="document-text" >}}
{{< /cards >}}
You can enable Snowflake in your browser by opening it in another tab and turning the switch on. You can leave it running in the background while you browse to contribute your connection. We don't recommend installing Snowflake as a browser extension, because adding third-party extensions can increase your attack surface.
@@ -109,30 +92,18 @@ Running a Snowflake proxy is low-risk, even more so than running a Tor relay or
### I2P (The Invisible Internet Project)
<div class="admonition recommendation" markdown>
![I2P logo](assets/img/self-contained-networks/i2p.svg#only-light){ align=right }
![I2P logo](assets/img/self-contained-networks/i2p-dark.svg#only-dark){ align=right }
**I2P** is a network layer which encrypts your connections and routes them via a network of computers distributed around the world. It is mainly focused on creating an alternative, privacy-protecting network rather than making regular internet connections anonymous.
[:octicons-home-16: Homepage](https://geti2p.net/en){ .md-button .md-button--primary }
[:octicons-info-16:](https://geti2p.net/en/about/software){ .card-link title=Documentation }
[:octicons-code-16:](https://github.com/i2p/i2p.i2p){ .card-link title="Source Code" }
[:octicons-heart-16:](https://geti2p.net/en/get-involved){ .card-link title=Contribute }
{{< cards >}}
{{< card link="https://geti2p.net/en" title="Homepage" icon="home" >}}
{{< card link="https://geti2p.net/en/about/software" title="Documentation" icon="document-text" >}}
{{< /cards >}}
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.i2p.android)
- [:simple-android: Android](https://geti2p.net/en/download#android)
- [:fontawesome-brands-windows: Windows](https://geti2p.net/en/download#windows)
- [:simple-apple: macOS](https://geti2p.net/en/download#mac)
- [:simple-linux: Linux](https://geti2p.net/en/download#unix)
</details>
</div>
[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=net.i2p.android)
[{{< badge content="Android" >}}](https://geti2p.net/en/download#android)
[{{< badge content="Windows" color="red" >}}](https://geti2p.net/en/download#windows)
[{{< badge content="macOS" color="indigo" >}}](https://geti2p.net/en/download#mac)
[{{< badge content="Linux" color="yellow" >}}](https://geti2p.net/en/download#unix)
Unlike Tor, all I2P traffic is internal to the I2P network, which means regular internet websites are **not** directly accessible from I2P. Instead, you can connect to websites which are hosted anonymously and directly on the I2P network, which are called "eepsites" and have domains which end in `.i2p`.
@@ -145,7 +116,7 @@ You can try connecting to *Privacy Guides* via I2P at [privacyguides.i2p](http:/
Also, unlike Tor, every I2P node will relay traffic for other users by default, instead of relying on dedicated relay volunteers to run nodes. There are approximately [10,000](https://metrics.torproject.org/networksize.html) relays and bridges on the Tor network compared to ~50,000 on I2P, meaning there is potentially more ways for your traffic to be routed to maximize anonymity. I2P also tends to be more performant than Tor, although this is likely a side effect of Tor being more focused on regular "clearnet" internet traffic and thus using more bottle necked exit nodes. Hidden service performance is generally considered to be much better on I2P compared to Tor. While running P2P applications like BitTorrent is challenging on Tor (and can massively impact Tor network performance), it is very easy and performant on I2P.
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](tor.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](desktop-browsers.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
There are downsides to I2P's approach, however. Tor relying on dedicated exit nodes means more people in less safe environments can use it, and the relays that do exist on Tor are likely to be more performant and stable, as they generally aren't run on residential connections. Tor is also far more focused on **browser privacy** (i.e. anti-fingerprinting), with a dedicated [Tor Browser](../../software/tor/_index.md) to make browsing activity as anonymous as possible. I2P is used via your [regular web browser](../../software/desktop-browsers/_index.md), and while you can configure your browser to be more privacy-protecting, you probably still won't have the same browser fingerprint as other I2P users (there's no "crowd" to blend in with in that regard).
Tor is likely to be more resistant to censorship, due to their robust network of bridges and varying [pluggable transports](https://tb-manual.torproject.org/circumvention). On the other hand, I2P uses directory servers for the initial connection which are varying/untrusted and run by volunteers, compared to the hard-coded/trusted ones Tor uses which are likely easier to block.
content/tools/advanced/alternative-networks/onion_browser.svg
-1
View File
@@ -1 +0,0 @@
<svg width="128" height="128" version="1.1" viewBox="0 0 33.867 33.867" xmlns="http://www.w3.org/2000/svg"><defs><linearGradient id="linearGradient-1" x1="3.2519" x2="50.717" y1="38.779" y2="16.874" gradientUnits="userSpaceOnUse"><stop stop-color="#B631D9" offset="0"/><stop stop-color="#490161" offset="1"/></linearGradient><linearGradient id="linearGradient-2" x1="53.245" x2=".63" y1="29.738" y2="29.738" gradientUnits="userSpaceOnUse"><stop stop-color="#B631D9" offset="0"/><stop stop-color="#490161" offset="1"/></linearGradient></defs><g transform="matrix(.64533 0 0 .64533 8.5333e-8 -.31881)" fill="none" fill-rule="evenodd"><g transform="translate(-39,-31)"><g id="Group-4-Copy" transform="translate(39,31)"><path id="Combined-Shape" d="m26.24 0.49404c14.492 0 26.24 11.748 26.24 26.24s-11.748 26.24-26.24 26.24-26.24-11.748-26.24-26.24 11.748-26.24 26.24-26.24zm0 13.053c-7.2828 0-13.187 5.9038-13.187 13.187 0 7.2828 5.9038 13.187 13.187 13.187 7.2828 0 13.187-5.9038 13.187-13.187 0-7.2828-5.9038-13.187-13.187-13.187z" fill="url(#linearGradient-1)"/><path d="m26.88 8.174c10.604 0 19.2 8.5961 19.2 19.2s-8.5961 19.2-19.2 19.2-19.2-8.5961-19.2-19.2 8.5961-19.2 19.2-19.2zm0 6c-7.2902 0-13.2 5.9098-13.2 13.2s5.9098 13.2 13.2 13.2 13.2-5.9098 13.2-13.2-5.9098-13.2-13.2-13.2z" fill="url(#linearGradient-2)"/></g></g></g></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 1.3 KiB

content/tools/advanced/device-integrity/_index.md
+29 -54
View File
@@ -12,6 +12,14 @@ These tools may provide utility for certain individuals. They provide functional
</div>
<div class="pg-card-logos">
{{< cards >}}
{{< card link="#mobile-verification-toolkit" title="MVT" image="./mvt.webp" subtitle="Mobile Verification Toolkit (MVT) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the Pegasus Project." >}}
{{< card link="#imazing-ios" title="iMazing" image="./imazing.png" subtitle="iMazing provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for MVT. This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators." >}}
{{< card link="#auditor-android" title="Auditor" image="./auditor.svg" subtitle="Auditor is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for supported devices." >}}
{{< /cards >}}
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
## General Advice
@@ -64,25 +72,15 @@ These tools can trigger false-positives. If any of these tools finds indicators
### Mobile Verification Toolkit
<div class="admonition recommendation" markdown>
![MVT logo](assets/img/device-integrity/mvt.webp#only-light){ align=right }
![MVT logo](assets/img/device-integrity/mvt-dark.png#only-dark){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project).
[:octicons-home-16: Homepage](https://mvt.re){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
{{< cards >}}
{{< card link="https://mvt.re" title="Homepage" icon="home" >}}
{{< card link="https://github.com/mvt-project/mvt" title="Source code" icon="code" >}}
{{< /cards >}}
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install)
</details>
</div>
[{{< badge content="macOS" color="indigo" >}}](https://docs.mvt.re/en/latest/install)
[{{< badge content="Linux" color="yellow" >}}](https://docs.mvt.re/en/latest/install)
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
@@ -106,25 +104,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
<div class="admonition recommendation" markdown>
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
[:octicons-home-16: Homepage](https://imazing.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
{{< cards >}}
{{< card link="https://imazing.com" title="Homepage" icon="home" >}}
{{< card link="https://imazing.com/privacy-policy" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:fontawesome-brands-windows: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
[{{< badge content="Windows" color="red" >}}](https://imazing.com/download)
[{{< badge content="macOS" color="indigo" >}}](https://imazing.com/download)
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@@ -146,33 +134,20 @@ Using these apps is insufficient to determine that a device is "clean", and not
### Auditor (Android)
<div class="admonition recommendation" markdown>
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
{{< cards >}}
{{< card link="https://attestation.app" title="Homepage" icon="home" >}}
{{< card link="https://attestation.app/privacy-policy" title="Privacy Policy" icon="eye" >}}
{{< /cards >}}
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
[{{< badge content="Google Play" color="green" >}}](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
[{{< badge content="GitHub" >}}](https://github.com/GrapheneOS/Auditor/releases)
[{{< badge content="GrapheneOS App Store" >}}](https://github.com/GrapheneOS/Apps/releases)
Auditor is not a scanning/analysis tool like some other tools on this page. Rather, it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
Auditor performs attestation and intrusion detection with **two** devices, an *auditee* (the device being verified) and an *auditor* (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
Auditor performs attestation and intrusion detection with **two** devices, an *auditee* (the device being verified) and an *auditor* (the device performing the verification). The auditor can be any Android 10+ device (or a remote web service operated by [GrapheneOS](../../os/android/distributions.md#grapheneos)), while the auditee must be a specifically [supported device](https://attestation.app/about#device-support). Auditor works by:
- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore) of the *Auditor*.
- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app).
@@ -184,4 +159,4 @@ It is important to note that Auditor can only effectively detect changes **after
No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring.
If your [threat model](../../../wiki/basics/threat-modeling.md requires hiding your IP address from the attestation service, you could consider using [Orbot](alternative-networks.md#orbot) or a [VPN](vpn.md).
If your [threat model](../../../wiki/basics/threat-modeling.md) requires hiding your IP address from the attestation service, you could consider using [Orbot](../alternative-networks/_index.md#orbot) or a [VPN](../../services/vpn/_index.md).