privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-08-08 03:51:05 +00:00
Code Issues Activity

New Crowdin Translations (#2110)

Browse Source 
Co-authored-by: Crowdin Bot <support+bot@crowdin.com>
This commit is contained in:
Privacy Guides [bot]
2023-04-04 21:38:20 -05:00
committed by GitHub
parent 6582156917
commit 4847c25066
624 changed files with 36410 additions and 5747 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
i18n/zh-Hant/about/index.md
View File

@@ -1,19 +1,30 @@
---
template: schema.html
title: "About Privacy Guides"
description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.
schema:
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
---
![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right }
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers.
**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.
[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage }
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
[:octicons-heart-16:](donate.md){ .card-link title=Contribute }
The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities.
> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that arent run by the big tech companies.
— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/)
@@ -22,7 +33,7 @@ The purpose of Privacy Guides is to educate our community on the importance of p
— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch]
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], [NPO Radio 1](https://www.nporadio1.nl/nieuws/binnenland/8eaff3a2-8b29-4f63-9b74-36d2b28b1fe1/ooit-online-eens-wat-doms-geplaatst-ga-jezelf-eens-googlen-en-kijk-dan-wat-je-tegenkomt), and [Wired](https://www.wired.com/story/firefox-mozilla-2022/).
## History
@@ -82,7 +93,9 @@ Our team members review all changes made to the website and handle administrativ
## Site License
*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):*
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material.

23
i18n/zh-Hant/about/notices.md
View File

@@ -1,7 +1,5 @@
---
title: "Notices and Disclaimers"
hide:
- toc
---
## Legal Disclaimer
@@ -14,21 +12,26 @@ Privacy Guides is an open source project contributed to under licenses that incl
Privacy Guides additionally does not warrant that this website will be constantly available, or available at all.
## Licenses
## Licensing Overview
Unless otherwise noted, all content on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE).
!!! danger ""
The following is a human-readable summary of (and not a substitute for) the [license](/license).
Unless otherwise noted, all **content** on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). The underlying **source code** used to generate this website and display that content is released under the [MIT License](https://github.com/privacyguides/privacyguides.org/tree/main/LICENSE-CODE).
This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive:
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE).
* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/theme/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt).
* The [Bagnard](https://github.com/privacyguides/brand/tree/main/WOFF/bagnard) heading font is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/bagnard/LICENSE.txt).
* The [Public Sans](https://github.com/privacyguides/brand/tree/main/WOFF/public_sans) font used for most text on the site is licensed under the terms detailed [here](https://github.com/privacyguides/brand/blob/main/WOFF/public_sans/LICENSE.txt).
* The [DM Mono](https://github.com/privacyguides/brand/tree/main/WOFF/dm_mono) font used for monospaced text on the site is licensed under the [SIL Open Font License 1.1](https://github.com/privacyguides/brand/blob/main/WOFF/dm_mono/LICENSE.txt).
This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo.
We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.*
When you contribute to this repository you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
When you contribute to our website you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project.
## Acceptable Use
@@ -41,3 +44,7 @@ You must not conduct any systematic or automated data collection activities on o
* Scraping
* Data Mining
* 'Framing' (IFrames)
---
*Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://creativecommons.org/licenses/by-sa/4.0/).*

2
i18n/zh-Hant/about/privacy-policy.md
View File

@@ -1,5 +1,5 @@
---
title: "Privacy Policy"
title: "隐私政策"
---
Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people).

126
i18n/zh-Hant/advanced/communication-network-types.md
View File

@@ -1,103 +1,103 @@
---
title: "Types of Communication Networks"
title: "通訊網路的類型"
icon: 'material/transit-connection-variant'
description: An overview of several network architectures commonly used by instant messaging applications.
description: 簡介常見的即時通訊應用程式網路架構。
---
There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use.
有幾種網絡架構常運用於在人與人之間傳遞消息。 這些網路提供不同的隱私保證,這就是為什麼在決定使用哪個應用程式時,最好能考慮您的[威脅模型](../basics/threat-modeling.md)
[Recommended Instant Messengers](../real-time-communication.md ""){.md-button}
[推薦的即時通訊工具](../real-time-communication.md ""){.md-button}
## Centralized Networks
## 集中式網絡
![Centralized networks diagram](../assets/img/layout/network-centralized.svg){ align=left }
![集中網絡圖](../assets/img/layout/network-centralized.svg){ align=left }
Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization.
集中式信使是指所有參與者都在同一伺服器或同一組織所控制的伺服器網絡。
Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees, such as no usage logs or limited access to metadata (data about who is talking to whom). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate.
有些自託管信使允許設置自己的伺服器。 自託管可以提供額外的隱私保證,例如不用記錄或限制讀取元數據(關於誰與誰交談的資料)。 自託管的集中式信使是隔離的,每個人都必須在同一個伺服器上進行通信。
**Advantages:**
**優點**
- New features and changes can be implemented more quickly.
- Easier to get started with and to find contacts.
- Most mature and stable features ecosystems, as they are easier to program in a centralized software.
- Privacy issues may be reduced when you trust a server that you're self-hosting.
- 新功能和變更可以更快地實施。
- 更容易使用和查找聯系人。
- 近乎成熟和穩定的生態系統,因為集中式軟件更容易編程。
- 當您信任自我託管的伺服器時,隱私問題可能會減少。
**Disadvantages:**
**缺點**
- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like:
- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage.
- Poor or no documentation for third-party developers.
- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.
- Self-hosting requires effort and knowledge of how to set up a service.
- [限制控制或存取](https://drewdevault.com/2018/08/08/Signal.html)。 可能包括以下內容:
- 集中型網路 [禁封了](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165)可以提供更靈活自定與更佳使用體驗的第三方客戶端。 通常定義在使用條款和條件。
- 對於第三方開發人員來說,文件記錄很糟。
- 由單一實體控制服務時,其 [所有權](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/)、隱私政策和服務操作可輕易改變,甚致危及服務。
- 自我託管需要精力和設置服務的知識。
## Federated Networks
## 聯邦式網絡
![Federated networks diagram](../assets/img/layout/network-decentralized.svg){ align=left }
![聯邦式網絡圖](../assets/img/layout/network-decentralized.svg){ align=left }
Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.
聯合信使使用多個獨立的分散式伺服器,這些伺服器能夠彼此通訊(電子郵件是聯合服務的一個例子)。 聯邦讓系統管理員控制自己的伺服器,成為更大通訊網絡中的一員。
When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server).
當自行託管時,聯邦伺服器的成員可以發現並與其他伺服器的成員進行通信,而有些伺服器可能會選擇保持私密而不加入聯邦(例如工作團隊伺服器)。
**Advantages:**
**優點**
- Allows for greater control over your own data when running your own server.
- Allows you to choose whom to trust your data with by choosing between multiple "public" servers.
- Often allows for third-party clients which can provide a more native, customized, or accessible experience.
- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member).
- 運行自己的伺服器可以更加控制自己的資料。
- 可從多個“公共”伺服器之中選擇信任的資料託付者。
- 可讓第三方客戶端提供更原生、定制或親和的體驗。
- 假設您有存取伺服器的權限或信任有此權限的人(例如,家庭成員),可以驗證伺服器軟體是否與公開原始碼相符。
**Disadvantages:**
**缺點**
- Adding new features is more complex because these features need to be standardized and tested to ensure they work with all servers on the network.
- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion.
- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).
- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used.
- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers.
- 添加新功能較複雜,因為這些功能需要標準化和測試,以確保可與網絡上的所有伺服器配合使用。
- 根據前一點,與集中式平臺相比,聯邦式網絡欠缺完整功能或容易出現意外,例如離線時的訊息中繼或訊息刪除。
- 可能會產生某些元數據(例如使用 E2EE 時, “誰在與誰交談”但不知其實際內容的資料)。
- 聯邦式伺服器通常需要信任伺服器管理員。 他們可能是業餘愛好者,也不是“安全專業人士” ,欠缺標準文件,如隱私政策或服務條款,來詳細說明資料如何被使用。
- 伺服器管理員有時會封鎖其他伺服器,因為它們無節制地濫用的或違反公認行為的一般規則。 這會阻礙您與這些伺服器成員溝通的能力。
## Peer-to-Peer Networks
## 對等網絡
![P2P diagram](../assets/img/layout/network-distributed.svg){ align=left }
![P2P示意圖](../assets/img/layout/network-distributed.svg){ align=left }
P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server.
P2P 軟體連接到 [分佈式網路](https://en.wikipedia.org/wiki/Distributed_networking) 中的節點,在沒有第三方伺服器的情況下將訊息傳遞給收件人。
Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://www.scuttlebutt.nz) social network protocol).
客戶端(對等軟體)通常通過 [分布式計算](https://en.wikipedia.org/wiki/Distributed_computing) 網絡找到彼此。 例如, [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT) [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) 使用。 另一種方法是鄰近的網絡通過WiFi或藍牙建立連接例如 Briar [Scuttlebutt](https://www.scuttlebutt.nz) 社交網絡協議)。
Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient.
一旦對等體通過任何這些方法找到通往其聯繫的路徑,它們之間就會建立直接連接。 通常訊息內容會加密,但觀察者仍然可以推斷發件人和收件人的位置和身份。
P2P networks do not use servers, as peers communicate directly between each other and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting.
P2P 網絡不使用伺服器,對等方彼此之間直接通信,因此不能自我託管。 但是,一些額外的服務可能要靠集中式伺服器,例如用戶看到或轉發離線消息,這些需要自託管伺服器的協助。
**Advantages:**
**優點**
- Minimal information is exposed to third-parties.
- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.
- 最少的信息暴露給第三方。
- 現代 P2P 平臺皆已預設為 E2EE。 不像集中和聯邦式網絡,沒有伺服器會攔截和解密您的傳輸。
**Disadvantages:**
**缺點**
- Reduced feature set:
- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.
- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.
- Some common messenger features may not be implemented or incompletely, such as message deletion.
- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention.
- 精簡功能集:
- 訊息只能在兩個對等方都在線時發送,但是,客戶端可能會在本地儲存訊息以等待聯絡人在線時送出。
- 增加移動設備的電池使用量,因為客戶端必須保持與分佈式網絡的連接,以了解誰在線。
- 缺少某些傳訊功能或不完整,例如訊息刪除。
- 如果您未將軟體與 [VPN](../vpn.md) [Tor](../tor.md)配合使用,則很可能暴露了自己和通訊聯絡人的 IP 位址。 許多國家都有某種形式的大規模監控和/或元數據保留。
## Anonymous Routing
## 匿名路由
![Anonymous routing diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left }
![匿名路由示意圖](../assets/img/layout/network-anonymous-routing.svg){ align=left }
A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three.
使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的傳訊方式會隱藏發送者、接收者的身份或他們一直在溝通的證據。 理想情況下,這三種東西都該被隱藏。
There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers."
匿名路由[有多種](https://doi.org/10.1145/3182658) 實現方式。 其中最著名 [洋蔥路由](https://en.wikipedia.org/wiki/Onion_routing) (即 [Tor](tor-overview.md) ,該虛擬 [覆蓋網絡](https://en.wikipedia.org/wiki/Overlay_network) 隱藏節點位置以及收件人和發件人之間的加密訊息。 發送者和接收者不會直接互動,而是通過祕密會合節點,這樣就不會洩漏 IP 位址或物理位置。 節點無法解密訊息,也無法解密最終目的地;只有收件人可以。 中間節點只能解密下一步送到哪裡的指示,消息本體仍保持加密直到送達最終有權限解密的收件人,因此是“洋蔥層”。
Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit.
在匿名路由網絡中自我託管節點無法增加額外隱私優勢,但有助於整個網絡軔性抵禦識別攻擊。
**Advantages:**
**優點**
- Minimal to no information is exposed to other parties.
- Messages can be relayed in a decentralized manner even if one of the parties is offline.
- 很少甚至無資訊暴露給其他方。
- 消息可以以分散的方式接力傳遞,即使其中一方離線。
**Disadvantages:**
**缺點**
- Slow message propagation.
- Often limited to fewer media types, mostly text, since the network is slow.
- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline.
- More complex to get started, as the creation and secured backup of a cryptographic private key is required.
- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion.
- 消息傳播速度慢。
- 通常僅支援少數媒體類型,因為網絡速度慢主要為文字傳輸。
- 隨機路由選擇節點,某些節點可能遠離發送者和接收者,增加延遲,甚至因某個節點離線而無法傳輸消息。
- 入手更複雜,因為需要創建和備份加密私鑰。
- 如同其他分散式平臺,對開發人員而言,添加功能比集中式平臺更複雜。 因此,功能欠缺或未完全執行,例如離線消息中繼或消息刪除。

194
i18n/zh-Hant/advanced/dns-overview.md
View File

@@ -1,50 +1,50 @@
---
title: "DNS 簡介"
icon: material/dns
description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for.
description: 網域名稱系統是“網際網路電話簿” ,可幫助瀏覽器找到它正在尋找的網站。
---
The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。
[網域名稱系統](https://en.wikipedia.org/wiki/Domain_Name_System) 是「網際網路的電話簿」。 DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。
## 什麼是 DNS
當您訪問一個網站時,會傳回一個數字地址。 For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned.
當您訪問一個網站時,會傳回一個數字地址。 以訪問 `privacyguides.org`網站為例,它傳回的地址為 `192.98.54.105`
DNS 從網際網路的 [早期](https://en.wikipedia.org/wiki/Domain_Name_System#History) 就存在了。 來往 DNS 伺服器的 DNS 請求通常 **不是** 加密的。 一般家用的網路中,客戶的伺服器通常是由 ISP 透過 [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol)給予的。
Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). 當您要求被封鎖網域的IP位址時伺服器可能不會回應或可能會使用其他IP位址回應。 由於DNS通訊協定沒有加密 ISP (或任何網路營運商)可以使用 [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) 來監控請求。 網路服務供應商也可以根據共同特徵封鎖請求,無論你使用哪種 DNS 伺服器。 未加密的 DNS 總是使用 53 號[端口](https://en.wikipedia.org/wiki/Port_(computer_networking)) 並且總是使用UDP。
未經加密的 DNS 請求很容易**被監視** 或在傳輸過程中**遭到修改modified**。 在某些地區, ISP 被要求做初級的 [DNS 過濾](https://en.wikipedia.org/wiki/DNS_blocking) 當您要求被封鎖網域的IP位址時伺服器可能不會回應或可能會使用其他IP位址回應。 由於DNS通訊協定沒有加密 ISP (或任何網路營運商)可以使用 [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) 來監控請求。 網路服務供應商也可以根據共同特徵封鎖請求,無論你使用哪種 DNS 伺服器。 未加密的 DNS 總是使用 53 號[端口](https://en.wikipedia.org/wiki/Port_(computer_networking)) 並且總是使用UDP。
接下來,我們將討論並提供一個教程來證明外部觀察者可以使用普通的未加密 DNS 和 [加密 DNS ](#what-is-encrypted-dns)看到什麼。
### 未加密的 DNS
1. 使用 [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) [Wireshark](https://en.wikipedia.org/wiki/Wireshark) 項目的一部分) ,我們可以監控和記錄網路封包的傳輸。 This command records packets that meet the rules specified:
1. 使用 [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) [Wireshark](https://en.wikipedia.org/wiki/Wireshark) 項目的一部分) ,我們可以監控和記錄網路封包的傳輸。 此命令記錄符合指定規則的封包:
```bash
tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8
```
2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS etc) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS.
2. 我們可以使用 [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) Linux MacOS 等)或 [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) Windows 將DNS 查詢發送到伺服器。 Web 瀏覽器等軟體會自動執行這些查詢,除非它們被配置為使用加密的DNS
=== "Linux, macOS"
= = = "Linux macOS"
```
dig +noall +answer privacyguides.org @1.1.1.1
dig +noall +answer privacyguides.org @8.8.8.8
```
=== "Windows"
= = = "Windows"
```
nslookup privacyguides.org 1.1.1.1
nslookup privacyguides.org 8.8.8.8
```
3. Next, we want to [analyse](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results:
3. 接下來我們要[分析](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) 結果:
=== "Wireshark"
```
wireshark -r /tmp/dns.pcap
wireshark -r/tmp/dns.pcap
```
=== "tshark"
@@ -55,14 +55,14 @@ Unencrypted DNS requests are able to be easily **surveilled** and **modified** i
如果執行上面的 Wireshark 命令,頂部窗格會顯示「[frame](https://en.wikipedia.org/wiki/Ethernet_frame)」,底部窗格會顯示所選框架的所有資料。 企業過濾和監控解決方案(例如政府購買的解決方案)可以自動執行此過程,而無需人工交互,並且可以聚合這些框架以產生對網路觀察者有用的統計數據。
| No. | Time | Source | Destination | Protocol | Length | Info |
| --- | -------- | --------- | ----------- | -------- | ------ | ---------------------------------------------------------------------- |
| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT |
| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT |
| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT |
| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT |
| 不。 | 時間 | 來源 | 目的地 | 協議 | 長度 | 資訊 |
| -- | -------- | --------- | --------- | --- | --- | ----------------------------------------------------- |
| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | 標準查詢 0x58ba A privacyguides.org OPT |
| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | 標準查詢回應 0x58ba A privacyguides.org A 198.98.54.105 OPT |
| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | 標準查詢 0x58ba A privacyguides.org OPT |
| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | 標準查詢回應0xf1a9 A privacyguides.org A 198.98.54.105 OPT |
An observer could modify any of these packets.
觀察者可以修改這些封包。
## 什麼是「加密後的 DNS」
@@ -70,47 +70,47 @@ An observer could modify any of these packets.
### DNSCrypt
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是第一種查詢加密 DNS 的方法之一。 DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh).
[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) 是第一種查詢加密 DNS 的方法之一。 DNSCrypt 在 443 端口上運作,與 TCP UDP 傳輸協議一起使用。 DNSCrypt 從未向 [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force)提交文件 ,也未通過 [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) 流程,因此 [實用少](https://dnscrypt.info/implementations)並未被廣泛使用。 因此,它大量被更受歡迎的 [DNS over HTTPS](#dns-over-https-doh) 取代。
### DNS over TLS (DoT)
### 通過 TLS 的 DNS)
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) is another method for encrypting DNS communication that is defined in [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858). Support was first implemented in Android 9, iOS 14, and on Linux in [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to DoH in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq/) and has varying compliance to the RFC across the implementations that exist. DoT also operates on a dedicated port 853 which can be blocked easily by restrictive firewalls.
[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) 是另一種加密 DNS 通訊方式,其定義於 [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858)。 支持首先在Android 9 iOS 14Linux [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) 版本237中實現。 近年來,業界偏好已經從 DoT 轉移到 DoH ,因為 DoT 協議[複雜](https://dnscrypt.info/faq/) 並且在實現中對RFC 的遵照狀況各不相同。 DoT 還在專用端口 853 上運行,但很容易被限制性防火牆阻止。
### DNS over HTTPS (DoH)
### 通過 HTTPS 的 DNS)
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83.
[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) 定義在 [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) 文件,封包查詢透過[HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) 協議,以 HTTPS 提供安全性。 最初使用於 Firefox 60 Chrome 83 等網頁瀏覽器。
Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies).
DoH 原生執行出現在 iOS 14, macOS 11, Microsoft Windows, Android 13 (不過其並未[預設啟動 ](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144))。 一般 Linux 桌面支援仍待 systemd [實現](https://github.com/systemd/systemd/issues/8639) 所以 [還是得安裝第三方軟體](../dns.md#encrypted-dns-proxies)
## 外部人士可以看到什麼?
在此範例中,我們將記錄當我們提出 DoH 請求時發生的事情:
1. First, start `tshark`:
1. 首先,打開 `tshark`
```bash
tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1"
```
2. Second, make a request with `curl`:
2. 其次,使用 `curl`提出請求:
```bash
curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org
```
3. After making the request, we can stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
3. 提出請求後,快速鍵 <kbd>CTRL</kbd> + <kbd>C</kbd>可停止封包捉取。
4. Analyse the results in Wireshark:
4. Wireshark 中分析結果:
```bash
wireshark -r /tmp/dns_doh.pcap
```
We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) that occurs with any encrypted connection. When looking at the "application data" packets that follow, none of them contain the domain we requested or the IP address returned.
[連接建立](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) 在加密連接時會進行 [TLS 握手](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) 。 當查看隨後的“應用程序數據”封包時,都不包含所請求的域名或它的 IP 地址。
## 什麼時候 **不該** 使用加密的 DNS
在有網路過濾(或審查)的地方,訪問被禁止的資源可能會產生某些後果,您應該在 [威脅模型](../basics/threat-modeling.md)中考慮這些後果。 We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. 如果您使用的是VPN ,則應使用 VPN 的 DNS 伺服器。 使用 VPN 時,您已經信任它們與您的所有網路活動。
在有網路過濾(或審查)的地方,訪問被禁止的資源可能會產生某些後果,您應該在 [威脅模型](../basics/threat-modeling.md)中考慮這些後果。 非常 **不建議**把加密 DNS 用在此目的上。 使用 [Tor](https://torproject.org) [VPN](../vpn.md) 代替。 如果您使用的是VPN ,則應使用 VPN 的 DNS 伺服器。 使用 VPN 時,您已經信任它們與您的所有網路活動。
當我們進行 DNS 查詢時,通常是因為我們想要存取資源。 接下來,我們將討論一些即使在使用加密 DNS 時也可能會披露您的瀏覽活動的情況:
@@ -122,27 +122,27 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
### 伺服器名指示(SNI)
伺服器名稱指示通常用於IP位址託管多個網站時。 This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection.
伺服器名稱指示通常用於IP位址託管多個網站時。 這可能是像 Cloudflare 的服務,或者其他 [阻斷服務攻擊](https://en.wikipedia.org/wiki/Denial-of-service_attack) 保護。
1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets:
1. 再次開始捕捉 `tshark`。 我們添加了一個自身IP 地址的過濾器,因此您不會捕獲過多封包:
```bash
tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105
```
2. Then we visit [https://privacyguides.org](https://privacyguides.org).
2. 然後訪問 [https://privacyguides.org](https://privacyguides.org)
3. After visiting the website, we want to stop the packet capture with <kbd>CTRL</kbd> + <kbd>C</kbd>.
3. 在訪問網站後,以 <kbd>CTRL</kbd> + <kbd>C</kbd>停止封包捕捉。
4. Next we want to analyze the results:
4. 接下來分析結果:
```bash
wireshark -r /tmp/pg.pcap
wireshark -r/tmp/pg.pcap
```
We will see the connection establishment, followed by the TLS handshake for the Privacy Guides website. Around frame 5. you'll see a "Client Hello".
連接建立後與 privacyguides 網站的TLS 握手。 大約在第5 幀附近。 你會看到一個“客戶你好”。
5. Expand the triangle &#9656; next to each field:
5. 展開每個字段旁邊的三角形 &#9656;
```text
▸ Transport Layer Security
@@ -152,64 +152,88 @@ We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmis
▸ Server Name Indication extension
```
6. We can see the SNI value which discloses the website we are visiting. The `tshark` command can give you the value directly for all packets containing a SNI value:
6. 我們可以看到我們正在訪問的網站的SNI值。 `tshark` 命令可以直接爲所有包含 SNI 封包提供值:
```bash
tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name
```
This means even if we are using "Encrypted DNS" servers, the domain will likely be disclosed through SNI. The [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) protocol brings with it [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/), which prevents this kind of leak.
即便使用「加密 DNS」伺服器網域也可能會透過 SNI 披露。 [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) 協議帶來了 [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/),可以防止這種洩漏。
Governments, in particular [China](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) and [Russia](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. Recently, Russia has [started blocking foreign websites](https://github.com/net4people/bbs/issues/108) that use the [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) standard. 這是因為作為HTTP/3的一部分的 [QUIC](https://en.wikipedia.org/wiki/QUIC) 協議要求 `ClientHello` 也被加密。
政府,特別是 [中國](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) 和 [俄羅斯](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/),已經[開始封鎖](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) ,或者有些表示將這樣做。 近來俄羅斯
### Online Certificate Status Protocol (OCSP)
開始屏蔽使用 [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3)的外國網站。 這是因為作為HTTP/3的一部分的 [QUIC](https://en.wikipedia.org/wiki/QUIC) 協議要求 `ClientHello` 也被加密。</p>
Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting an HTTPS website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted.
The OCSP request contains the certificate "[serial number](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)", which is unique. It is sent to the "OCSP responder" in order to check its status.
We can simulate what a browser would do using the [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) command.
### 線上憑邆狀態協議 (OCSP)
1. Get the server certificate and use [`sed`](https://en.wikipedia.org/wiki/Sed) to keep just the important part and write it out to a file:
瀏覽器會披露瀏覽活動的另一種方式是使用 [線上憑證狀態協議 (Online Certificate Status Protocol)](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol)。 訪問有 HTTPS 網站時,瀏覽器會檢查網站的 [憑證](https://en.wikipedia.org/wiki/Public_key_certificate) 是否已被撤銷。 這是透過 HTTP 協議完成的,這意味著它**不是** 加密的。
OCSP 請求包含憑證,其帶有獨特的"[序列號](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)"。 它被發送到 “OCSP 回應器”去檢查其狀態。
利用 [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) 命令模擬瀏覽器會做什麼。
1. 取得伺服器憑證並使用 [`sed`](https://en.wikipedia.org/wiki/Sed) 來保留重要部分並將其寫入檔案:
```bash
openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert
```
2. Get the intermediate certificate. [Certificate Authorities (CA)](https://en.wikipedia.org/wiki/Certificate_authority) normally don't sign a certificate directly; they use what is known as an "intermediate" certificate.
2. 取得中間憑證。 [憑證授權機構(CA)](https://en.wikipedia.org/wiki/Certificate_authority) 通常不會直接簽署憑證;他們使用所謂的「中間」憑證。
```bash
openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 |
sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert
```
3. The first certificate in `pg_and_intermediate.cert` is actually the server certificate from step 1. We can use `sed` again to delete until the first instance of END:
3. `pg_and_intermediate.cert` 中的第一個憑證實際上是步驟1 的伺服器憑證。 我們可以再次使用 `sed` 來刪除直到 END 第一個實例:
```bash
sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \
/tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert
```
4. Get the OCSP responder for the server certificate:
4. 取得伺服器憑證的OCSP 回應器:
```bash
openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert
```
Our certificate shows the Lets Encrypt certificate responder. If we want to see all the details of the certificate we can use:
我們的憑證顯示 Lets Encrypt 憑證回應器。 如果我們想查看憑證的所有細節,我們可以使用:
```bash
openssl x509 -text -noout -in /tmp/pg_server.cert
```
5. Start the packet capture:
5. 開始捕取封包:
```bash
tshark -w /tmp/pg_ocsp.pcap -f "tcp port http"
```
6. Make the OCSP request:
6. 提出 OCSP 要求:
```bash
openssl ocsp -issuer /tmp/intermediate_chain.cert \
@@ -218,13 +242,19 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
-url http://r3.o.lencr.org
```
7. Open the capture:
7. 打開捕捉資料:
```bash
wireshark -r /tmp/pg_ocsp.pcap
```
There will be two packets with the "OCSP" protocol: a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle &#9656; next to each field:
將會有兩個帶有「OCSP」通訊協定的封包「Request」和「Response」。 對於“Request” ,可以通過擴展每個字段旁邊的三角形 &#9656; 來看到“序列號”
```bash
▸ Online Certificate Status Protocol
@@ -235,7 +265,10 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
serialNumber
```
For the "Response" we can also see the "serial number":
對於“回應” ,我們也可以看到“序列號”
```bash
▸ Online Certificate Status Protocol
@@ -248,17 +281,25 @@ We can simulate what a browser would do using the [`openssl`](https://en.wikiped
serialNumber
```
8. Or use `tshark` to filter the packets for the Serial Number:
8. 或者使用 `tshark` 來過濾序列號的封包:
```bash
tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber
```
If the network observer has the public certificate, which is publicly available, they can match the serial number with that certificate and therefore determine the site you're visiting from that. The process can be automated and can associate IP addresses with serial numbers. It is also possible to check [Certificate Transparency](https://en.wikipedia.org/wiki/Certificate_Transparency) logs for the serial number.
## Should I use encrypted DNS?
如果網路觀察者拿到可公開取得的公共憑證,就可將序列號與該憑證作匹配,從而確定您正在訪問的網站。 這個過程可以自動化並且可以將IP地址與序列號相關聯。 也可檢查 [憑證透明度](https://en.wikipedia.org/wiki/Certificate_Transparency) 日誌的序列號。
## 我應該用加密 DNS 嗎?
這個流程圖描述了何時 *應該使用* 加密 DNS:
We made this flow chart to describe when you *should* use encrypted DNS:
``` mermaid
graph TB
@@ -275,32 +316,39 @@ graph TB
ispDNS --> | No | nothing(Do nothing)
```
Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering.
[List of recommended DNS servers](../dns.md ""){.md-button}
與第三方合作的加密 DNS 應限於避開重定向和基本的 [DNS 封鎖](https://en.wikipedia.org/wiki/DNS_blocking) ,也就是確定無後顧或對供應商的基本過濾感興趣時才用第三方。
## What is DNSSEC?
[推薦的 DNS 伺服器列表](../dns.md ""){.md-button}
[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests.
In other words, DNSSEC digitally signs data to help ensure its validity. In order to ensure a secure lookup, the signing occurs at every level in the DNS lookup process. As a result, all answers from DNS can be trusted.
The DNSSEC signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person. These digital signatures ensure that data has not been tampered with.
## 什麼是 DNSSEC
DNSSEC implements a hierarchical digital signing policy across all layers of DNS. For example, in the case of a `privacyguides.org` lookup, a root DNS server would sign a key for the `.org` nameserver, and the `.org` nameserver would then sign a key for `privacyguides.org`s authoritative nameserver.
[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC)是 DNS 的一項功能,域名查找的回應予以驗證。 它無法為查詢者提供隱私保護而是防止攻擊者操縱或毒害對DNS 請求的回應。
<small>Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/).</small>
換句話說, DNSSEC 對資料進行數位簽名,幫助確保其有效性。 為了確保安全查找,過程中的每個層級都會簽名。 因此DNS 全部的回答都可以被信任。
## What is QNAME minimization?
DNSSEC 簽署過程類似於無法仿製的個人獨特簽名於法律文件,法院專家透過簽名驗證該文件效力須依據簽名的真假判定。 這些數位簽名確保資料不會被篡改。
A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server).
DNSSEC 在所有 DNS 層中實施分級數位簽名政策。 例如,查詢 `privacyguides.org` ,根 DNS 伺服器將簽署尾綴 `.org` 伺服器密鑰,然後 `.org` 伺服器再簽署 `privacyguides.org`的授權名稱伺服器的密鑰。
Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816).
<small>改編自 Google [DNS Security Extensions (DNSSEC) overview] (https://cloud.google.com/dns/docs/dnssec)和 Cloudflare [DNSSEC: An Introduction] (https://blog.cloudflare.com/dnssec-an-introduction/) ,兩者均根據[CC BY 4.0] (https://creativecommons.org/licenses/by/4 .0/)授權。</small>
## What is EDNS Client Subnet (ECS)?
The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a method for a recursive DNS resolver to specify a [subnetwork](https://en.wikipedia.org/wiki/Subnetwork) for the [host or client](https://en.wikipedia.org/wiki/Client_(computing)) which is making the DNS query.
It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps.
## 什麼是QNAME最小化
This feature does come at a privacy cost, as it tells the DNS server some information about the client's location.
QNAME是“限定名稱” ,例如 `privacyguides.org`。 QNAME 最小化可減少從 DNS 伺服器傳送到 [授權名稱伺服器](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server)的資訊量。
與其傳送完整域名 `privacyguides.org` QNAME最小化意味著 DNS 伺服器會請求所有 `.org`尾綴 的記錄。 進一步的技術描述在 [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816)。
## 什麼是 EDNS 客戶端子網(ECS )
[EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) 是遞歸DNS 解析器為DNS 查詢的 [主機或客戶端](https://en.wikipedia.org/wiki/Client_(computing)),指定 [子網絡](https://en.wikipedia.org/wiki/Subnetwork) 的方法。
它的目的是回答客戶端距離最靠近的伺服器以“加快”資料的傳遞,類似[內容傳遞網絡](https://en.wikipedia.org/wiki/Content_delivery_network),後者通常用於視頻串流和 JavaScript Web 應用程序。
此功能確實以隱私為代價,因為它會告訴 DNS伺服器一些有關客戶端位置的資訊。

82
i18n/zh-Hant/advanced/payments.md
View File

@@ -1,84 +1,84 @@
---
title: Private Payments
title: 私密支付
icon: material/hand-coin
---
There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
購買習慣的資料視為廣告定位聖杯是有原因的:購買行為會洩漏有關當事人的許多寶貴資訊。 不幸的是,目前的金融體系在設計上不利隱私,使銀行、其他公司和政府能夠輕鬆追蹤交易。 然而,在私下付款方面,您有很多選擇。
## Cash
## 現金
For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable.
幾個世紀以來, **現金** 一直是私人支付的主要形式。 在大多數情況下,現金具有優秀的隱私性,在大多數國家被廣泛接受,並且是 **可替代的**,這意味著它是非唯一的,完全可互換。
Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payees name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations.
現金支付法因國家而異。 在美國10,000美元以上交易需在 [8300表格中](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000)對美國國稅局披露。 收款業必須驗證收款人的姓名、地址、職業、出生日期、社會安全號碼或其他TIN (部分例外)。 少於 3,000 美元交換和匯款,就無須身份證明。 現金鈔票有序號。 商家很少追蹤序號,但執法部門可以在針對性調查中用到它們。
Despite this, its typically the best option.
儘管如此,現金仍是最好的選擇。
## Prepaid Cards & Gift Cards
## 預付卡 & 禮品卡
Its relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually dont have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud.
在大多數雜貨店和便利店用現金購買禮品卡和預付卡相對簡單。 禮品卡通常不收取費用,但預付卡通常會收取費用,因此請留意其費用和到期日期。 為了減少欺詐行為,部分商店可能會在結帳時要求查看身分證件。
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card.
禮品卡通常每張上限為 200美元有些禮品卡上限到 2,000 美元。 預付卡(例如:來自 Visa Mastercard )通常卡片額度為 1,000 美元。
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants dont accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
禮品卡的缺點是受商家政策的約束,這些政策可能有糟糕的條款和限制。 例如,有些商家不接受禮品卡付款,或者對高風險用戶取消禮品卡的價值。 一旦您拿了由商家信用擔保的禮品卡,商家就會對這筆金額有強烈的控制權。
Prepaid cards dont allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps.
預付卡無法從 ATM 提取現金或在 Venmo 以應用程序中進行“點對點”付款。
Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that dont accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash.
對於大多數人來說,現金仍然是現場購物的最佳選擇。 禮品卡用處在於節省。 預付卡適用於不接受現金的地方。 網路中禮品卡和預付卡比現金更容易使用,也更容易透過加密貨幣獲得。
### Online Marketplaces
### 網上交易平臺
If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
如果您有 [加密貨幣](../cryptocurrency.md),可在線禮品卡市場購買禮品卡。 有服務在更高額度時有提供身份驗證選項,它們也允許帳戶只需提供電子郵件地址。 基本帳戶限額為每天 5,000-10,000 美元,身份驗證帳戶(如果有)的限額則更高。
When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero.
在網上購買禮品卡時,通常會有小折扣。 預付卡通常以面值或收取服務費在網上銷售。 如果您使用加密貨幣購買預付卡和禮品卡,您最好使用強大隱私的 Monero 付款,下面將進一步說明。 使用可追溯的付款方式支付禮物卡,取消了用現金或 Monero 購買禮品卡的隱私優點。
- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
- [網上禮品卡市場 :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces)
## Virtual Cards
## 虛擬卡
Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information.
另一種保護個資免受線上商家侵害的方法是使用虛擬的一次性卡片,以掩蓋您的實際銀行或帳單資訊。 這可對付商家數據洩露,營銷機構粗糙的跟蹤或購買聯結以及線上資料盜竊。 **無法完全匿名**您的購買行為,也不能對金融機構隱瞞自身的資訊。 發行虛擬卡的常規金融機構受「瞭解您的客戶」( KYC )法律約束,這意味著您需要提供身份證明文件或其他識別信息。
- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
- [推薦付款掩蔽服務 :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services)
These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions.
這些往往是線上定期/訂閱付款的好選擇,而預付禮品卡則更適合一次性交易。
## Cryptocurrency
## 加密貨幣
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
加密貨幣是一種數位形式的貨幣,其設計上沒有中央機構如政府或銀行即自行運作。 *有些* 加密貨幣可以在線上私密交易,但許多使用公開區塊錬則無法保障交易隱私。 加密貨幣是非常不穩定的資產,這它們的價值可能隨時發生急速顯著變化。 因此,不建議加密貨幣作為長期價值儲存。 如果決定使用加密貨幣,請確保已充分了解其隱私,且投資金額不會變成災難性損失。
!!! danger
!!! 危險
The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity.
絕大多數加密貨幣都在* *公共* *區塊鏈上運作,這意味著每筆交易都可公開知道。 這包括最知名的加密貨幣,如比特幣和以太坊。 加密貨幣的交易不應被視為私密,也不會保護您的匿名性。
Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust.
此外,許多(如果不是大多數)加密貨幣都是騙局。 只用你信任的項目小心進行交易。
### Privacy Coins
### 隱私幣
There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors.
有許多加密貨幣聲稱通過匿名交易來提供隱私。 建議探用** 預設**為匿名交易的工具,以避免操作時發生錯誤。
- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
- [推薦的加密貨幣 :material-arrow-right-drop-circle:](../cryptocurrency.md#coins)
Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance.
隱私硬幣受到政府機構日益嚴格的監管。 2020年[美國稅務局 IRS 發表 $625,000 賞金](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc),來徵求工具破解 Bitcoin Lightning Network Monero 交易隱私。 最後由 [二家公司](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) 共同獲得 $1250000 美元,但外界並不知道所開發的工具是用在哪一種加密貨幣網路。 由於這些工具的保密性,追蹤加密貨幣的方法都未得到獨立的證實。隱私硬幣交易很可能被運用在針對性地調查,而大規模監控則無法阻止。
### Other Coins (Bitcoin, Ethereum, etc.)
### 其他貨幣(比特幣、以太坊等)
The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons.
絕大多數加密貨幣項目使用公共區塊鏈,這意味著所有交易記錄都很容易追溯和永久保存。 因此,我們強烈不鼓勵把加密貨幣用和隱私相關的事物上。
Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years.
公開區塊錬上的匿名交易*理論上* 可行,比特幣維基就 [提出如何"完全匿名"交易的案例](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation)。 然而這樣需要複雜的設置涉及Tor和“獨自挖掘”一個區塊來產生完全獨立的加密貨幣多年來幾乎沒有任何愛好者實踐過。
==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged.
= =您最好還是完全避免這些加密貨幣,並堅持使用預設隱私的加密貨幣。嘗試使用其他加密貨幣超出了本網站的範圍,非常不建議。
### Wallet Custody
### 錢包保管
With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
加密貨幣有兩種形式的錢包:託管錢包和非託管錢包。 託管錢包由集中式公司/交易所運營,錢包的私鑰由該公司持有,您可以使用用戶名和密碼從任何地方存取。 非託管錢包是您自己控制和管理錢包的私鑰。 假如可以保管好錢包的私鑰安全並備份,非保管錢包比保管錢包具有更大的安全性和審查抵抗力,因為您的加密貨幣不會被保管的公司竊取或凍結。 密鑰保管在隱私貨幣上尤其重要:保管錢包使運營公司能夠查看您的交易,否定了這些加密貨幣的隱私優勢。
### Acquisition
### 取得
Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward.
私下購買 [加密貨幣](../cryptocurrency.md) ,如Monero 可能很困難。 P2P 市場如 [LocalMonero](https://localmonero.co/),為促進人群交易的平台,也是個可考慮的選擇。 如果使用需要 KYC的交易所是您可接受的風險(只要隨後的交易無法追蹤)。一個更容易的方式是從 [Kraken](https://kraken.com/)等交易所購買 Monero ,或者從 KYC 交易所購買比特幣/萊特幣,然後兌換為 Monero。 然後,您可以將購入的 Monero 提取到自己的非保管錢包,以便 日後私下使用。
If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall.
如果您選擇這條路線請確保以不同的時間和額度購買與用掉Monero 。 如果你在交易所購買 5000 美元的 Monero ,並在一個小時後花掉這筆錢,外部觀察者會將這些行為作關聯,無關 Monero 走的是通道。 驚人的購買和提前購買大量的Monero 以支應之後小額交易,可以避免這種陷阱。
## Additional Considerations
## 其他注意事項
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Dont sign up for rewards programs or provide any other information about yourself.
使用現金現場付款時,請務必謹記現場隱私。 安全攝影機無處不在。 不妨考慮穿著不顯眼的衣服和口罩如外科口罩或N95 )。 請勿註冊獎勵計劃或提供自己的相關資訊。
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants dont allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
在網上購買時,理想情況下應該透過 [Tor](tor-overview.md)進行。 但是,許多商家不允許使用 Tor 購買。 可以考慮使用 [推薦的 VPN](../vpn.md) (使用現金、禮品卡或 Monero 支付),或利用咖啡店或圖書館免費 Wi-Fi 購買。 如果你訂購的是實體物品,則需要提供送遞地址。 您應該考慮使用郵政信箱、私人郵箱或工作地址。

78
i18n/zh-Hant/advanced/tor-overview.md
View File

@@ -1,80 +1,94 @@
---
title: "Tor 簡介"
icon: 'simple/torproject'
description: Tor 是一個免費使用的去中心化網路,專為盡可能多地使用互聯網而設計
description: Tor 是一個免費使用的去中心化網路,其讓用戶在使用網際網路之際盡可能地保護自己的隱私
---
Tor 是一個免費使用的去中心化網路,專為盡可能多地使用互聯網而設計。 如果使用得當,該網路可以實現私人和匿名瀏覽和通
Tor 是一個免費使用的去中心化網路,其讓用戶在使用網際網路之際盡可能地保護自己的隱私。 如果使用得當,該網路可以實現私人和匿名瀏覽和通
## 工作原理
## 連接明網服務的路徑建立
Tor 的工作原理是通過一個由數千個志願者運行的服器組成的網絡路由您的流量,稱為節點(或中繼)。
「明網服務」是用任何瀏覽器都可訪問的網站,例如 [privacyguides.org](https://www.privacyguides.org)。 Tor 允許您匿名連接到某些網站,由數千個志願者運行的服器組成的網絡引導您的流量,這些伺服器稱為節點(或中繼)。
每當您連接到 Tor 時,它都會選擇三個節點來構建通往網際網路的路徑,這種路徑稱為「路」。 每個節點都有自己的功能:
每當您連接到 Tor 時,它都會選擇三個節點來構建通往網際網路的路徑,這種路徑稱為「路」。
<figure markdown>
! [Tor 路徑顯示您的設備到達目的地網站之前所連接的入口節點,中間節點和出口節點] (../assets/img/how-tor-works/tor-path.svg#only-light)
! Tor 路徑顯示您的設備到達目的地網站之前所連接的入口節點,中間節點和出口節點] (../assets/img/how-tor-works/tor-path-dark.svg#only-dark)
<figcaption>Tor 迴路路徑</figcaption>
</figure>
每個節點都有自己的功能:
### 入口節點
入口節點通常稱為守護節點是Tor客戶端連接的第一個節點。 入口節點能夠看到您的 IP 位址,但無法看到您正在連接的內容。
入口節點,通常稱為守護節點,是 Tor 客戶端連接的第一個節點。 入口節點能夠看到您的 IP 位址,但無法看到您正在連接的內容。
Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1]
不像其它節點 Tor 客戶端會隨機地選取入口節點後持續使用二~三個月以防護某些外部攻擊 [^1]
### 中間節點
中間節點是 Tor 客戶端連接的第二個節點。 它可以看到流量來自哪個節點(入口節點)以及它下一步要去哪個節點。 中間節點無法看到您的 IP 位址或您連接的網域。
對於每個新路,中間節點從所有可用的 Tor 節點中隨機選擇
對於每個新路,中間節點是隨機從所有可用的 Tor 節點中選出
### 出口節點
出口節點是您的 Web 流量離開 Tor 網路並轉發到所需目的地的點。 The exit node is unable to see your IP address, but it does know what site it's connecting to.
出口節點是您的 Web 流量離開 Tor 網路並轉發到所需目的地的點。 出口節點無法看到您的 IP 位址,但它知道將連接到哪個網站。
出口節點將從所有可用的 Tor 節點中隨機選擇,並使用退出中繼標記。[^ 2]
<figure markdown>
![Tor path](../assets/img/how-tor-works/tor-path.svg#only-light)
![Tor path](../assets/img/how-tor-works/tor-path-dark.svg#only-dark)
<figcaption>Tor circuit pathway</figcaption>
## Onion 服務的路徑建立
“Onion 服務” (也通常被稱為“隱藏服務” )是只能由 Tor 瀏覽器訪問的網站。 這些網站有一個長串隨機生成的域名,結尾為 `.onion`
在Tor中連接到 Onion服務的工作原理與連接到明網服務非常相似但您的流量在到達目的地伺服器之前會通過 **6 個** 節點。 不過就如之前所言,其中只有三個節點會有助 *您的*匿名性,而另外三個節點則是為了保護 * Onion 服務* 匿名性,隱藏該網站的真正 IP 和位置,就如同 Tor 瀏覽器如何隱蔽您的 IP 一樣。
<figure style="width:100%" markdown>
! [Tor路徑顯示您的流量通過您的三個Tor節點加上三個額外的Tor節點隱藏網站的身份] (../assets/img/how-tor-works/tor-path-hidden-service.svg#only-light)
! [Tor路徑顯示您的流量被路由通過您的三個Tor節點加上三個額外的Tor節點隱藏網站的身份] (../assets/img/how-tor-works/tor-path-hidden-service-dark.svg#only-dark)
<figcaption>Tor電路路徑與洋蔥服務。 <span class="pg-blue">藍色</span> 圍欄中的節點屬於您的瀏覽器,而 <span class="pg-red">紅色</span> 圍欄中的節點屬於伺服器,因此它們的身份對您是隱藏的。</figcaption>
</figure>
## 加密
Tor 使用來自出口,中間和入口節點的密鑰對每個數據包(傳輸數據區塊)進行三次加密,依此順序
Tor 使用來自出口,中間和入口節點的密鑰對每個包(傳輸數據區塊)依序進行三次加密。
一旦 Tor 構建了電路,數據傳輸將按照以下方式進行:
1. 首先:當數據包到達入口節點時,第一層加密被移除。 在這個加密數據包中,入口節點將找到另一個具有中間節點地址的加密數據包。 然後,入口節點將將數據包轉發到中間節點。
1. 首先:當數據包到達入口節點時,第一層加密被移除。 在這個加密包中,入口節點將找到另一個具有中間節點地址的加密包。 然後,入口節點將將包轉發到中間節點。
2. Secondly: when the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and this time finds an encrypted packet with the exit node's address. The middle node will then forward the packet to the exit node.
2. 其次:當中間節點從入口節點接收到封包時,它也會利用其密鑰刪除一層加密,找到具有出口節點地址的加密數據包。 然後中間節點將數據包轉發到出口節點。
3. Lastly: when the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address.
3. 最後:當退出節點收到其數據包時,它將使用其密鑰移除最後一層加密。 出口節點將看到目的地地址,並將封包轉發到該地址。
下面是一個替代圖表,顯示了這個過程。 每個節點都會移除自己的加密層,當目標服務器返回數據時,同樣過程完全相反。 例如,退出節點不知道你是誰,但它確實知道來自哪個節點,因此添加了自己的加密層並將其發送回來。
下面是顯示此過程的圖表。 每個節點都會移除自己的加密層,當目的地伺服器傳回數據時,同樣過程會再反向發生。 例如,出節點不知道你是誰,但它確實知道封包來自哪個節點,因此添加了自己的加密層並將其發送回來。
<figure markdown>
![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light)
![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
<figcaption>Sending and receiving data through the Tor Network</figcaption>
![Tor 加密](../assets/img/how-tor-works/tor-encryption.svg#only-light)
![Tor 加密](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark)
<figcaption>通過 Tor 網路發送與接數資料</figcaption>
</figure>
Tor 允許我們連接到服器,而不需要任何一方知道整路徑。 入口節點知道你是誰,但不知道你要去哪裡;中間節點不知道你是誰或你要去哪裡;出口節點知道你要去哪裡,但不知道你是誰。 由於出口節點負責了最終連線,目伺服器永遠不會知道您的 IP 位址。
Tor 允許我們連接到服器,而不任何一方知道整路徑。 入口節點知道你是誰,但不知道你要去哪裡;中間節點不知道你是誰或你要去哪裡;出口節點知道你要去哪裡,但不知道你是誰。 由於出口節點負責了最終連線,目的地伺服器永遠不會知道您的 IP 位址。
## 注意事項
雖然 Tor 確實提供了強大的隱私保證,但必須意識到 Tor 並不完美:
雖然 Tor 確實提供了強大的隱私保證,但必須意識到並不完美:
- 資金充足的對手有能力被動地觀察全球大多數網絡流量,他們有機會通過先進的流量分析來解除 Tor 用戶的匿名化。 Tor 也不能保護你免於錯誤地暴露自己,例如如果你分享了太多關於你真實身份的信息。
- Tor 出口節點還可以監控通過它們的流量。 這意味著可以記錄和監控未加密的流量,例如純 HTTP 流量。 如果此類流量包含個人身份識別信息,則可以將您去匿名化到該出口節點。 因此,我們建議在可能的情況下使用 HTTPS。
- 資金充足的對手有能力被動地觀察全球大多數網絡流量,他們有機會通過先進的流量分析來解除 Tor 用戶的匿名化。 Tor 也不能保護你免於不當地暴露自己,例如你分享了太多關於你真實身份的信息。
- Tor 出口節點還可以監控通過它們的流量。 這意味著可以記錄和監控未加密的流量,例如純 HTTP 流量。 如果此類流量包含個人身份識別信息,則該出口節點可以將會消除匿名性。 因此,我們建議在可能的情況下使用 HTTPS。
如果您希望使用 Tor 瀏覽網頁,我們只建議使用 **官方** Tor 瀏覽器:它旨在防止指紋。
- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser)
- [Tor 瀏覽器 :material-arrow-right-drop-circle:](../tor.md#tor-browser)
## Additional Resources
## 其他資源
- [Tor Browser User Manual](https://tb-manual.torproject.org)
- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
- [Tor 瀏覽器用戶手冊](https://tb-manual.torproject.org)
- [ Tor 如何運作 - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) <small>(YouTube)</small>
- [Tor O洋蔥服務- Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) <small>(YouTube)</small>
[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
[^1]: 迴路中的第一個節點被稱為“入口守衛”或“守衛”。 它是一個快速和穩定的中繼站,作迴路中的第一個入口通常會維持 2~3個月以防止已知的匿名破壞攻擊。 其餘的迴路則會依每次訪問網站而變化這些中繼節點共同提供Tor 完整隱私保護。 了解更多關於守衛中繼的運作,請參考 [部落格文章](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) 和 [入口守衛論文paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/))
[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))
[^2]: 中繼標記:迴路位置(例如, “Guard” “Exit” “BadExit” ,迴路屬性(例如, “Fast” “Stable” )或角色(例如, “Authority” “HSDir” )這些中繼節點的特殊( dis- )資格,是由目錄機構分配並在目錄協議規範中進一步定義。 ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html))

75
i18n/zh-Hant/android.md
View File

@@ -2,6 +2,79 @@
title: "Android"
icon: 'simple/android'
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Android Operating Systems
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Android
image: /assets/img/android/android.svg
url: https://source.android.com/
sameAs: https://en.wikipedia.org/wiki/Android_(operating_system)
-
"@context": http://schema.org
"@type": CreativeWork
name: GrapheneOS
image: /assets/img/android/grapheneos.svg
url: https://grapheneos.org/
sameAs: https://en.wikipedia.org/wiki/GrapheneOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": CreativeWork
name: Divest
image: /assets/img/android/divestos.svg
url: https://divestos.org/
sameAs: https://en.wikipedia.org/wiki/DivestOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": Product
name: Pixel
brand:
"@type": Brand
name: Google
image: /assets/img/android/google-pixel.png
sameAs: https://en.wikipedia.org/wiki/Google_Pixel
review:
"@type": Review
author:
"@type": Organization
name: Privacy Guides
-
"@context": http://schema.org
"@type": MobileApplication
name: Shelter
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Auditor
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure Camera
applicationCategory: Utilities
operatingSystem: Android
-
"@context": http://schema.org
"@type": MobileApplication
name: Secure PDF Viewer
applicationCategory: Utilities
operatingSystem: Android
---
![Android logo](assets/img/android/android.svg){ align=right }
@@ -330,7 +403,7 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt
### Operating Systems
- Must be open-source software.
- 必須是開源軟體。
- Must support bootloader locking with custom AVB key support.
- Must receive major Android updates within 0-1 months of release.
- Must receive Android feature updates (minor version) within 0-14 days of release.

225
i18n/zh-Hant/assets/img/how-tor-works/tor-path-hidden-service-dark.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(97,107,243);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(218,85,92);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;fill:white;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill:white;fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z" style="fill:white;"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z" style="fill:white;"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

225
i18n/zh-Hant/assets/img/how-tor-works/tor-path-hidden-service.svg Normal file
View File

@@ -0,0 +1,225 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1051 447" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-linejoin:round;">
<g transform="matrix(1,0,0,1,-101.526,-98.3251)">
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<rect x="87.098" y="355.919" width="154.361" height="165.495" style="fill:rgb(114,159,207);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M164.319,521.414L87.098,521.414L87.098,355.919L241.458,355.919L241.458,521.414L164.319,521.414" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,63.5184,110.551)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.206,203.232)">
<path d="M1340.44,328.48L1433.95,503.186L1247.02,503.186L1340.44,328.48Z" style="fill:rgb(114,159,207);"/>
</g>
<g>
<g transform="matrix(0.423185,0,0,0.453686,63.5184,110.551)">
<g transform="matrix(1,0,0,1,88.7196,550.073)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Your</text>
</g>
<g transform="matrix(1,0,0,1,88.7196,616.708)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Device</text>
</g>
</g>
<g transform="matrix(0.423185,0,0,0.423185,215.188,217.539)">
<g transform="matrix(53.3092,0,0,53.3092,148.162,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Guard</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,342.481,365.105)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,486.481,214.679)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.423185,1011.71,453.118)">
<g transform="matrix(53.3092,0,0,53.3092,334.953,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">hidden...onion</text>
</g>
<g transform="matrix(1,0,0,1.13387,0,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(62,44,177);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
<g transform="matrix(1,0,0,1.13387,406.832,-13.5981)">
<rect x="192.377" y="101.575" width="397.824" height="388.045" style="fill:none;stroke:rgb(208,26,36);stroke-width:6.08px;stroke-linecap:butt;stroke-miterlimit:1.5;stroke-dasharray:6.08,6.08;"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,296.309,499.871)">
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-102.956,170.289)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,599.384,5.09357)">
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-273.231,107.69)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,-1,927.895,527.537)">
<g transform="matrix(0.438175,0,0,0.438175,-37.0942,67.0447)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-34.7625,65.947)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,-467.504,185.162)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
<g transform="matrix(1,0,0,1,-12.9813,-5.07732)">
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,70.8116,113.404)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,94.093C481.938,108.602 478.372,122.936 471.566,135.531C464.84,148.041 455.036,158.553 443.368,165.764C431.619,173.061 418.249,176.884 404.715,176.884C391.183,176.884 377.814,173.061 366.146,165.764C354.397,158.553 344.592,148.041 337.867,135.531C331.06,122.934 327.495,108.6 327.495,94.093C327.495,79.585 331.061,65.251 337.867,52.742C344.592,40.145 354.397,29.634 366.065,22.423C377.814,15.126 391.184,11.303 404.718,11.303C418.25,11.303 431.619,15.126 443.287,22.423C455.036,29.634 464.84,40.146 471.566,52.742C478.372,65.252 481.938,79.587 481.938,94.093Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,93.965C481.938,108.473 478.372,122.807 471.566,135.403C464.84,147.913 455.036,158.425 443.368,165.635C431.619,172.932 418.249,176.755 404.715,176.755C391.183,176.755 377.814,172.932 366.146,165.635C354.397,158.425 344.592,147.912 337.867,135.403C331.06,122.806 327.495,108.472 327.495,93.965C327.495,79.457 331.061,65.122 337.867,52.614C344.592,40.017 354.397,29.505 366.065,22.295C377.814,14.997 391.184,11.175 404.718,11.175C418.25,11.175 431.619,14.997 443.287,22.295C455.036,29.505 464.84,40.017 471.566,52.614C478.372,65.124 481.938,79.458 481.938,93.965" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.18C790.681,108.689 787.116,122.936 780.31,135.531C773.584,148.128 763.78,158.553 752.112,165.764C740.362,173.061 726.993,176.884 713.459,176.884C699.927,176.884 686.558,173.061 674.89,165.764C663.141,158.553 653.336,148.128 646.611,135.531C639.804,122.934 636.239,108.687 636.239,94.18C636.239,79.585 639.804,65.338 646.611,52.742C653.336,40.145 663.141,29.721 674.89,22.51C686.558,15.213 699.928,11.39 713.459,11.39C726.991,11.39 740.361,15.213 752.112,22.51C763.78,29.721 773.584,40.146 780.31,52.742C787.116,65.339 790.681,79.587 790.681,94.18Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,94.052C790.681,108.56 787.116,122.807 780.31,135.403C773.584,148 763.78,158.425 752.112,165.635C740.362,172.932 726.993,176.755 713.459,176.755C699.927,176.755 686.558,172.932 674.89,165.635C663.141,158.425 653.336,147.999 646.611,135.403C639.804,122.806 636.239,108.558 636.239,94.052C636.239,79.457 639.804,65.209 646.611,52.614C653.336,40.017 663.141,29.592 674.89,22.382C686.558,15.084 699.928,11.262 713.459,11.262C726.991,11.262 740.361,15.084 752.112,22.382C763.78,29.592 773.584,40.017 780.31,52.614C787.116,65.211 790.681,79.458 790.681,94.052" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,94.139C1099.39,108.647 1095.82,122.894 1089.02,135.49C1082.29,148.087 1072.49,158.512 1060.82,165.722C1049.07,173.019 1035.7,176.842 1022.17,176.842C1008.63,176.842 995.264,173.019 983.596,165.722C971.847,158.512 962.042,148.086 955.317,135.49C948.51,122.893 944.945,108.645 944.945,94.139C944.945,79.544 948.511,65.296 955.317,52.701C962.042,40.104 971.847,29.679 983.596,22.468C995.264,15.171 1008.63,11.348 1022.17,11.348C1035.7,11.348 1049.07,15.171 1060.82,22.468C1072.49,29.679 1082.29,40.104 1089.02,52.701C1095.82,65.298 1099.39,79.545 1099.39,94.139" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,432.899C481.938,447.407 478.372,461.655 471.566,474.25C464.84,486.847 455.036,497.272 443.368,504.482C431.619,511.78 418.249,515.602 404.715,515.602C391.183,515.602 377.814,511.78 366.146,504.482C354.397,497.272 344.592,486.847 337.867,474.25C331.06,461.653 327.495,447.406 327.495,432.899C327.495,418.304 331.061,404.057 337.867,391.461C344.592,378.864 354.397,368.439 366.065,361.229C377.814,353.931 391.184,350.109 404.718,350.109C418.25,350.109 431.619,353.931 443.287,361.229C455.036,368.439 464.84,378.865 471.566,391.461C478.372,404.058 481.938,418.305 481.938,432.899Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,438.795C481.938,453.303 478.372,467.551 471.566,480.146C464.84,492.743 455.036,503.168 443.368,510.378C431.619,517.676 418.249,521.498 404.715,521.498C391.183,521.498 377.814,517.676 366.146,510.378C354.397,503.168 344.592,492.743 337.867,480.146C331.06,467.549 327.495,453.302 327.495,438.795C327.495,424.2 331.061,409.952 337.867,397.357C344.592,384.76 354.397,374.335 366.065,367.125C377.814,359.827 391.184,356.005 404.718,356.005C418.25,356.005 431.619,359.827 443.287,367.125C455.036,374.335 464.84,384.76 471.566,397.357C478.372,409.954 481.938,424.201 481.938,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,432.899C790.681,447.407 787.116,461.655 780.31,474.25C773.584,486.847 763.78,497.272 752.112,504.482C740.362,511.78 726.993,515.602 713.459,515.602C699.927,515.602 686.558,511.78 674.89,504.482C663.141,497.272 653.336,486.847 646.611,474.25C639.804,461.653 636.239,447.406 636.239,432.899C636.239,418.304 639.804,404.057 646.611,391.461C653.336,378.864 663.141,368.439 674.89,361.229C686.558,353.931 699.928,350.109 713.459,350.109C726.991,350.109 740.361,353.931 752.112,361.229C763.78,368.439 773.584,378.865 780.31,391.461C787.116,404.058 790.681,418.305 790.681,432.899Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,438.795C790.681,453.303 787.116,467.551 780.31,480.146C773.584,492.743 763.78,503.168 752.112,510.378C740.362,517.676 726.993,521.498 713.459,521.498C699.927,521.498 686.558,517.676 674.89,510.378C663.141,503.168 653.336,492.743 646.611,480.146C639.804,467.549 636.239,453.302 636.239,438.795C636.239,424.2 639.804,409.952 646.611,397.357C653.336,384.76 663.141,374.335 674.89,367.125C686.558,359.827 699.928,356.005 713.459,356.005C726.991,356.005 740.361,359.827 752.112,367.125C763.78,374.335 773.584,384.76 780.31,397.357C787.116,409.954 790.681,424.201 790.681,438.795" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,432.899C1099.39,447.407 1095.82,461.655 1089.02,474.25C1082.29,486.847 1072.49,497.272 1060.82,504.482C1049.07,511.78 1035.7,515.602 1022.17,515.602C1008.63,515.602 995.264,511.78 983.596,504.482C971.847,497.272 962.042,486.847 955.317,474.25C948.51,461.653 944.945,447.406 944.945,432.899C944.945,418.304 948.511,404.057 955.317,391.461C962.042,378.864 971.847,368.439 983.596,361.229C995.264,353.931 1008.63,350.109 1022.17,350.109C1035.7,350.109 1049.07,353.931 1060.82,361.229C1072.49,368.439 1082.29,378.865 1089.02,391.461C1095.82,404.058 1099.39,418.305 1099.39,432.899" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043Z" style="fill:rgb(129,212,26);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M481.938,756.043C481.938,770.551 478.372,784.798 471.566,797.394C464.84,809.991 455.036,820.416 443.368,827.626C431.619,834.924 418.249,838.746 404.715,838.746C391.183,838.746 377.814,834.924 366.146,827.626C354.397,820.416 344.592,809.991 337.867,797.394C331.06,784.797 327.495,770.549 327.495,756.043C327.495,741.448 331.061,727.2 337.867,714.605C344.592,702.008 354.397,691.583 366.065,684.372C377.814,677.075 391.184,673.253 404.718,673.253C418.25,673.253 431.619,677.075 443.287,684.372C455.036,691.583 464.84,702.008 471.566,714.605C478.372,727.202 481.938,741.449 481.938,756.043" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118Z" style="fill:rgb(128,0,128);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M790.681,756.118C790.681,770.626 787.116,784.874 780.31,797.469C773.584,810.066 763.78,820.491 752.112,827.702C740.362,834.999 726.993,838.822 713.459,838.822C699.927,838.822 686.558,834.999 674.89,827.702C663.141,820.492 653.336,810.066 646.611,797.469C639.804,784.872 636.239,770.625 636.239,756.118C636.239,741.523 639.804,727.276 646.611,714.68C653.336,702.083 663.141,691.658 674.89,684.448C686.558,677.15 699.928,673.328 713.459,673.328C726.991,673.328 740.361,677.15 752.112,684.448C763.78,691.658 773.584,702.083 780.31,714.68C787.116,727.277 790.681,741.525 790.681,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118Z" style="fill:rgb(255,128,0);"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,495.905,117.379)">
<path d="M1099.39,756.118C1099.39,770.626 1095.82,784.874 1089.02,797.469C1082.29,810.066 1072.49,820.491 1060.82,827.702C1049.07,834.999 1035.7,838.822 1022.17,838.822C1008.63,838.822 995.264,834.999 983.596,827.702C971.847,820.492 962.042,810.066 955.317,797.469C948.51,784.872 944.945,770.625 944.945,756.118C944.945,741.523 948.511,727.276 955.317,714.68C962.042,702.083 971.847,691.658 983.596,684.448C995.264,677.15 1008.63,673.328 1022.17,673.328C1035.7,673.328 1049.07,677.15 1060.82,684.448C1072.49,691.658 1082.29,702.083 1089.02,714.68C1095.82,727.277 1099.39,741.525 1099.39,756.118" style="fill:none;fill-rule:nonzero;stroke:rgb(52,101,164);stroke-width:0.08px;"/>
</g>
<g transform="matrix(0.423185,0,0,0.453686,613.992,258.963)">
<g transform="matrix(53.3092,0,0,53.3092,296.35,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Rendezvous</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,776.886,519.873)">
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Relay</text>
</g>
<g transform="matrix(0.423185,0,0,0.453686,924.29,375.575)">
<g transform="matrix(53.3092,0,0,53.3092,124.423,0)">
</g>
<text x="0px" y="0px" style="font-family:'Helvetica';font-size:53.309px;">Entry</text>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,616.236,496.055)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,-0.438175,618.568,497.152)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,757.768,262.897)">
<path d="M330.234,166.032L193.058,348.322L196.941,351.246L334.117,168.955L330.234,166.032Z" style="fill-rule:nonzero;"/>
</g>
<g transform="matrix(0.438175,0,0,0.438175,760.1,261.799)">
<path d="M340.601,156.288L337.671,180.385L318.258,165.776L340.601,156.288Z"/>
<path d="M342.547,153.703L339.971,154.795L315.043,165.381L338.945,183.37L342.547,153.703ZM338.657,158.87L336.406,177.398L321.48,166.171L338.657,158.87Z"/>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

10
i18n/zh-Hant/basics/account-deletion.md
View File

@@ -1,22 +1,22 @@
---
title: "刪除帳"
title: "刪除帳"
icon: 'material/account-remove'
description: 一般人很容易累積大量的網路服務帳戶,這裏有一些如何順理這些資料的小訣竅。
---
隨著時間的推移,它可以很容易地積累一些在線帳戶,其中許多你可能不再使用。 刪除這些未使用的帳戶是收回隱私的重要一步,因為休眠帳戶容易受到數據洩露的影響。 資料外洩是指服務的安全性受到破壞,受保護的資訊被未經授權的行為者檢視、傳輸或竊取。 不幸的是近來資料外洩事件 [已見怪不怪](https://haveibeenpwned.com/PwnedWebsites) ,保持良好的數位清潔才能減輕資料外洩對個人生活的衝擊。 本指南的目標是幫助您通過令人討厭的帳戶刪除過程通常由 [欺騙性設計](https://www.deceptive.design/)使您變得困難,以改善您的在線存在
隨著時間的推移,一般人很容易地積累一些網路帳戶,但可能其中有不少早已不再使用。 刪除這些未使用的帳戶是收回隱私的重要一步,因為休眠帳戶容易受到數據洩露的影響。 資料外洩是指服務的安全性受到破壞,受保護的資訊被未經授權的行為者檢視、傳輸或竊取。 不幸的是近來資料外洩事件 [已見怪不怪](https://haveibeenpwned.com/PwnedWebsites) ,保持良好的數位清潔才能減輕資料外洩對個人生活的衝擊。 本指南的目標是幫助您通過令人討厭的帳戶刪除過程----通常由 [欺騙性設計](https://www.deceptive.design/)讓刪除困難,以改善您的網路現身
## 查找舊帳戶
### 密碼管理器。
如果你有一個密碼管理器,你已經使用了你的整個數字生活,這部分將非常容易。 通常,它們包括內置功能,用於檢測您的憑證是否在數據洩露中暴露-例如Bitwarden的 [數據洩露報告](https://bitwarden.com/blog/have-you-been-pwned/)。
如果您使用一個貫穿整個數位生活的密碼管理器,這部分將非常容易。 通常,它們包括內置功能,用於檢測您的憑證是否在資料洩露中暴露-例如Bitwarden的 [資料洩露報告](https://bitwarden.com/blog/have-you-been-pwned/)。
<figure markdown>
![Bitwarden's 資料外洩報告特色](../assets/img/account-deletion/exposed_passwords.png)
</figure>
即使您之前沒有明確使用過密碼管理器,也有可能您在瀏覽器或手機中使用了密碼管理器,甚至沒有意識到這一點。 例如: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins)、 [Google Password Manager](https://passwords.google.com/intro) 和 [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)。
即使您之前沒有明確使用過密碼管理器,但可能在無意中早已透過瀏覽器或手機中使用了密碼管理器。 例如: [Firefox 密碼管理器](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins)、 [Google 密碼管理器](https://passwords.google.com/intro) 和 [Edge 密碼管理器](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)。
桌面平臺通常還有一個密碼管理器,可以幫助您恢復忘記的密碼:
@@ -39,7 +39,7 @@ description: 一般人很容易累積大量的網路服務帳戶,這裏有一
### GDPR (僅限歐洲經濟區居民)
歐盟居民在資料刪除上享有額外權利,其詳見於 GDPR [第 17 條](https://www.gdpr.org/regulation/article-17.html)規定。 如果適用於您,請閱讀任何特定服務的隱私權政策,以查找有關如何行使刪除權利的資訊。 閱讀隱私政策可能很重要,因為某些服務的「刪除帳戶」選項,實際上只是停用您的帳戶,若要真正刪除,您必須採取額外行動。 有時,刪除過程中可能需填寫調查、向服務商的資料保護人員發送電子郵件,甚至提出您為歐盟居民的證明。 如果您計劃這樣做,請執行 **而不是** 覆寫帳戶信息-可能需要您作為歐洲經濟區居民身份。 Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation.
歐盟居民在資料刪除上享有額外權利,其詳見於 GDPR [第 17 條](https://www.gdpr.org/regulation/article-17.html)規定。 如果適用於您,請閱讀任何特定服務的隱私權政策,以查找有關如何行使刪除權利的資訊。 閱讀隱私政策可能很重要,因為某些服務的「刪除帳戶」選項,實際上只是停用您的帳戶,若要真正刪除,您必須採取額外行動。 有時,刪除過程中可能需填寫調查、向服務商的資料保護人員發送電子郵件,甚至提出您為歐盟居民的證明。 如果您打算這樣做,請 **不要** 覆寫帳戶資訊-可能需要歐盟居民身份。 請注意,服務的位置並不重要; GDPR 適用於為歐盟用戶服務的任何人。 若服務商不願尊重您請求刪除的權利,可聯絡所在國的[官方資料保護機關](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en),您可能有權請求金錢賠償。
### 覆寫帳戶資訊

82
i18n/zh-Hant/basics/common-misconceptions.md
View File

@@ -1,60 +1,94 @@
---
title: "常見的迷思"
icon: 'material/robot-confused'
description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation.
description: 隱私並不是一個直覺的話題,它容易遭行銷話術與其它虛假訊息的綁架。
schema:
-
"@context": https://schema.org
"@type": FAQPage
mainEntity:
-
"@type": Question
name: 開源軟件本質上安全嗎?
acceptedAnswer:
"@type": Answer
text: |
源代碼是否可公開取得以及軟件本身的授權條件並不會影響其安全性。 開源軟件可能比商有軟件更安全,但這點並非絕對保證。 評估軟體時,應該根據個別情況來評估每個工具的聲譽和安全性。
-
"@type": Question
name: 將信任轉移到另一個提供商可以增加隱私嗎?
acceptedAnswer:
"@type": Answer
text: |
在討論 VPN 等解決方案時,我們經常談到「轉移信任」 (將您對 ISP 的信任轉移到 VPN 提供商)。 雖然這可以特別保護瀏覽數據免受 ISP 影響,但挑選的 VPN 提供商仍然可以訪問您的瀏覽數據:資料並非得到完全保護。
-
"@type": Question
name: 以隱私為中心的解決方案本質上可信賴嗎?
acceptedAnswer:
"@type": Answer
text: |
僅專注於單一工具或提供商的隱私政策和營銷可能會讓您忽視其弱點。 當您正在尋找更私密的解決方案時,您應該確定潛在的問題是什麼,並找到該問題的技術解決方案。 例如,您可能希望避免 Google 雲端硬碟,這會讓 Google 存取您的所有資料。 這種情況下潛在的問題是缺乏E2EE ,因此應確保切換的提供商有真地落實 E2EE ,或者使用雲端服務商提供的 E2EE 工具如Cryptomator )。 轉換到“以隱私為中心”的提供商(其不用 E2EE )不能解決您的問題:它只是將信任從 Google 轉移到該供應商。
-
"@type": Question
name: 我的威脅模型需要多複雜?
acceptedAnswer:
"@type": Answer
text: |
我們經常看到人們描述過於複雜的隱私威脅模型。 通常,這些解決方案包括許多不同的電子郵件帳戶或具有許多移動部件和條件的複雜設置等問題。 答案通常是“做 X 的最佳方式是什麼?”
為自己找到“最佳”解決方案並不一定意味著您正在尋找具有數十種條件的絕對解決方案-這些解決方案通常很難實際使用。 正如先前所討論的,安全性通常是以方便為代價。
---
## 「開源軟體永遠是安全的」或「商業軟體更安全」
這些迷思源於許多偏見,原始碼是否開放以及軟體的許可並不會以任何方式影響其安全性。 開源軟件 *可能* 比商業軟件更安全,但絕對不能保證這一點。當你評估軟體時,應該根據每個工具的聲譽和安全性進行評估。
這些迷思源於許多偏見,原始碼是否開放以及軟體的許可並不會以任何方式影響其安全性。 ==開源軟件 *可能* 比商業軟件更安全,但絕對不能保證這一點。==評估軟體時,應該根據每個工具的聲譽和安全性進行評估。
Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是對於較小的軟體項目。 The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1]
開源軟體*能夠*由第三方人員進行審計,比起同類商用軟體,前者對待潛在漏洞更為透明。 它還允許您查看代碼並禁用您發現的任何可疑功能。 然而,*除非真的這樣做了*,否則不能保證程式碼曾經被評估過,特別是小型軟體專案。 開放的發展過程有時會遭利用,甚至在大型專案中被引入新的漏洞。
另一方面,專有軟件不太透明,但這並不意味著它不安全。 主要的專有軟件項目可以由內部和第三方機構進行審計,獨立的安全研究人員仍然可以通過逆向工程等技術發現漏洞。
另一方面,專有軟件不太透明,但這並不意味著它不安全。 主要的商用軟件專案會由內部和第三方機構進行審計,獨立的安全研究人員仍然可以通過逆向工程等技術發現漏洞。
To avoid biased decisions, it's *vital* that you evaluate the privacy and security standards of the software you use.
避免決策上的偏見,這點在評估所使用軟體的隱私與安全標準上至關重要。
## 「信任的轉移可以增加隱私」
在討論 VPN 等解決方案時,我們經常談到「轉移信任」 (將您對 ISP 的信任轉移到 VPN 提供商)。 雖然這可以保護您的瀏覽數據免受 *特定* ISP 的侵害,但您選擇的 VPN 提供商仍然可以訪問您的瀏覽數據:您的數據並非完全受到各方的保護。 這意味著:
在討論 VPN 等解決方案時,我們經常談到「轉移信任」 (將您對 ISP 的信任轉移到 VPN 提供商)。 雖然這可以保護您的瀏覽資料免受 *特定* ISP 的侵害,但您選擇的 VPN 提供商仍然可以訪問您的瀏覽數據:您的資料並非完全受到各方的保護。 這意味著:
1. You must exercise caution when choosing a provider to shift trust to.
2. You should still use other techniques, like E2EE, to protect your data completely. Merely distrusting one provider to trust another is not securing your data.
1. 把信任轉付給挑選的服務供應商時,您必須謹慎行事。
2. 您應該利用其它技巧,如 E2EE 來完全保護您的資料。 僅因個別供應商的信任與否,並不能確保資料的安全。
## "Privacy-focused solutions are inherently trustworthy"
## 「以隱私為中心的解決方案本質上是值得信賴的」
Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. 當您正在尋找更私密的解決方案時,您應該確定潛在的問題是什麼,並找到該問題的技術解決方案。 For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider.
僅專注於單一工具或提供商的隱私政策和營銷可能會讓您忽視其弱點。 當您正在尋找更私密的解決方案時,您應該確定潛在的問題是什麼,並找到該問題的技術解決方案。 例如,您可能希望避免 Google 雲端硬碟,這會讓 Google 存取您的所有資料。 這種情況的問題是缺乏 E2EE 因此您應該確保您轉換的供應商真正實現了E2EE ,或者使用可在任何雲提供商安裝 E2EE 的工具(如 [Cryptomator](../encryption.md#cryptomator-cloud))。 轉換到“以隱私為中心”的提供商(其不用 E2EE )不能解決您的問題:它只是將信任從 Google 轉移到該供應商。
The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all.
您選擇的供應商的隱私政策和商業實踐非常重要,但應視為隱私技術保證的次要條件:當無須信任供應商時,您不必將信任轉移到另一個供應商。
## 「愈複雜愈好」
我們經常看到人們描述過於複雜的隱私威脅模型。 通常,這些解決方案包括許多不同的電子郵件帳戶或具有許多動部件和條件的複雜設置等問題。 The replies are usually answers to "What is the best way to do *X*?"
我們經常看到人們描述過於複雜的隱私威脅模型。 通常,這些解決方案包括許多不同的電子郵件帳戶或具有許多動部件和條件的複雜設置等問題。 答案通常是“做 * X *的最佳方式是什麼?”
Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips:
為自己找到“最佳”解決方案並不一定意味著您正在尋找具有數十種條件的絕對解決方案-這些解決方案通常很難實際使用。 正如先前所討論的,安全性通常是以方便為代價。 下面,我們提供一些訣竅:
1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions.
2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember.
3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight.
1. == 行動需要達到特定的目的:== 想想如何用最少的行動做到想做的事。
2. ==移除人類的失敗點:== 人總會失敗、疲倦、忘記事情。 要保持安全性,請避免依賴大腦記憶的手動條件和流程。
3. = =使用您要想的適當保護等級。== 我們經常看到所謂的執法或傳票證明解決方案的建議。 這些通常需要專業知識,通常不是人們想要的。 建立一個複雜的匿名威脅模型是沒有意義的,如果您的行為容易地被一個簡單的監督去匿名化。
So, how might this look?
那麼,這看起來會怎麼樣?
One of the clearest threat models is one where people *know who you are* and one where they do not. 總會有你必須申報你的法定姓名的情況,有其他不需要的情況
最清晰的威胁模型之一是,部分人*,知道你是谁* ,而另一部分人不知道。 有些必須提出您的法定姓名的情況,但也有其他情況不需要提供全名
1. **Known identity** - A known identity is used for things where you must declare your name. 有許多法律文件和合同需要合法身份。 這可能包括開設銀行帳戶簽署財產租賃獲得護照進口物品時的海關申報,或其他方式與您的政府打交道。 這些東西通常會導致憑證,如信用卡,信用評級檢查,帳戶號碼,以及可能的物理地址。
1. **已知身份** - 已知身份是用于必須告之姓名的事務。 有許多法律文件和合同需要合法身份。 這可能包括開設銀行帳戶簽署財產租賃獲得護照進口物品時的海關申報,或其他政府打交道的方式。 這些東西通常會需要憑證,如信用卡,信用評級檢查,帳戶號碼,以及實際地址
我們不建議您使用 VPN 或 Tor 來處理這些事情,因為您的身份已經通過其他方式被對方知道。
!!! tip
!!! 訣竅
在網上購物時,使用[包裹儲物櫃] (https://zh.wikipedia.org/wiki/Parcel_locker)有助於保護您實際地址的私密性。
在網上購物時,使用[包裹儲物櫃] (https://zh.wikipedia.org/wiki/Parcel_locker)有助於保護您實際地址的私密性。
2. **未知身份** - 未知身份可能是您經常使用的穩定假名。 它不是匿名,因為不會變。 如果您是線上社群的一員,您可能希望保留其他人知道的角色。 這個假名不是匿名的,因為如果監控時間足夠長,關於所有者的詳細信息可以透露更多信息,例如他們的寫作方式,他們對感興趣主題的一般知識等。
2. **未知身份** - 未知身份可能是您經常使用的穩定假名。 它已不算匿名,因為不會變。 如果您是線上社群的一員,您可能希望保留其他人知道的角色。 這個假名不是匿名的,因為如果監控時間足夠長,關於所有者的詳細信息可以透露更多信息,例如他們的寫作方式,他們對感興趣主題的一般知識等。
您可能希望使用 VPN 來隱藏您的 IP 地址。 金融交易更難掩蓋:您可以考慮使用匿名加密貨幣,例如 [Monero](https://www.getmonero.org/)。 採用山寨幣轉移也可能有助於偽裝您的貨幣源。 通常情況下,交易所需要完成 KYC (了解您的客戶) ,然後才能將法定貨幣兌換為任何類型的加密貨幣。 線下操作也可能是一個解決方案;然而,這些往往更昂貴,有時也需要 KYC。
您可能希望使用 VPN 來隱藏您的 IP 地址。 金融交易更難掩蓋:您可以考慮使用匿名加密貨幣,例如 [Monero](https://www.getmonero.org/)。 採用山寨幣轉移也可能有助於偽裝您的貨幣源。 通常情況下,交易所需要完成 KYC (了解您的客戶) ,然後才能將法定貨幣兌換為任何類型的加密貨幣。 線下操作也可能是一個解決方案;然而,這些往往更昂貴,有時也需要 KYC。
3. **匿名身份** - 即使有經驗的專家,也很難長時間保持一個帳號的匿名性。 它們應該是短期和短暫的身份,定期輪流。
使用 Tor 可以幫助我們做到這一點。 同樣值得注意的是,通過異步溝通可以實現更大的匿名性:實時溝通容易受到打字模式分析的影響(即不止一段文字,在論壇上分發,通過電子郵件等)。
[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident).
[^1]: 一個值得注意的例子是 [發生在2021年明尼蘇達大學的研究人員在 Linux 內核開發項目中引入了三個漏洞](https://cse.umn.edu/cs/linux-incident).

160
i18n/zh-Hant/basics/common-threats.md
View File

@@ -1,148 +1,148 @@
---
title: "Common Threats"
title: "常見威脅"
icon: 'material/eye-outline'
description: Your threat model is personal to you, but these are some of the things many visitors to this site care about.
description: 您的威脅模型雖說是個人的事,但它也是本站許多訪客關心的課題。
---
廣義講,我們將我們的建議分為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 可能會關心沒有,一個,幾個或所有這些可能性,你使用的工具和服務取決於的目標是什麼。 您也可能有這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。
廣義講,我們將建議歸類為適用於大多數人的 [威脅](threat-modeling.md) 或目標。 可能會在意各種可能性的組合,而選用的工具和服務取決於的目標何在。 您也可能有超出這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。
- <span class="pg-purple">:material-incognito: 匿名</span> -保護您的在線活動免受您真實身份影響,保護您免受試圖特別揭露 *您* 身份的人的侵害。
- <span class="pg-red">:material-target-account: 針對性的攻擊</span> -保護免受駭客或其他惡意行為者的攻擊,這些行為者正試圖特別訪問 *您的* 個數據或設備。
- <span class="pg-purple">:material-incognito: 匿名</span> -保護您的在線活動免受您真實身份影響,保護您防範某些企圖揭露 *您* 身份的侵害。
- <span class="pg-red">:material-target-account: 針對性的攻擊</span> -保護免受駭客或其他惡意行為者的攻擊,他們正試圖存取訪問 *您的* 資料或設備。
- <span class="pg-orange">:material-bug-outline: 被動攻擊</span> -保護免受惡意軟體、數據洩露和其他同時針對多人的攻擊。
- <span class="pg-teal">:material-server-network: Service Providers</span> - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server).
- <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> - Protection from government agencies, organizations, websites, and services which work together to track your activities.
- <span class="pg-brown">:material-account-cash: Surveillance Capitalism</span> - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors.
- <span class="pg-green">:material-account-search: Public Exposure</span> - Limiting the information about you that is accessible online—to search engines or the general public.
- <span class="pg-blue-gray">:material-close-outline: Censorship</span> - Avoiding censored access to information or being censored yourself when speaking online.
- <span class="pg-teal">:material-server-network: 服務供應商</span> - 保護您的資料免受服務供應商侵害(例如,使用 E2EE ,使您保存在伺服器的資料無法被他人讀取)。
- <span class="pg-blue">:material-eye-outline: 大規模監控</span> -保護您免受政府機構、組織、網站和服務共同追蹤您的活動。
- <span class="pg-brown">:material-account-cash: 監控資本主義</span> - 保議自己不會被 Google Facebook 等大型網路廣告以及其它無數第三方資料收集者監控。
- <span class="pg-green">:material-account-search: 公開曝光</span> -限制搜尋引擎或一般大眾可在網路上找到有關您的資訊。
- <span class="pg-blue-gray">:material-close-outline: 審查</span> -避免資訊被封鎖或自己的網路發言時受到審查。
其中一些威脅對您來說可能比其他威脅更重,這取決於您的具體問題。 For example, a software developer with access to valuable or critical data may be primarily concerned with <span class="pg-red">:material-target-account: Targeted Attacks</span>, but they probably still want to protect their personal data from being swept up in <span class="pg-blue">:material-eye-outline: Mass Surveillance</span> programs. Similarly, many people may be primarily concerned with <span class="pg-green">:material-account-search: Public Exposure</span> of their personal data, but they should still be wary of security-focused issues, such as <span class="pg-orange">:material-bug-outline: Passive Attacks</span>—like malware affecting their devices.
其中一些威脅對您來說可能比其他威脅更重,這取決於您的具體問題。 例如,有權訪問有價值或重要資料的開發人員可能主要關注 <span class="pg-red">:material-target-account: 針對性攻擊</span>,但他們仍然希望保護自己的個資免受 <span class="pg-blue">:material-eye-outline: 大規模監控</span> 計劃的影響。 同樣,許多人主要關心其個人資料的 <span class="pg-green">:material-account-search: 公開曝光</span> ,但他們仍應該警惕聚焦安全的問題,例如 <span class="pg-orange">:material-bug-outline: 被動攻擊</span>-例如惡意軟件影響他們的設備。
## Anonymity vs. Privacy
## 匿名 vs. 隱私
<span class="pg-purple">:material-incognito: Anonymity</span>
<span class="pg-purple">:material-incognito: 匿名性</span>
Anonymity is often confused with privacy, but they're distinct concepts. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real identity.
匿名通常與隱私相混淆,但它們是不同的概念。 隱私是您對如何使用和共享資料所做出的一系列選擇,而匿名是將您的線上活動與真實身份完全分離。
Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. Most people don't need to go so far.
舉例來說,揭密者和記者會需要一個更極端、要求完全匿名的威脅模型。 這不僅隱藏了他們所做的事情、擁有的資料,不會被惡意行為者或政府駭客入侵,而且還完全隱暪了他們的身份。 他們經常需犧牲任何形式的便利,以保護自身的匿名性,隱私或安全,因為很可能事關自己的性命。 大多數人都不需要那樣。
## Security and Privacy
## 安全與隱私
<span class="pg-orange">:material-bug-outline: Passive Attacks</span>
<span class="pg-orange">:material-bug-outline: 被動攻擊</span>
Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.)
安全性和隱私也經常被混淆,因為您需要安全性來獲得任何形式的隱私:使用的工具----即便設計私密----但若很容易地受到攻擊者造成資料外洩,一切就是白廢了。 然而,相反的情況並不一定成立:世界上最安全的服務 *不一定是* 私密。 最好的例子是信任把資料交給 Google因為它們規模龐大聘請業界領先的安全專家來保護其基礎設施幾乎沒有發生過安全事故。 儘管 Google 提供了非常安全的服務但很少有人會認為在Google 免費消費產品(GmailYouTube 等)中的資料是私有的。
When it comes to application security, we generally don't (and sometimes can't) know if the software we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there's generally no guarantee that their software doesn't have a serious vulnerability that could later be exploited.
當涉及到應用程式安全性時,我們通常不知道(有時甚至無法)使用的軟體是否是惡意或者有一天它會變成惡意。 即使是最值得信賴的開發人員,也無法保證他們的軟體沒有嚴重的漏洞有一天會被利用。
To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control.
減少惡意軟體*可能造成的破壞* ,最好能落實安全劃分方案。 例如,用不同電腦作不同的事、利用虛擬器來分組不同的相關應用程式,或者使用一個高集中的應用程式沙盒和強制訪問控制的安全操作系統。
!!! tip
!!! 提示
Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources.
行動作業系統通常具有比桌面作業系統具備更好的應用程式沙盒:應用程式沒有根存取權限,且需要存取系統資源的權限。
Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os).
桌面操作系統通常在適當的沙盒化上落後。 ChromeOS 具備與 Android 相似的沙盒功能, macOS 具有完整的系統權限控制(開發人員可以選擇為應用程式加入沙盒)。 然而,這些作業系統確實會將識別資料傳回給各自的原始設備製造商。 Linux 傾向於不對系統供應商提交資料,但它在漏洞和惡意應用程式的保護很差。 這可以通過專門的發行版來緩解,這些發行版大量使用虛擬器或容器,例如 [Qubes OS] ../../desktop/# qubes-os )。
<span class="pg-red">:material-target-account: Targeted Attacks</span>
<span class="pg-red">:material-target-account: 目標攻擊</span>
Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies.
針對特定人士的針對性攻擊更難處理。 常見的攻擊包括通過電子郵件發送惡意文件、利用(瀏覽器和操作系統的)漏洞以及物理攻擊。 如果這是您擔心這點,應該採用更先進的威脅減輕策略。
!!! tip
!!! 提示
By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this.
在設計上, * *網頁瀏覽器* *、* *電子郵件用戶端* *和* *辦公室應用程式* *常常運行第三方發送無法信任的代碼。 運行多個虛擬器-將這些應用程序與主機系統相互分開,此技術可減少系統遭到應用程序攻擊的機會。 例如, Qubes OS 或 Windows 上的 Microsoft Defender Application Guard 等技術提供了方便的作法。
If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user.
若您特別擔心 **物理攻擊**,就應選用具安全驗證開機的作業系統,例如 Android, iOS, macOS, [Windows ( TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process)。 應確保您的驅動器是加密的,並且操作系統使用 TPM Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) [Element](https://developers.google.com/android/security/android-ready-se) 來限制輸入加密密碼的嘗試率。 您應該避免與不信任的人共享您的電腦,因為大多數桌面作業系統不會單獨加密每個用戶的數據。
## Privacy From Service Providers
## 服務供應商的隱私權
<span class="pg-teal">:material-server-network: Service Providers</span>
<span class="pg-teal">:material-server-network: 服務提供商</span>
We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are typically stored on a server, somewhere. Generally, when you send someone a message it's stored on a server, and when your friend wants to read the message the server will show it to them.
我們活在一個幾乎所有東西都連上網際網路的世界。 我們的「私人」訊息、電子郵件和社交互動通常儲存在伺服器的某個地方。 通常,當您向某人發送訊息時,它會儲存在伺服器上,當對方想要閱讀訊息時,伺服器會將其顯示給他們。
The obvious problem with this is that the service provider (or a hacker who has compromised the server) can access your conversations whenever and however they want, without you ever knowing. This applies to many common services, like SMS messaging, Telegram, and Discord.
顯而易見的問題是,服務提供商(或破壞伺服器的黑客)可以隨時隨地訪問您的對話,而您永遠不會知道。 這適用在許多常見服務,如 SMS 簡訊、Teleram Discord
Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party.
慶幸的是, E2EE 可以加密您與收件人之間的通信,甚至在訊息送到伺服器之前,緩解此問題。 假設服務提供商無法訪問任何一方的私鑰,您的訊息保密性得到保證。
!!! note "Note on Web-based Encryption"
!!! 備註 "Web 加密備註"
In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering).
實際上,不同 E2EE 操作的效力各不相同。 應用程式,例如 [Signal](../real-time-communication.md#signal) ,會在您的裝置上原生執行,且此應用程式在不同設備的安裝上都是如此。 如果服務提供商在他們的應用程序中引入 [後門](https://zh.wikipedia.org/wiki/Backdoor_(computing) ----試圖竊取您的私鑰----它稍後可以通過[逆向工程] (https://zh.wikipedia.org/wiki/Reverse_engineering )檢測。
On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt.
另一方面,執行網頁 E2EE例如 Proton Mail 的網頁郵件或Bitwarden 的* Web Vault * 依靠伺服器動態地向瀏覽器提供JavaScript 代碼來處理加密。 惡意伺服器可以針對您發送惡意 JavaScript 代碼以竊取您的加密密鑰(這將非常難以察覺)。 因為伺服器可以選擇為不同的人提供不同的網頁用戶端,即使您注意到攻擊也很難證明提供商有罪。
Therefore, you should use native applications over web clients whenever possible.
因此,您應該盡可能使用原生軟體程式多於網頁客戶端。
Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all.
即便使用 E2EE ,服務商仍然可以對 **元數據**進行分析,這通常不受保護。 雖然服務提供商無法讀取您的訊息,但他們仍然可以觀察重要的事情,例如您正在與誰交談、傳送訊息的頻率以及使用活躍時段。 元數據的保護不多,如果它在您的 [威脅模型](threat-modeling.md)中,就應該密切注意使用軟體的技術文檔,看看元數據是否最小化或任何保護。
## Mass Surveillance Programs
## 大規模監督計劃
<span class="pg-blue">:material-eye-outline: Mass Surveillance</span>
<span class="pg-blue">:material-eye-outline: 大規模監測</span>
Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative.
大規模監控是對全體 (或其中某一群特定)人群進行錯綜複雜的監視活動。[^1] 它通常是指政府項目,例如由[Edward Snowden 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present))所揭露的內幕。 然而,它也可以由公司代表政府機構或由他們自己主動進行。
!!! abstract "Atlas of Surveillance"
!!! 摘要"監控地圖集"
If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/).
如果您想進一步了解監控方法及其在您所在城市的實施方式,您也可以查看[電子前鋒基金會 EFF] (https://www.eff.org/)的[監控地圖集] (https://atlasofsurveillance.org/)。
In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net.
在法國,您可以看看非營利組織 La Quadrature du Net 維護的 [Technolopolice 網站] (https://technopolice.fr/villes/ )。
Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others.
政府常認為大規模監控計劃是打擊恐怖主義和預防犯罪的必要手段。 然而,少數羣體和政治異見人士最常遭受不成比例地人權侵害。
!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)"
!!! 美國自由民權聯盟 ACLU [*9/11 的隱私教訓:大規模監控不是前進的道路*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)
In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every Americans phone calls — whos calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about peoples lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline.
面對[愛德華·斯諾登( Edward Snowden )披露的 [PRISM] https://en.wikipedia.org/wiki/PRISM )和 [Upstream] https://en.wikipedia.org/wiki/Upstream_collection ]等政府計劃,情報官員承認,國家安全局多年來一直祕密地收集每個美國人電話的記錄—誰在打電話,何時打電話,以及通話時間多久。 當 NSA 日復一日地收集這類資訊時,就可以揭示人們生活相關聯的敏感細節,例如他們是否打電話給牧師、墮胎提供者、成癮顧問或自殺熱線。
Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2]
儘管在美國有越來越多的大規模監控,政府卻發現像依 215 條採取的監控計畫在阻卻犯案與恐怖陰謀上沒有實用價值,它們幾乎只是重複著 FBI 所做的特定監控計畫而已。[^2]
Online, you can be tracked via a variety of methods:
在網上,您可以通過各種方法進行追蹤:
- Your IP address
- Browser cookies
- The data you submit to websites
- Your browser or device fingerprint
- Payment method correlation
- 您的 IP 地址
- 瀏覽器 cookie
- 您提交到網站的資料
- 您的瀏覽器或裝置指紋
- 付款方式關聯
\[This list isn't exhaustive].
\ [此列表並非詳盡無缺]。
If you're concerned about mass surveillance programs, you can use strategues like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information.
如果您擔心大規模監控計劃,您可以隨時隨地策略性避免提供識別個資,例如劃分您的網路身份,與其他用戶混合。
<span class="pg-brown">:material-account-cash: Surveillance Capitalism</span>
<span class="pg-brown">:material-account-cash: 監控資本主義</span>
> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3]
> 監控資本主義的核心是獲取個人資料並將之商品化,以謀求最大利潤的經濟體系。[^3]
For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4]
對於許多人來說,私人公司的追蹤和監視是一個越來越令人擔憂的問題。 無處不在的廣告網絡,例如 Google Facebook 運營的廣告網絡,跨越網際網路遠超過他們控制的網站,在跟蹤您的行為。 使用內容攔截工具來限制對伺服器的請求、閱讀了解所用服務的隱私政策,都有助於避開許多基本對手 (雖然這不能完全防止跟蹤)。[^4]
Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you.
此外,即使是 *AdTech* 或追蹤行業以外的公司,也可以與 [資料掮客](https://en.wikipedia.org/wiki/Information_broker) (如Cambridge AnalyticaExperian Datalogix )或其他方共享您的資料。 您無法自行假設您的資料是安全的,因為您使用的服務不屬於典型的 AdTech 或跟蹤商業模式。 對抗企業資料收集最好的保護是盡可能加密或混淆您的數據,讓不同的供應商難以將資料相互關聯去建立您的個人剖繪。
## Limiting Public Information
## 限制公共資訊
<span class="pg-green">:material-account-search: Public Exposure</span>
<span class="pg-green">:material-account-search: 公共曝露</span>
The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy.
保持資料私密性的最佳方法是根本不要公開它。 刪除網路上有關您現已不用的資訊是恢復隱私的最佳第一步。
- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md)
- [查看帳戶刪除指南 :material-arrow-right-drop-circle:](account-deletion.md)
On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission.
對於您分享資訊的網站,檢查帳戶的隱私設定以限制資料傳播的範圍非常重要。 例如,如果提供選項,請在您的帳戶上啟用「私人模式」:這可確保您的帳戶不會被搜尋引擎編入索引,而且在未經您的許可下無法查看。
If you've already submitted your real information to sites which shouldn't have it, consider using disinformation tactics, like submitting fictitious information related to that online identity. This makes your real information indistinguishable from the false information.
如果您已經將真實資訊提交給不應該擁有該資訊的網站,請考慮使用虛假策略,例如提交該網路身份的虛構資訊。 這使得您的真實資訊無法與虛假資訊作區分。
## Avoiding Censorship
## 避免審查
<span class="pg-blue-gray">:material-close-outline: Censorship</span>
<span class="pg-blue-gray">:material-close-outline: 審查</span>
Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5]
網口審查包括由極權主義政府、網路管理員和服務提供商等所進行的行為(在不同程度上)。 這些試圖控制通訊與限縮資料取用的作為,往往不見容於意見自由的基本人權。[^5]
Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship.
對企業平臺的審查越來越普遍,如Twitter Facebook 等平臺屈服於公眾需求、市場和政府機構的壓力。 政府對企業的施壓可能是隱蔽的,例如白宮私下 [要求拿掉](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) 某個勯動的 Youtube 影片,或是公開者如中國政府命令企業要遵循嚴厲的審查制度。
People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily.
關注審查威脅的人可以使用像 [Tor](../advanced/tor-overview.md) 這樣的技術來規避它,並支持像 [Matrix](../real-time-communication.md#element)這樣的抗審查通信平臺,該平臺沒有可以任意關閉帳戶的集中帳戶權限。
!!! tip
!!! 提示
While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic.
雖然很容易避掉審查,但隱藏您正在做的事可就沒那麼簡單了。
You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection).
您應該考慮可讓對手觀察哪些網路行為,以及能否對這些行為有合理的否認說辭。 例如,使用[加密 DNS ] (../advanced/dns-overview.md#what-is-encrypted-dns)可以幫助您繞過對 DNS 基本審查系統,但它無法對 ISP 隱藏您正在訪問的內容。 VPN Tor 有助於向網路管理員隱藏您正在訪問的內容,但無法隱藏您正在使用 VPN 或 Tor 。 可插拔傳輸(例如 Obfs4proxyMeek Shadowsocks 可以幫助您避開阻擋常見VPN 協議或 Tor 的防火牆,但仍然可以通過探測或[深度封包檢查] (https://en.wikipedia.org/wiki/Deep_packet_inspection)等方法檢測您嘗圖作的規避。
You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught.
您必須考慮試圖繞過網路審查的風險、潛在的後果以及您的對手可能很經驗老道。 您應該謹慎選擇軟件,並制定備份計劃以防被抓住。
[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance).
[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^4]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about"), as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You should also employ other mitigation techniques.
[^5]: United Nations: [*Universal Declaration of Human Rights*](https://www.un.org/en/about-us/universal-declaration-of-human-rights).
[^1]: 維基百科: [*大型監控*](https://en.wikipedia.org/wiki/Mass_surveillance) [*監控*](https://en.wikipedia.org/wiki/Surveillance).
[^2]: 美國隱私和公民自由監督委員會: [*根據第 215 條進行的電話記錄計劃的報告*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf)
[^3]: 維基百科: [*監控資本主義*](https://en.wikipedia.org/wiki/Surveillance_capitalism)
[^4]: [枚舉壞處](https://www.ranum.com/security/computer_security/editorials/dumb/)” (或“列出所知的全部壞事” ),未能充分保護您免受新的和未知的威脅,因為許多廣告攔截程式和防病毒程式尚未被添加到過濾器列表。 您還應採用其他緩解技術。
[^5]: 聯合國: [*《世界人權宣言》*](https://www.un.org/en/about-us/universal-declaration-of-human-rights).

10
i18n/zh-Hant/basics/email-security.md
View File

@@ -1,7 +1,7 @@
---
title: 電子郵件安全
icon: material/email
description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications.
description: 從許多方面來看電子郵件本質上是不安全的,這也是它並非安全通信首選的原因。
---
電子郵件本身即非安全的通訊形式。 您可以使用 OpenPGP 等工具提高電子郵件安全性,這些工具為您的消息添加端到端加密,但與其他消息傳遞應用程序中的加密相比, OpenPGP 仍然存在許多缺點,而且由於電子郵件的設計方式,某些電子郵件數據永遠不會加密。
@@ -18,15 +18,15 @@ description: Email is inherently insecure in many ways, and these are some of th
### 哪些郵件客戶端支持 E2EE
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). 根據驗證方法的不同如果提供者或電子郵件用戶端不支持OAT或橋接應用程序這可能會導致安全性降低因為 [多因素驗證](multi-factor-authentication.md) 在純密碼驗證中是不可能的。
電子郵件服務供應商讓您能使用標準訪問協議如 IMAP 與SMTP以便應用[我們推薦的電子郵件客戶端軟體](../email-clients.md) 根據驗證方法的不同如果提供者或電子郵件用戶端不支持OAT或橋接應用程序這可能會導致安全性降低因為 [多因素驗證](multi-factor-authentication.md) 在純密碼驗證中是不可能的。
### 我要怎樣保護自己的私密鑰匙?
A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
安全鑰卡 (例如 [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) [Nitrokey](https://www.nitrokey.com)) 可在設備 (手機、平板或桌機等 ) 的電子郵件軟體或網頁電郵上收取加密的郵件訊息。 安全鑰卡會解密該訊息再把解開的內容傳到設備。
在智能卡上進行解密是有利的,以避免可能將您的私鑰暴露在受損的設備上。
## Email Metadata Overview
## 電子郵件元資料概覽
電子郵件中繼資料儲存在電子郵件的 [個訊息標題](https://en. wikipedia. org/wiki/Email#Message_header) 中,並包含您可能已經看到的一些可見標題,例如: `To``From``Cc``Date``Subject`。 許多電子郵件客戶端和提供商還包含一些隱藏的標題,可以揭示有關您的帳戶的信息。
@@ -36,6 +36,6 @@ A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/36
電子郵件元數據受到外部觀察者的保護, [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) 保護它免受外部觀察者的影響,但它仍然能夠被您的電子郵件客戶端軟件(或網絡郵件)和任何伺服器看到,將您的消息轉發給任何收件人,包括您的電子郵件提供商。 有時,電子郵件伺服器也會使用第三方服務來防範垃圾郵件,垃圾郵件通常也可以訪問您的郵件。
### Why Can't Metadata be E2EE?
### 爲什麼元數據不能是E2EE
電子郵件元數據對於電子郵件最基本的功能(它來自何處,以及它必須去向何處)至關重要。 E2EE 最初並未內建於電子郵件協議中,而是需要像 OpenPGP 這樣的附加軟件。 由於 OpenPGP 訊息仍必須與傳統的電子郵件供應商合作,因此它無法加密電子郵件元數據,只能加密訊息正文本身。 這意味著即使在使用 OpenPGP 時,外部觀察者也可以看到關於您的消息的大量信息,例如您正在發送電子郵件的人,主題行,當您發送電子郵件時等。

94
i18n/zh-Hant/basics/multi-factor-authentication.md
View File

@@ -1,7 +1,7 @@
---
title: "多重身分驗證"
icon: 'material/two-factor-authentication'
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
description: MFA是保護您線上帳戶的關鍵安全機制,但有些方法比其他方法更強大。
---
**多因素認證****MFA**)是一種安全機制,除了輸入用戶名(或電子郵件)和密碼之外,還需要其他步驟。 最常見的方法是您會從簡訊或應用程式收到的有時間限制的代碼。
@@ -14,15 +14,15 @@ description: MFA is a critical security mechanism for securing your online accou
### 簡訊或 Email 多重身分驗證
透過簡訊或電子郵件接收 OTP 代碼是透過 MFA 保護帳戶安全的最弱方法之一。 Obtaining a code by email or SMS takes away from the "something you *have*" idea, because there are a variety of ways a hacker could [take over your phone number](https://en.wikipedia.org/wiki/SIM_swap_scam) or gain access to your email without having physical access to any of your devices at all. 如果未經授權的人獲得了您的電子郵件訪問權限,他們將能夠使用該訪問權限重設您的密碼並收到驗證碼,使他們能夠完全訪問您的帳戶。
透過簡訊或電子郵件接收 OTP 代碼是透過 MFA 保護帳戶安全的最弱方法之一。 通過電子郵件或簡訊接收驗證碼動搖了*"持有安心*”的概念,因為駭客根本不需要實際拿到您的設備,就可透過多種方式 [接管電話號碼](https://en.wikipedia.org/wiki/SIM_swap_scam) 或讀取電子郵件。 如果未經授權的人獲得了您的電子郵件訪問權限,他們將能夠使用該訪問權限重設您的密碼並收到驗證碼,使他們能夠完全訪問您的帳戶。
### 推送通知
推送通知多重身份認證的形式是將訊息發送到手機上的應用程式,要求您確認新的帳戶登入。 這種方法比短信或電子郵件要好得多,因為攻擊者通常無法在沒有已經登錄的設備的情況下獲得這些推送通知,這意味著他們需要首先破壞您的其他設備之一。
We all make mistakes, and there is the risk that you might accept the login attempt by accident. 推送通知登入授權通常一次發送到 *所有* 您的設備,如果您有多個設備,則可擴大 MFA 代碼的可用性。
我們都會犯錯誤,您可能不小心接受登錄嘗試。 推送通知登入授權通常一次發送到 *所有* 您的設備,如果您有多個設備,則可擴大 MFA 代碼的可用性。
推送通知 MFA 的安全性取決於應用程序的品質,伺服器組件以及生成它的開發人員的信任。 Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app.
推送通知 MFA 的安全性取決於應用程序的品質,伺服器組件以及生成它的開發人員的信任。 安裝應用程式可能會要求授予對裝置上其他資料存取的侵入性權限。 不同於好的TOTP 生成器,個別應用程式還要求特定的應用程序,甚至不需要密碼就可開啟服務。
### 暫時性的一次性密碼 (TOTP)
@@ -30,9 +30,9 @@ TOTP 是最常見的 MFA 形式之一。 當您設置TOTP時您通常需要
然後,時間限制代碼從共享機密和當前時間衍生出來。 由於代碼僅在短時間內有效,無法訪問共享機密,因此對手無法生成新代碼。
If you have a hardware security key with TOTP support (such as a YubiKey with [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)), we recommend that you store your "shared secrets" on the hardware. Hardware such as the YubiKey was developed with the intention of making the "shared secret" difficult to extract and copy. A YubiKey is also not connected to the Internet, unlike a phone with a TOTP app.
如果您擁有支援 TOTP 的硬體安全金鑰(例如具有 [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)的YubiKey ,我們建議您將「共享機密」儲存在硬體上。 像 YubiKey 這類硬體就是為了讓“共享祕密”難以提取、複製而開發的工具。 YubiKey 也不會連接到網際網路,不像使用 TOTP 應用程式的手機。
Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds).
[WebAuthn](#fido-fast-identity-online)不同, TOTP 無法應對 [網絡釣魚](https://en.wikipedia.org/wiki/Phishing) 或重複使用攻擊。 如果對手從您身上取得有效的登錄碼他們可以隨意多次使用它直到過期通常是60秒
對手可以建立一個網站來模仿官方服務,試圖欺騙你提供你的用戶名,密碼和當前的 TOTP 代碼。 如果對手使用這些記錄的憑證,他們可能能夠登錄到真正的服務並劫持帳戶。
@@ -40,55 +40,55 @@ Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against
### 硬體安全金鑰
The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory.
YubiKey 將資料存在防纂改的強固晶片, 除非運用先進實驗室等級的取證程序,一般非破壞方式[很難存取](https://security.stackexchange.com/a/245772) 。
These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones.
這些金鑰通常具多重功能,並提供了許多驗證方法。 下面是最常見的。
#### Yubico OTP
Yubico OTP is an authentication protocol typically implemented in hardware security keys. When you decide to use Yubico OTP, the key will generate a public ID, private ID, and a Secret Key which is then uploaded to the Yubico OTP server.
Yubico OTP 的驗證協議通常是執行在硬體安全金鑰上。 當決定使用 Yubico OTP 時,該密鑰將產生公用 ID ,私有 ID 和祕密密鑰,然後密鑰日上傳到 Yubico OTP 伺服器。
When logging into a website, all you need to do is to physically touch the security key. The security key will emulate a keyboard and print out a one-time password into the password field.
在登入網站時,需要做的就是實際觸摸安全金鑰。 安全金鑰將模擬鍵盤並將一次性密碼列印到密碼欄位中。
The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process.
它會將一次性密碼轉發到 Yubico OTP 伺服器進行驗證。 在密鑰和 Yubico 驗證伺服器上的計數器都會迭加。 OTP 只能使用一次,當成功驗證後,計數器會增加,以防止重複使用 OTP Yubico 提供了此過程的 [詳細文件](https://developers.yubico.com/OTP/OTPs_Explained.html)
<figure markdown>
![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png)
</figure>
There are some benefits and disadvantages to using Yubico OTP when compared to TOTP.
與 TOTP 相比使用Yubico OTP 有一些優缺點。
The Yubico validation server is a cloud based service, and you're placing trust in Yubico that they are storing data securely and not profiling you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third-parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance.
Yubico 驗證伺服器是雲端服務,您把信任託付給 Yubico 相信他們會安全地儲存資料而不會拿來分析您。 與 Yubico OTP 相關聯的公共 ID 可在每個網站上重複使用,並可能讓第三方可對您進行個人剖繪。 與TOTP 一樣, Yubico OTP 無法對抗網路釣魚。
If your threat model requires you to have different identities on different websites, **do not** use Yubico OTP with the same hardware security key across those websites as public ID is unique to each security key.
若您的威脅模型要求在不同網站使用不同身份, **請不要** 在這些網站中使用同一個硬體安全密鑰 Yubico OTP ,因為每個安全密鑰都有相同的公共 ID。
#### FIDO (Fast IDentity Online)
#### FIDO 快速線上身份驗證)
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
[FIDO ](https://en.wikipedia.org/wiki/FIDO_Alliance) 包含許多標準首先是U2F ,然後是 [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) ,其中包括 Web 標準 [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)
U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
U2F FIDO2 指的是 [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol),這是安全金鑰和電腦之間的協議,例如筆記本電腦或手機。 它補充了 WebAuthn WebAuthn 為驗證網站登錄( “依賴方” )之組件。
WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication.
WebAuthn是最安全、最私密的第二要素驗證形式。 雖然驗證體驗與 Yubico OTP 類似,但密鑰不會打印出一次性密碼也不會使用第三方伺服器進行驗證。 相反,它使用 [公鑰加密](https://en.wikipedia.org/wiki/Public-key_cryptography) 進行驗證。
<figure markdown>
![FIDO](../assets/img/multi-factor-authentication/fido.png)
</figure>
When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal.
當您創建一個帳戶時,公鑰會發送到服務,然後當您登錄時,服務會要求您使用您的私鑰“簽署”一些數據。 這樣做的好處是,服務不會儲存密碼資料,因此對手無從竊取任何東西。
This presentation discusses the history of password authentication, the pitfalls (such as password reuse), and discussion of FIDO2 and [WebAuthn](https://webauthn.guide) standards.
這份簡報探討了密碼驗證的歷史,陷阱(如密碼重用)以及FIDO2 [WebAuthn](https://webauthn.guide) 標準等課題。
<div class="yt-embed">
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/aMo4ZlWznao?local=true" title="How FIDO2 and WebAuthn Stop Account Takeovers" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<iframe width="560" height="315" src="https://invidious.privacyguides.net/embed/aMo4ZlWznao?local=true" title="FIDO2 WebAuthn 如何防止帳戶接管" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods.
相較於其它 MFA方法 FIDO2 WebAuthn 具有卓越的安全和隱私特點。
Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy.
通Web服務通常與 WebAuthn 一起使用, 這是來自 [W3C 的建議](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC))。 它使用公鑰驗證,並且比在 Yubico OTP TOTP 使用的共享機密更安全,因為它在驗證期間包括原始名稱(通常是域名)。 提供證明以保護您免受網路釣魚攻擊,以幫助您確定使用真實服務而不是假網站服務。
Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys.
Yubico OTP不同,WebAuthn不使用任何公共ID ,因此密鑰 **無法** 被不同網站識別。 它也不使用任何第三方雲端伺服器進行驗證。 所有通訊都已在密鑰和所登入的網站之間完成。 FIDO 還使用計數器,該計數器在使用時會增加,以防止期間重用和克隆密鑰。
If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA.
如果網站或服務支援 WebAuthn 驗證,強烈建議您使用它而不是其他形式的 MFA
## 一般性建議
@@ -96,7 +96,7 @@ If a website or service supports WebAuthn for the authentication, it is highly r
### 我應該選擇哪種方法?
When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account.
設置MFA 方法時,請記住,它的安全程度與您使用的最弱的身份驗證方法一樣。 這意味著您只需使用的最佳MFA方法。 例如如果您已經使用TOTP 您應該禁用電子郵件和SMS MFA。 如果您已經使用 FIDO2/WebAuthn ,則不應該在您的帳戶上使用 Yubico OTP TOTP
### 備份
@@ -104,31 +104,31 @@ When configuring your MFA method, keep in mind that it is only as secure as your
當與驗證器應用程式一起使用TOTP時請務必備份您的恢復密鑰或應用程式本身或將「共享機密」複製到不同手機上的應用程式的另一個實例或加密容器例如 [VeraCrypt](../encryption.md#veracrypt))。
### Initial Set Up
### 初始設定
When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well.
購買安全金鑰時,請務必變更預設憑證、為金鑰設定密碼保護,並在金鑰支援時啟用觸控確認。 YubiKey 等產品有多重介面,各有其獨立憑證,因此您應該仔細查看每個介面並設置保護。
### Email and SMS
### 電子郵件和簡訊
If you have to use email for MFA, make sure that the email account itself is secured with a proper MFA method.
如果您必須使用電子郵件進行MFA ,請確保電子郵件帳戶本身具有適當的 MFA 方法。
If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam).
如果您使用簡訊 MFA 請選擇不會進行未授權的號碼切換的營營商或使用具有類似安全性的專用VoIP 號碼,以避免 [SIM 交換攻擊](https://en.wikipedia.org/wiki/SIM_swap_scam)
[MFA tools we recommend](../multi-factor-authentication.md ""){.md-button}
[我們推薦的 MFA 工具](../multi-factor-authentication.md ""){.md-button}
## More Places to Set Up MFA
## 更多設定MFA的地方
Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well.
除了保護您的網站登錄外,多因素身份驗證還可用於保護您的本地設備的登錄、 SSH 密鑰甚至密碼資料庫。
### Windows
Yubico has a dedicated [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer.
Yubico 有專門的 [憑證提供者](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) ,為本地 Windows 帳戶在登錄流程添加了Challenge-Response 驗證。 如果您擁有具 Challenge-Response 驗證支援的 YubiKey ,請查看 [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide),該指南將協助您在 Windows 電腦上設置MFA。
### macOS
macOS 具有 [原生支援](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 用於使用智慧卡(PIV)進行驗證。 If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer.
macOS 具有 [原生支援](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) 用於使用智慧卡(PIV)進行驗證。 如果您有支援 PIV 介面的智慧卡或硬體安全金鑰(例如 YubiKey) ,建議您遵循智慧卡/硬體安全供應商的文件為您的macOS 電腦設定第二要素驗證。
Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/en-us/articles/360016649059) which can help you set up your YubiKey on macOS.
Yubico 指南 [macOS](https://support.yubico.com/hc/en-us/articles/360016649059) 中使用 YubiKey 作為智慧卡,可幫助您在 macOS 設置 YubiKey。
設定智慧卡/安全金鑰後,我們建議您在終端機中執行此命令:
@@ -136,30 +136,30 @@ Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://suppor
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
```
The command will prevent an adversary from bypassing MFA when the computer boots.
該指令會防止對手在電腦啟動時繞過 MFA。
### Linux
!!! warning
!!! 警告
If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide.
如果系統主機名稱發生變更(例如由於 DHCP ,您將無法登入。 在遵循本指南之前,為您的電腦設置正確的主機名至關重要。
The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS.
Linux 上的 `pam_u2f` 模組可以提供雙因素驗證,以便在最流行的 Linux 發行版上登錄。 如果您有支援 U2F 的硬體安全金鑰,可以為您的登入設定 MFA 驗證。 Yubico有一個 [Ubuntu Linux 登錄指南- U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) ,應該適用於任何發行版。 軟體包管理器指令(例如 `apt-get`)和軟體包名稱可能不同。 本指南 **不適用於** Qubes OS.
### Qubes OS
Qubes OS has support for Challenge-Response authentication with YubiKeys. If you have a YubiKey with Challenge-Response authentication support, take a look at the Qubes OS [YubiKey documentation](https://www.qubes-os.org/doc/yubikey/) if you want to set up MFA on Qubes OS.
Qubes OS 支援 YubiKeys 進行 Challenge-Response 驗證。 如果您擁有具 Challenge-Response 驗證支援的 YubiKey ,請查看 Qubes OS [YubiKey 文檔](https://www.qubes-os.org/doc/yubikey/) 以在Qubes OS 設置 MFA。
### SSH
#### Hardware Security Keys
#### 硬件安全金鑰
SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up.
SSH MFA 可以使用多種不同的身份驗證方法進行設置,這些方法在硬體安全金鑰中很受歡迎。 建議您查看 Yubico [文件檔](https://developers.yubico.com/SSH/) ,了解如何設置此功能。
#### 暫時性的一次性密碼 (TOTP)
SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ.
SSH MFA 也可以使用 TOTP 設定。 DigitalOcean 提供教學 [如何在 Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04) 為 SSH 設置多因素身份驗證。 無論是哪一個發行版本,大多數操作方式都相同,但是軟體包管理器命令-例如 `apt-get`-和軟體包名稱可能不同。
### KeePass (and KeePassXC)
### KeePass (和KeePassXC
KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website.
KeePass KeePassXC 資料庫可以使用 Challenge-Response HOTP 作為第二要素驗證進行密碼保護。 Yubico 提供了一份 KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) 文件, [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) 網站上也有一份。

110
i18n/zh-Hant/basics/passwords-overview.md
View File

@@ -1,111 +1,111 @@
---
title: "Introduction to Passwords"
title: "密碼介紹"
icon: 'material/form-textbox-password'
description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure.
description: 以下是關於如何建立最強密碼並確保帳戶安全的一些提示和技巧。
---
Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced.
密碼是我們日常數位生活的重要組成部分。 我們使用它們來保護自己帳戶、設備和祕密。 儘管密碼常常是我們與挖取我們私人資訊的對手之間僅有的唯一阻隔,但人們並未對密碼有充分的考量,導致人們使用的密碼很容易被猜到或強力破解。
## Best Practices
## 最佳實踐
### Use unique passwords for every service
### 每項服務各選用不同的獨特密碼
Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it.
想像一下,您在各個不同的網路服務註冊時都使用同一組電子郵件和密碼。 如果其中一個服務提供商懷有惡意,或者其服務發生資料洩露,以未加密格式暴露了您的密碼,那麼不良行為者只需嘗試跨多個流行服務的電子郵件和密碼組合,就可輕易得手。 密碼強度已無關緊要,因為對手已經打開它了。
This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords.
這稱為 [憑證填充](https://en.wikipedia.org/wiki/Credential_stuffing),是最常見帳戶被不良行為者破壞的方式之一。 為了避免這種情況,請確保您永遠不會重複使用密碼。
### Use randomly generated passwords
### 使用隨機生成的密碼
==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.
==**不應該** 僅靠自己去想出好密碼== ;建議使用充足熵量的[隨機產生密碼randomly generated passwords](#passwords) [diceware 口令密語](#diceware-passphrases) ,以保護裝備和帳戶的安全。
All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use.
我們所推薦的 [密碼管理器](../passwords.md) 都內建密碼生成器。
### Rotating Passwords
### 輪換密碼
You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it.
應避免經常更改必須記住的密碼(例如密碼管理器的主密碼) ,除非有理由相信它已被破壞,否則頻繁更改它往往會使您面臨忘記密碼的風險。
When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
對於無需記住的密碼(例如存儲在密碼管理器中的密碼)時,如果您的 [威脅模型](threat-modeling.md) 需要它,建議每隔幾個月查看一次重要帳戶(特別是沒使用多因素身份驗證的帳戶)並更改其密碼,以防它們在尚未公開的資料洩露中遭到破壞。 大多數密碼管理器可為密碼設定到期日期,以便更容易管理。
!!! tip "Checking for data breaches"
!!! 提示“檢查數據洩露”
If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md).
如果您的密碼管理器可以檢查密碼是否已被破壞,請務必檢查並立即更改可能已暴露在資料外洩的密碼。 或者,您可以在[news aggregator] (../news-aggregators.md)的幫助下關注[Have I Been Pwned 最新資料外洩情報] (https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches)。
## Creating strong passwords
## 建立強密碼
### Passwords
### 密碼
A lot of services impose certain criteria when it comes to passwords, including a minimum or maximum length, as well as which special characters, if any, can be used. You should use your password manager's built-in password generator to create passwords that are as long and complex as the service will allow by including capitalized and lowercase letters, numbers and special characters.
許多服務對密碼施加了某些標準,包括最小或最大長度,以及可以使用哪些特殊字符(如果有的話)。 您應該利用密碼管理器內建的密碼生成器來創建夠長、複雜的密碼,只要服務允許,最好是混合大寫和小寫字母、數字和特殊字符搭配。
If you need a password you can memorize, we recommend a [diceware passphrase](#diceware-passphrases).
若需要一個記得住的密碼,建議採用 [diceware 口令密語](#diceware-passphrases)
### Diceware Passphrases
### Diceware 口令密語
Diceware is a method for creating passphrases which are easy to remember, but hard to guess.
Diceware 是一種創建密碼短語的方法,這些密短口令易於記憶,但很難猜測。
Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password.
當您需要記憶或手動輸入憑證時,例如密碼管理員的主密碼或設備的加密密碼, Diceware 口令密語是個好選擇。
An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`.
舉一個 Diceware 口令密語的例子 `viewable fastness reluctant squishy seventeen shown pencil`
To generate a diceware passphrase using real dice, follow these steps:
使用骰子來產生一組 diceware 口令密語,請按照以下步驟:
!!! note
!!! 備註
These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
這裏的說明假設您正使用[ EFF的大型單詞清單] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)來生成密語,每個單詞需要骰子滾動五次。 其他單詞列表的單詞其骰子滾動次數不一,且可能需要不同單詞數量來達成相同的熵。
1. Roll a six-sided die five times, noting down the number after each roll.
1. 將1~6 骰子滾動五次,記下每次出現的數字。
2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`.
2. 例如,假設您滾動了 `2-5-2-6-6`。 查看 [EFF 的大型單詞清單](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) ,找出對應於 `25266` 的單詞。
3. You will find the word `encrypt`. Write that word down.
3. 你會得到單詞 `encrypt`。 把這個詞寫下來。
4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space.
4. 重複相同手續,直到您的口令密語達到足夠的單詞,請用空格分隔單詞。
!!! warning "Important"
!!! 警告“重要”
You should **not** re-roll words until you get a combination of words that appeal to you. The process should be completely random.
你* *不應* *重新滾動單詞,以取得自己喜好的單詞組合。 這個過程應該是完全隨機的。
If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords.
如果您手邊沒有或不想使用真正的骰子,可利用密碼管理器內建密碼生成器,因為大多數密碼生成器除了普通密碼之外還可以選擇生成 diceware 口令密語。
We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English.
我們建議使用 [EFF 的大型單詞清單](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) 來生成您的diceware 口令密語,因為它提供與原始列表完全相同的安全性,同時更容易記憶的單詞。 如果不想要使用英文密語,也有 [其他語言的單詞清單](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline)
??? note "Explanation of entropy and strength of diceware passphrases"
??? 附註「diceware 口令密語的熵和強度的說明」
To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example.
為了證明 diceware 密語的強度,我們將使用前面提到的七個單詞密語(`viewable fastness reluctant squishy seventeen shown pencil` )和 [EFF 的大型單詞列表] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)作例子。
One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
判斷 diceware 口令密語強度的衡量標準是確定它有多少熵。 diceware 口令密語中的個別單詞的熵為 $\text{log}_2(\text{WordsInList})$ 而整組密語的熵總量為 $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$.
Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$).
因此,上述列表中的每個單詞都會產生~ 12.9 位熵(($\text{log}_2 (7776) $) ,而其中取得七個單詞組成的口令密語就具有~ 90.47位熵 ($\text{log}_2 (7776 ^ 7) $ )。
The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$.
[EFF 的大型單詞清單] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)包含 7776 個獨特單詞。 要計算可能的口令密語數量,所要做的就是 $\text{WordsInList}^\text{WordsInPhrase}$ ,或者依我們的情況, $ 7776 ^ 7 $。
Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases.
讓我們從這個角度來看:使用 [EFF 的大型單詞列表] (https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt)的七個單詞的口令密短約有1,719,070,799,748,422,500,000,000 種組合。
On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true:
平均而言,至少要嘗試所有可能組合的一半來猜測您的密語。 考慮到這一點,即使對手每秒能夠猜測~ 1,000,000,000,000 次,他們仍然需要~ 27,255,689 年來猜出您的密語。 即使以下情況屬實,也是如此:
- Your adversary knows that you used the diceware method.
- Your adversary knows the specific wordlist that you used.
- Your adversary knows how many words your passphrase contains.
- 對手知道您使用 diceware 方法。
- 對手知道您所使用的具體單詞清單。
- 對手知道您的密語包含多少個單詞。
To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong.
總而言之, diceware 口令密語是最佳選擇,當您需要既容易記住 *又* 非常強大的東西。
## Storing Passwords
## 儲存密碼
### Password Managers
### 密碼管理器。
The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them.
儲存密碼的最佳方式是使用密碼管理器。 可將密碼存儲在檔案或雲端,使用單個主密碼保護與開啟它們。 這樣,您只需要記住一個強大的密碼,就可以訪問其餘密碼。
There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words.
有許多好的選項可參考,不管是雲端和本地設備安裝。 選擇任一推薦的密碼管理器,利用它為所有帳戶建立強密碼。 建議利用至少七個單詞的 [diceware 口令密語](#diceware-passphrases) 來保護密碼管理器的安全。
[List of recommended password managers](../passwords.md ""){.md-button}
[推薦的密碼管理員列表](../passwords.md ""){.md-button}
!!! warning "Don't place your passwords and TOTP tokens inside the same password manager"
!!! 警告: “不要將密碼和 TOTP 令牌放在同一個密碼管理器中”
When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps).
當使用 TOTP 代碼作為[多因素驗證] (../multifactor-authentication.md)時,最好的安全措施是將 TOTP 代碼保存在[分開的應用程序] (../multifactor-authentication.md#authenticator-apps)中。
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
將您的 TOTP 令牌存儲在與密碼相同的位置,雖然方便,但假若對手可以存取密碼管理器,則帳戶安全驗證則減少為單一因素。
Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device.
此外,我們不建議把一次性修復代碼存在密碼管理器。 它們應分開儲存,例如放在離線儲存設備的加密容器中。
### 備份
You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
您應該將密碼備份 [加密](../encryption.md) 在 數個儲存裝置或雲端儲存服務。 如果您主要裝置或正在使用的服務出問題,這可以幫助您存得密碼。

108
i18n/zh-Hant/basics/threat-modeling.md
View File

@@ -1,110 +1,110 @@
---
title: "Threat Modeling"
title: "建立威脅模型"
icon: 'material/target-account'
description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey.
description: 平衡安全性、隱私權和可用性是您在隱私權之旅中將面臨的首要和最困難的任務之一。
---
Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using!
平衡安全性、隱私權和可用性是您在隱私權之旅中將面臨的首要和最困難的任務之一。 一切都要各方權衡:越安全的東西,它通常越受限制或越不方便。 通常,人們發現那些被推薦的工具的問題是它們太難開始使用了!
If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And, even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important.
如果要使用**最安全**的工具,就必須犠牲許多*可用性*。 就算如此,也沒有什麼是完全安全的。有 **高** 安全,但從來沒有 **完整** 安全。 這就是為什麼威脅模型很重要。
**So, what are these threat models, anyway?**
**那麼,這些威脅模型究竟是什麼呢?**
==A threat model is a list of the most probable threats to your security and privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure.
==威脅模型,列出對您的安全與隱私可能造成的威脅。== 既然無法完全防範**每一次** 攻擊(者),請將精力放在 **最可能發生的** 威脅。 在電腦安全上,威脅指可能破壞您保持私密和安全努力的事件。
Focusing on the threats that matter to you narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.
專注在對您認為重要的威脅,可縮小對所需保護的考慮,以讓您選擇出適合的工具。
## Creating Your Threat Model
## 建立您的威脅模型
To identify what could happen to the things you value and determine from whom you need to protect them, you should answer these five questions:
為了分辨所重視的事物會發生什麼,保護它們必須避開哪些人,請回答以下五個問題:
1. What do I want to protect?
2. Who do I want to protect it from?
3. How likely is it that I will need to protect it?
4. How bad are the consequences if I fail?
5. How much trouble am I willing to go through to try to prevent potential consequences?
1. 我想保護什麼?
2. 我想要保護它免受誰的侵害?
3. 我需要保護它的可能性有多大?
4. 若不幸失敗將帶來多嚴重的後果?
5. 我願意承受多少麻煩來防止潛在的後果?
### What do I want to protect?
### 我想保護什麼?
An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.
“資產”是你重視和想要保護的東西。 在討論數位安全時,資產通常是某種資訊。例如,您的電子郵件、聯繫人列表、即時消息、位置和檔案等都是可能的資產。 你的設備本身也可能是資產。
*Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.*
*列出您的資產:您保存的資料、保存的地方、誰可以取用它,以及阻止其他人使用它的原因。*
### Who do I want to protect it from?
### 我想要保護它免受誰的侵害?
To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.
要回答這個問題,重要的是要找出誰可能會針對您或您的資訊。 對您的資產構成威脅的個人或實體即是“敵人”。潛在對手可能為:您的老闆、前任情人、商業競爭對手、政府或公共網路上的黑客。
*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.*
*列出對手或那些可能想要獲取您的資產的敵人。 您的名單可能包括個人、政府機構或公司。*
Depending on who your adversaries are, under some circumstances, this list might be something you want to destroy after you're done security planning.
根據對手是誰,在某些情況下,這份清單可能是在完成安全計劃後必須鎖毀的東西。
### How likely is it that I will need to protect it?
### 它需要被保護的可能性有多大?
==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
==風險是指某個資產發生特定威脅實際的可能性。= =它與能力密切相關。 雖然您的手機供應商有能力訪問您的資料,但他們將私人數據散佈在網路以損您聲譽的這種風險發生機率很低。
It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).
重要的是要能區分可能發生什麼事和事情發生的概率。 例如,您的建築物可能會倒塌,但很常有地震的舊金山發生這種情況的風險遠遠大於地震並不常見的斯德哥爾摩。
Assessing risks is both a personal and subjective process. Many people find certain threats unacceptable, no matter the likelihood they will occur, because the mere presence of the threat is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem.
評估風險既是私人的,也是主觀的過程。 許多人認為某些威脅是不可接受的,無關乎其發生的可能性,而是因它們根本不值得。 在其他情況下,人們忽視高風險,因為他們不認為威脅是問題。
*Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.*
*寫下你認真看待哪些威脅,哪些可能太罕見或無害(或太難以對抗)。*
### How bad are the consequences if I fail?
### 若不幸失敗將帶來多嚴重的後果?
There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.
對手有很多方法可以取用您的資料。 例如,他們通過網路讀取您的私人通訊,或是刪除或破壞您的資料。
==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.
== 對手的動機差異很大,他們的戰術也是如此。==政府試圖阻止警察暴力影片傳播,簡單地刪除或減少該影片的可用性大概就可以。 相比之下,政治對手可能希望在您不知情的情況下,獲得您的祕密內容並發布。
Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all of your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.
安全規劃涉及了解若對手成功地取用您的資產後,會帶來多嚴重的後果。 要確定這一點,應該考慮對手的能力。 例如,您的手機供應商可以存取您所有的電話記錄。 公共 Wi-Fi 網路上的駭客可以訪問您未加密的通訊。 政府往往有更強的能力。
*Write down what your adversary might want to do with your private data.*
*寫下對手可能想用您的私人資料做什麼。*
### How much trouble am I willing to go through to try to prevent potential consequences?
### 我願意承受多少麻煩來防止潛在的後果?
==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.
==沒有完美的安全保障。==不是每個人都有相同的優先事項、關切點或可用資源。 您的風險評估能為您規劃正確的策略,平衡便利性、成本和隱私。
For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.
例如,在國家安全案件中代表客戶的律師可能願意全力保護該案件的相關通信,例如使用加密電子郵件,而常向女兒發送有趣貓咪短片的母親就不會想要加密。
*Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.*
*寫下您可用的選項,以幫助減輕您的獨特威脅。 ,如果您有任何財務、技術或社會上的限制,請予備註。*
### Try it yourself: Protecting Your Belongings
### 自己試試:保護好您的財產
These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe.
這些問題可以適用於線上和線下的各種情況。 示範這些問題如何運作,我們來制定一個保護您房屋和財產安全的計畫。
**What do you want to protect? (Or, *what do you have that is worth protecting?*)**
**您想保護什麼? ( 或者*)您有什麼值得保護的? (*)**
:
Your assets might include jewelry, electronics, important documents, or photos.
您的資產可能包括珠寶、電子產品、重要文件或照片。
**Who do you want to protect it from?**
**你想保護它免受誰的侵害?**
:
Your adversaries might include burglars, roommates, or guests.
你的對手可能包括竊賊、室友或客人。
**How likely is it that you will need to protect it?**
**您需要保護它的可能性有多大?**
:
Does your neighborhood have a history of burglaries? How trustworthy are your roommates or guests? What are the capabilities of your adversaries? What are the risks you should consider?
您的社區發生過入室盜竊的案件嗎? 你的室友或客人可信任的程度? 你的對手有哪些能力? 應該考慮哪些風險?
**How bad are the consequences if you fail?**
**失敗的後果有多嚴重?**
:
Do you have anything in your house that you cannot replace? Do you have the time or money to replace those things? Do you have insurance that covers goods stolen from your home?
你家裡有什麼東西是你無法取代的嗎? 您有時間或金錢來取代這些東西嗎? 是否已為家裏物品投保失竊險?
**How much trouble are you willing to go through to prevent these consequences?**
**你願意承受多少麻煩來防止這些後果?**
:
Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?
您是否願意為敏感文件購買保險箱? 你能買到高品質的鎖嗎? 您有時間在當地銀租用保險箱並將貴重物品存放在那裡嗎?
Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market and consider adding a security system.
只有真正自問這些問題後,才能評估該採取哪些措施。 如果您的財產具有價值,但被入侵的可能性很低,那麼可能不想在防鎖上投資太多。 但是,如果被入侵的可能性很高,您會希望取得市場上最好的鎖並考慮添加安全系統。
Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face.
制定安全計劃有助於了解您獨有的威脅、評估自己的資產、對手與其能力,以及您面臨風險的可能性。
## Further Reading
## 延伸閱讀
For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations.
針對希望提高線上隱私和安全性者,我們編制了一份本站訪客面臨的常見威脅或目標清單,為您提供一些靈感並展示我們建議的基礎。
- [Common Goals and Threats :material-arrow-right-drop-circle:](common-threats.md)
- [共同目標與威脅 :material-arrow-right-drop-circle:](common-threats.md)
## Sources
## 來源
- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan)
- [EFF監控自衛:您的安全計劃](https://ssd.eff.org/en/module/your-security-plan)

85
i18n/zh-Hant/basics/vpn-overview.md
View File

@@ -1,77 +1,80 @@
---
title: VPN Overview
title: VPN 簡介
icon: material/vpn
description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind.
description: 虛擬私用網路將風險從您的ISP 轉移到您信任的第三方。 你應該記住這些事情。
---
Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem).
虛擬專用網路是將您的網路末端延伸到世界其它地方的一種方式。 ISP 可以看到網路終端設備(例如數據機)的網際網路進出流量。
Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns).
HTTPS 等加密協議通常應用在網際網路,因此雖無法確切地知道您發布或閱讀的內容,但還是可以了解您所請求訪問的 [網域名](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)
A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it.
VPN 可以提供幫助,將信任轉移到世界其他地方的伺服器。 因此, ISP只會看到您已連接到VPN ,而不會看到您正在傳遞的活動。
## Should I use a VPN?
## 我應該使用 VPN 嗎?
**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service.
**是**除非你已經在使用Tor。 VPN可以做兩件事將風險從網際網路服務提供商轉移到 VPN並將向第三方服務隱藏您的 IP 地址。
VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
VPN 無法加密裝置與 VPN 伺服器之間連線以外的資料。 VPN 提供商可以像 ISP 一樣查看和修改您的流量。 而且沒有方式可以驗證 VPN 提供商的“無記錄”政策是否貫徹。
However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
VPN 確實可向第三方服務隱藏您的實際 IP 但前提是IP 沒被洩漏。 它們有助您混在他人之中,以減輕基於 IP 的追蹤。
## When shouldn't I use a VPN?
## 什麼時候不該使用 VPN
Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful.
在 [身份已可辨識](common-threats.md#common-misconceptions) 的情況下VPN 就沒效用了。
Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website.
這樣做可能會觸發垃圾郵件和欺詐偵測系統,例如您正試圖登入銀行網站。
## What about encryption?
## 那加密呢?
Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption.
VPN供應商提供的加密僅發生在您的裝置與伺服器之間。 它保證此特定連結是安全的。 這比用未加密代理的更進一步,因為對手可以攔截您的設備和前述未加密代理之間的通訊並加以修改。 然而軟體或瀏覽器與服務供應商之間的加密並不是依此加密處理。
In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
為了保持所瀏覽網站活動的私密和安全,您必須使用 HTTPS。 這將確保您的密碼、會話令牌和查詢對VPN提供商是安全的。 請考慮在瀏覽器中啟用「HTTPS everywhere」以減輕 [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf)等攻擊。
## Should I use encrypted DNS with a VPN?
## 我應該將加密 DNS 與 VPN 一起使用嗎?
Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider.
除非您的 VPN 服務商自行託管加密的 DNS 伺服器, **不要**. 使用 DOH/DOT (或其它任何 DNS 加密) 與第三方伺服器只有需信任更多實體,在安全隱私則**一點幫助也沒有** 。 您的 VPN 提供商仍可以根據 IP 地址和其他方法查看您訪問的網站。 您現在除了信任 VPN 供應商外,還得同時信任 VPN 供應商和DNS 供應商。
A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different.
推薦加密 DNS 的常見理由是有助於防止 DNS 欺騙。 您的瀏覽器應該已經檢查了 [TLS 憑證](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) **HTTPS** ,並警告您。 如果沒用 **HTTPS**,則對手可以修改您的 DNS 查詢之外的任何東西,最終結果將沒太大差異。
Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you.
**您不應把加密 DNS 與Tor**一起使用。 這將把您所有 DNS 請求引至某單一迴路,這會讓加密 DNS 提供商可對您消除匿名性。
## Should I use Tor *and* a VPN?
## 我應該*同時* 使用 Tor 與 VPN 嗎?
By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md).
撔 Tor 與 VPN 一起使用 ,您基本上創建了一個永久的入口節點,這類節點通常帶有與金錢相關追蹤痕跡。 這樣根本沒增加額外好處,反而明顯地擴大了連接時的攻擊面。 如果您希望向 ISP 或政府隱藏您的Tor 使用, Tor 內建一個解決方案Tor 橋接。 [閱讀更多關於Tor橋接以及為什麼沒必要使用 VPN](../advanced/tor-overview.md)
## What if I need anonymity?
## 如果我需要匿名怎麼辦?
VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead.
VPN無法提供匿名性。 您的VPN提供商可知道您真實 IP 地址,並且通常有一個可以直接與您連結的金錢線索。 您不能依靠 VPN「無記錄」政策來保護您的資料。 請用 [Tor](https://www.torproject.org/) 代替。
## What about VPN providers that provide Tor nodes?
## 提供Tor 節點的 VPN 提供商好不好呢?
Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit).
不要使用此功能。 使用 Tor 的重點是不信任您的 VPN 提供商。 目前 Tor 只支援 [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) 通訊協議。 [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (在 [WebRTC](https://en.wikipedia.org/wiki/WebRTC) 中用於語音和影片分享,新的 [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) 協議等) [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) 和其他封包將被丟棄。 為了彌補這一點, VPN 提供商通常會引導全部的non-TCP 封包通過他們的 VPN 伺服器(您的第一個跳)。 [ProtonVPN ](https://protonvpn.com/support/tor-vpn/)的情況就是如此。 此外,使用此 Tor over VPN 設定時,您無法控制 Tor 其他重要的功能,例如 [隔離目標位址](https://www.whonix.org/wiki/Stream_Isolation) 為您訪問不同網域使用不同的Tor 迴路)。
The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway.
該功能應被視為方便訪問 Tor 網絡的方式,而不是為了保持匿名。 為保持適當的匿名性,請使用 Tor 瀏覽器、TorSocks 或 Tor 閘道。
## When are VPNs useful?
## VPN 何時有用?
A VPN may still be useful to you in a variety of scenarios, such as:
VPN在各種情況下仍可能對您有用,例如:
1. Hiding your traffic from **only** your Internet Service Provider.
1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations.
1. Hiding your IP from third-party websites and services, preventing IP based tracking.
1. **僅需**對網路連線服務商隱藏您的流量 。
1. 對 ISP 和反盜版組織隱藏您的下載(如 torrents
1. 從第三方網站和服務中隱藏您的IP 防止基於IP的追蹤。
For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor.
類似這些情況或者如果您有其他令人信服的理由,可考慮使用我們所列出認為最值得信賴的 VPN 提供商。 使用 VPN 意謂著您 *方便* 這些服務供應者。 任何情況下,最好使用以安全為**設計理念** 的工具,例如 Tor
## Sources and Further Reading
## 資料來源和進一步閱讀
1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
1. [Tor Network Overview](../advanced/tor-overview.md)
1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)
1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them.
1. [Tor Network概述](../advanced/tor-overview.md)
1. [IVPN隱私指南](https://www.ivpn.net/privacy-guides)
1. [「我需要 VPN 嗎?」"Do I need a VPN?" ](https://www.doineedavpn.com)
IVPN 開發的工具,幫助個人決定 VPN 是否適合他們,以因應各式 VPN 營銷。</li> </ol>
## Related VPN Information
## VPN 相關資訊
- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/)
- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)
- [VPN 問題和隱私評論網站](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/)
- [免費 VPN 應用程式調查](https://www.top10vpn.com/free-vpn-app-investigation/)
- [揭露隱身的 VPN 擁有者:由 23 家公司運營101 VPN 產品](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/)
- [這家中國公司祕密支持24個尋求危險權限的流行應用程序](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/)

40
i18n/zh-Hant/calendar.md
View File

@@ -1,21 +1,21 @@
---
title: "Calendar Sync"
title: "行事曆同步"
icon: material/calendar
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
description: 行事曆包含一些您最敏感的資料,使用實現靜態加密的產品。
---
Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them.
行事曆包含一些您最敏感的資料;請使用未存取時執行 E2EE 的產品,以防止供應商讀取這些資料。
## Tutanota
!!! recommendation
![Tutanota logo](assets/img/calendar/tutanota.svg#only-light){ align=right }
![Tutanota logo](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right }
! [Tutanota logo] (assets/img/calendar/tutanota.svg#only-light) {align = right}
! [Tutanota標誌] (assets/img/calendar/tutanota-dark.svg#only-dark) {align = right}
**Tutanota** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tutanota.com/calendar-app-comparison/).
* * Tutanota * *在其支援的平臺上提供免費和加密的日曆。 功能包括所有數據的自動E2EE ,共享功能,匯入/匯出功能,多因素驗證和 [more] https://tutanota.com/calendar-app-comparison/ )。
Multiple calendars and extended sharing functionality is limited to paid subscribers.
多個行事曆和擴展共享功能僅限於付費訂閱者。
[:octicons-home-16: Homepage](https://tutanota.com/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
@@ -23,7 +23,7 @@ Calendars contain some of your most sensitive data; use products that implement
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/tutanota/id922429609)
@@ -37,34 +37,34 @@ Calendars contain some of your most sensitive data; use products that implement
!!! recommendation
![Proton](assets/img/calendar/proton-calendar.svg){ align=right }
![Proton](assets/img/calendar/proton-calendar.svg) {align = right}
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers.
* * Proton Calendar * *是 Proton 會員可透過網路或行動客戶端使用的加密行事曆服務。 功能包括:所有資料自動 E2EE 、共享、匯入/匯出等等[眾多功能](https://proton.me/support/proton-calendar-guide). 免費會員可以使用單一行事曆而付費訂閱者最多可以創建20個行事曆。 擴展共享功能也僅限於付費訂閱者。
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar)
- [:octicons-browser-16: Web](https://calendar.proton.me)
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### Minimum Qualifications
### 最低合格
- Must sync and store information with E2EE to ensure data is not visible to the service provider.
- 同步與儲存資訊必須使用 E2EE以確保服務供應商無法看到。
### Best-Case
### 最好的情况
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
最佳案例標準代表了我們希望從這個類別的完美項目中看到的東西。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- Should integrate with native OS calendar and contact management apps if applicable.
- 如果合適,最好能整合入原生作業系統行事曆和聯絡人管理應用程式。

95
i18n/zh-Hant/cloud.md
View File

@@ -1,60 +1,99 @@
---
title: "Cloud Storage"
title: "雲端儲存"
icon: material/file-cloud
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
description: 許多雲端儲存服務供應商需要您相信他們不會查看您的檔案。 這些都是私密替代品!
---
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
許多雲端儲存服務供應商需要您完全信任他們不會查看您的檔案。 下面列出的替代方案通過實施安全的 E2EE消除了對信任的需要。
If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md).
如果這些替代方案不符合您的需求,建議您考慮使用其他雲端提供商的加密軟件,例如 [Cryptomator](encryption.md#cryptomator-cloud) 。 把 Cryptomator 結合在 **任一種** 雲服務商(包含這裡推薦的) 也是好方法,可減低某服務商原生客立端加密漏洞之風險。
??? question "Looking for Nextcloud?"
??? 提問:找不到 Nextcloud ?
Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users.
Nextcloud 是[仍然是一個推薦的工具] (productivity.md) ,可用於自我託管檔案管理套件,但目前不推薦第三方 Nextcloud儲存服務提供商因為我們[不建議]使用 (https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud 家庭用戶版內置的 E2EE 功能。
## Proton Drive
!!! recommendation
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
! [Proton Drive logo] (assets/img/cloud/protondrive.svg) {align = right}
**Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
* * Proton Drive * *是來自流行的加密電子郵件供應商[Proton Mail] (email.md#proton-mail)的瑞士加密雲存儲供應商。
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
Proton Drive 網路應用程式已於[2021年](https://proton.me/blog/security-audit-all-proton-apps)由 Securitum 獨立審核,並未公開完整詳細資料,但 Securitum 的認證信函指出:
## Criteria
> 審計人員發現了兩個不嚴重的漏洞。 此外,還提出五項一般性建議。 與此同時,我們確認在滲透測試期間沒有發現重大安全問題。
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
Proton Drive 全新移動客戶端軟體尚未經過第三方公開審核。
!!! example "This section is new"
## Tresorit
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
!!! recommendation
### Minimum Requirements
! [Tresorit logo] (assets/img/cloud/tresorit.svg) {align = right}
* * Tresorit * *是一家成立於2011年的匈牙利加密雲端儲存服務供應商。 Tresorit 由瑞士郵政擁有,瑞士郵政是瑞士的國家郵政服務。
[:octicons-home-16: Homepage](https://tresorit.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.tresorit.com/hc/en-us){ .card-link title=Documentation}
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id722163232)
- [:simple-windows11: Windows](https://tresorit.com/download)
- [:simple-apple: macOS](https://tresorit.com/download)
- [:simple-linux: Linux](https://tresorit.com/download)
- Must enforce end-to-end encryption.
- Must offer a free plan or trial period for testing.
- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins.
- Must offer a web interface which supports basic file management functionality.
- Must allow for easy exports of all files/documents.
- Must use standard, audited encryption.
Tresorit 已獲得多項獨立安全稽核:
### Best-Case
- [2022](https://tresorit.com/blog/tresorit-receives-iso-27001-certification/): ISO/IEC 27001: 2013[^1] 符合性 [認證](https://www.certipedia.com/quality_marks/9108644476) TÜV Rheinland InterCert Kft
- [2021](https://tresorit.com/blog/fresh-penetration-testing-confirms-tresorit-security/) Computest 的滲透測試
- 該檢查評估了Tresorit 網頁用戶端、Android 應用程式、Windows 應用程式和相關基礎設施的安全性。
- Computest 發現了兩個已解決的漏洞。
- [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture/) Ernst & Young 的滲透測試。
- 該檢測分析了 Tresorit 完整源代碼,並驗證了落實 Tresorit [白皮書](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf)中描述的概念。
- Ernst & Young 還測試了網絡、行動和桌面客戶端: “測試結果發現沒有偏離 Tresorit 的資料機密性聲明。
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
他們還獲得了數位信任標籤,這是 [Swiss Digital Initiative](https://www.swiss-digital-initiative.org/digital-trust-label/) 的認證,該認證要求通過與安全性,隱私和可靠性相關的 [35標準](https://digitaltrust-label.swiss/criteria/) 。
- Clients should be open-source.
- Clients should be audited in their entirety by an independent third-party.
- Should offer native clients for Linux, Android, Windows, macOS, and iOS.
- These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
- Should support easy file-sharing with other users.
- Should offer at least basic file preview and editing functionality on the web interface.
## 標準
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! 示例“此部分是新的”
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
### 最低合格要求
- 必須執行端到端加密。
- 必須提供免費計劃或試用期以進行測試。
- 必須支援 TOTP 或 FIDO2 多因素驗證,或 Passkey 登入。
- 必須提供支援基本檔案管理功能的網頁介面。
- 允許輕鬆匯出所有檔案/文件。
- 必須使用經審核的標準加密。
### 最好的情况
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- 客戶端應是開源的。
- 客戶端軟體應由獨立的第三方進行全面審計。
- 應提供 Linux、Android、Windows、macOS 和 iOS 的原生客戶端。
- 這些用戶端應與雲端儲存供應商的原生作業系統工具整合,例如整合 iOS 的 Files app或 Android 的 DocumentsProvider 功能。
- 容易與其他用戶輕鬆共享文件。
- 至少在網頁界面應提供基本的文件預覽和編輯功能。
[^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001): 2013合規性涉及公司的 [資訊安全管理系統](https://en.wikipedia.org/wiki/Information_security_management) ,涵蓋其雲端服務的銷售、開發、維護和支援。

42
i18n/zh-Hant/cryptocurrency.md
View File

@@ -1,53 +1,53 @@
---
title: Cryptocurrency
title: 加密貨幣
icon: material/bank-circle
---
Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
線上支付是隱私面臨的最大挑戰之一。 下列加密貨幣預設提供交易隱私(大多數加密貨幣**並未保證**如此 ),前提是您對如何有效地進行私人支付有深入了解。 我們強烈建議您在網路購買前先閱讀本站私密付款之介紹:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
[私密付款 :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
!!! danger
!!! 危險
Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust.
許多(如果不是大多數)加密貨幣項目都是騙局。 只用你信任的項目小心進行交易。
## Monero
!!! recommendation
![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right }
! [Monero 標誌] (assets/img/cryptocurrency/monero.svg) {align = right}
**Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices.
* * Monero * *使用增強隱私技術的區塊鏈,混淆交易以實現匿名性。 每筆 Monero 交易都隱藏了交易金額、發送和接收地址以及資金來源,使其成為加密貨幣新手的理想選擇。
[:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute }
With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
使用 Monero ,外部觀察者無法破譯 Monero 交易地址、交易金額、地址餘額或交易歷史。
For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include:
為了獲得最佳的隱私,請務必使用非保管錢包,讓查看密鑰保留在設備上。 這意味著只有您能夠花費資金並查看交易進出。 若使用託管錢包,則服務商可看到**全部活動** ;如果用的是"輕量"錢包,則服務商保存了您的私鑰並看到您全部的交易活動。 一些非保管錢包包括:
- [Official Monero client](https://getmonero.org/downloads) (Desktop)
- [官方Monero客戶端](https://getmonero.org/downloads) (桌面)
- [Cake Wallet](https://cakewallet.com/) (iOS, Android)
- Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/).
- [Feather Wallet](https://featherwallet.org/) (Desktop)
- Cake Wallet 支援多種加密貨幣。 僅限 Monero 的 Cake Wallet 版本可在 [Monero.com](https://monero.com/) 上找到。
- [Feather Wallet](https://featherwallet.org/) (桌面版)
- [Monerujo](https://www.monerujo.io/) (Android)
For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another persons node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone elses Monero node over Tor or i2p.
為了獲得最大的隱私(即便使用非保管錢包),您應該運行自己的 Monero 節點。 使用別人的節點會暴露一些信息例如您從中連接到它的IP位址同步錢包的時間戳記以及您從錢包發送的交易儘管沒有關於這些交易的其他細節。 或者您可以通過Tor或i2p連接到其他人的Monero節點。
In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022.
2021年8月 CipherTrace [宣布爲政府機構提供](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) 增強的 Monero 追蹤功能。 公開貼文顯示,美國財政部金融犯罪執法網絡 [在2022年底授權](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace 的 “Monero 模塊”。
Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations.
Monero 交易圖隱私受到其相對較小的環形簽名的限制,特別是抵抗針對性的攻擊。 Monero's 隱私功能也曾被某些資安研究人員 [質疑](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) ,過去已發現一些弱點與補丁,因此如 CipherTrace 的宣稱並非不可能。 雖然 Monero 大規模監控工具不太可能像比特幣和其他工具一樣存在,但可以肯定的是,追蹤工具有助於進行針對性的調查。
Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy.
Monero 是隱私友好的加密貨幣中最強大的競爭者,但它的隱私聲稱**尚未**被任何方式證明 。 需要更多的時間和研究來評估 Monero 是否足夠抵禦攻擊來提供足夠的隱私。
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們與所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 推薦項目時,我們會考慮與討論許多因素,且記錄下每一個項目種種工作流程。
- Cryptocurrency must provide private/untraceable transactions by default.
- 預設情況下,加密貨幣必須提供私密/無法追蹤的交易。

37
i18n/zh-Hant/desktop-browsers.md
View File

@@ -2,6 +2,41 @@
title: "Desktop Browsers"
icon: material/laptop
description: Firefox and Brave are our recommendations for standard/non-anonymous browsing.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Desktop Browser Recommendations
url: "./"
relatedLink: "../mobile-browsers/"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Firefox
image: /assets/img/browsers/firefox.svg
url: https://firefox.com
applicationCategory: Web Browser
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
applicationCategory: Web Browser
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@type": WebPage
url: "./"
---
These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.
@@ -233,7 +268,7 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb
### Minimum Requirements
- Must be open-source software.
- 必須是開源軟體。
- Supports automatic updates.
- Receives engine updates in 0-1 days from upstream release.
- Available on Linux, macOS, and Windows.

110
i18n/zh-Hant/dns.md
View File

@@ -1,76 +1,76 @@
---
title: "DNS Resolvers"
title: "DNS解析器"
icon: material/dns
description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration.
description: 我們建議切換到這些加密 DNS 提供商,以取代您 ISP 所預設的配置。
---
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
使用第三方伺服器的加密 DNS 只能避開基本的 [DNS 封鎖](https://en.wikipedia.org/wiki/DNS_blocking) ,當您確定不會有不良後果時。 加密的 DNS 無法為您隱藏瀏覽活動。
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
[了解更多 DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button}
## Recommended Providers
## 推薦的 DNS 提供商
| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext <br> DoH/3 <br> DoT | Some[^2] | No | Based on server choice. |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext <br> DoH/3 <br> DoT <br> DoQ | Optional[^3] | No | Based on server choice. |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext <br> DoH/3 <br> DoT | Optional[^5] | Optional | Based on server choice. |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext <br> DoH <br> DoT <br> DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. |
| DNS 提供者 | 隐私政策 | 協議 | 日誌記錄 | ECS | 篩選 |
| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------ | --- | --------------------------------------------------------------------------------------------------- |
| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext <br> DoH/3 <br> DoT <br> DNSCrypt | 一些[^1] | 不是 | 根據伺服器的選擇。 使用的過濾器列表可以在這裡找到。 [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | 明文 <br> DoH/3 <br> DoT | 一些[^2] | 不是 | 根據伺服器的選擇。 |
| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | 明文 <br> DoH/3 <br> DoT <br> DoQ | 可選[^3] | 不是 | 根據伺服器的選擇。 |
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH <br> DoT | [^4] | 不是 | 根據伺服器的選擇。 正在使用的過濾器列表可以在這裡找到。 [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) |
| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | 明文 <br> DoH/3 <br> DoT | 可選[^5] | 可選的 | 根據伺服器的選擇。 |
| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | 明文 <br> DoH <br> DoT <br> DNSCrypt | 一些[^6] | 可選的 | 根據伺服器選擇,預設會封鎖惡意程式碼。 |
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們這裏所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用任何項目之前先熟悉此列表,並進行自己的研究,以確保您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請[在我們的論壇上提問] (https://discuss.privacyguides.net/latest) ,不要因為未列出而認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個專案時,會考慮和討論許多因素,記錄每一個項目都是一件持續的工作。
- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled.
- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support.
- 必須支援 [ DNSSEC ](advanced/dns-overview.md#what-is-dnssec)
- [QNAME 最小化](advanced/dns-overview.md#what-is-qname-minimization).
- 可讓 [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs)禁用 。
- 首選 [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) 支援或地理轉向支援。
## Native Operating System Support
## 原生作業系統支援
### Android
Android 9 and above support DNS over TLS. The settings can be found in: **Settings** &rarr; **Network & Internet** &rarr; **Private DNS**.
Android 9 以上版本支持 DoT (DNS over TLS)。 設定方式可以在以下位置找到: **設定** &rarr; **網路 & 網際網路** &rarr; **私人 DNS**
### Apple Devices
### Apple裝置
The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings).
最新版本的 iOSiPadOStvOS macOS 都支持 DoT DoH。 這兩個通訊協議都透過 [組態檔](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) 或透過 [DNS 設定 API ](https://developer.apple.com/documentation/networkextension/dns_settings)獲得原生支援。
After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings.
安裝設定設定檔或使用 DNS 設定API 的應用程式後,即可選擇 DNS 設定。 如果啟用 VPN 隧道內的解析將使用 VPN 的 DNS 設置,而不是設備系統的設置。
#### Signed Profiles
#### 已簽署的設定檔
Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/).
Apple不提供用於建立加密DNS設定檔的原生介面。 [Secure DNS profile creator](https://dns.notjakob.com/tool.html) 是一款非正式工具用以建立您自己的加密 DNS 設定檔。不過這個軟體並未得到簽署。 最好是簽署過個人資設定檔;簽署會驗證個人資料的來源,並有助於確保個人資料的完整性。 綠色的「已驗證」標籤會提供給已簽署的配置文件。 代碼簽名的詳細資訊,請參閱 [關於代碼簽名](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)。 由 [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html) [NextDNS](https://apple.nextdns.io) [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/)提供的**簽名設定檔** 。
!!! info
!!! 資訊
`systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS.
許多 Linux 發行版用來進行DNS查詢的`systemd-resolved` 還不[支援 DoH] (https://github.com/systemd/systemd/issues/8639)。 如果要使用 DoH ,您需要安裝一個類似 [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy)的代理,並[設定] (https://wiki.archlinux.org/title/Dnscrypt-proxy)讓系統解析器獲取所有 DNS 查詢,並透過 HTTPS 轉發。
## Encrypted DNS Proxies
## 加密的DNS代理
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns).
加密DNS代理軟體提供了一個本地代理用於將 [個未加密的DNS](advanced/dns-overview.md#unencrypted-dns) 解析器轉發到。 通常,它用於原本不支持 [加密 DNS ](advanced/dns-overview.md#what-is-encrypted-dns)的平臺。
### RethinkDNS
!!! recommendation
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
! [RethinkDNS logo] (assets/img/android/rethinkdns.svg#only-light) {align = right}
! [RethinkDNS logo] (assets/img/android/rethinkdns-dark.svg#only-dark) {align = right}
**RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too.
* * RethinkDNS * *是一個開源 Android 用戶端工具,支持 [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh) [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot) [DNSCrypt](advanced/dns-overview.md#dnscrypt) DNS 代理以及快取DNS 回應、本地記錄 DNS 查詢,也可用作防火牆。
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns)
- [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases)
@@ -79,36 +79,36 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
!!! recommendation
![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
! [dnscrypt-proxy logo] (assets/img/dns/dnscrypt-proxy.svg) {align = right}
**dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
* * dnscrypt-proxy * *是 DNS 代理,支持 [DNSCrypt](advanced/dns-overview.md#dnscrypt) [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh)和[Anonymized DNS] (https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS)。
!!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic."
!!! 警告 "匿名化 DNS 功能[* * 不會 * *] (advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)匿名化其他網路流量。
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows)
- [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS)
- [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux)
## Self-hosted Solutions
## 自主託管方案
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
在被控制平臺,自主託管 DNS 可提供有用的過濾,例如智能電視和其他物聯網設備,因為不需要客戶端軟件。
### AdGuard Home
### AdGuard首頁
!!! recommendation
![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right }
! [AdGuard 首頁標誌] (assets/img/dns/adguard-home.svg) {align = right}
**AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
* * AdGuard * *是一個開源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) ,使用[DNS 過濾] (https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)來封鎖不需要的網頁內容,例如廣告。
AdGuard Home features a polished web interface to view insights and manage blocked content.
AdGuard 首頁提供精美的網頁介面,可查看有用資訊並管理被封鎖的內容。
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
@@ -119,11 +119,11 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
!!! recommendation
![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right }
! [Pi-hole logo] (assets/img/dns/pi-hole.svg) {align = right}
**Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements.
* * Pi-hole * *是一個開源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) ,它使用 [DNS 篩選] (https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)來阻止不需要的網頁內容,例如廣告。
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
Pi-hole 設計應用在 Raspberry Pi ,但它不限於這種硬體。 該軟體良好的 Web 界面,可查看有用資訊和管理被阻止的內容。
[:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" }
@@ -131,9 +131,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)
[^1]: AdGuard 儲存其 DNS 伺服器的總和效能指標,即對特定伺服器的全部請求數量、被封鎖的請求數量,以及處理請求的速度。 他們還會保存和儲存過去24小時內所請求的網域資料庫。 我們需要這些資訊來識別和阻止新的追蹤器和威脅。 我們還記錄了這些追蹤器被封鎖的次數。 我們需要這些資訊以便在過濾器中刪除過時的規則。 [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html)
[^2]: Cloudflare 僅收集並儲存發送至 1.1.1.1解析器的有限 DNS 查詢資料。 1.1.1.1解析器服務不會記錄個人資料且大部分有限的非個人識別查詢資料僅存儲25小時。 [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
[^3]: Control D 只有記錄使用自定義 DNS 配置的高級解析器。 免費解析器不記錄數據。 [https://controld.com/privacy](https://controld.com/privacy)
[^4]: Mullvad DNS 服務可供 Mullvad VPN 的訂閱者和非訂閱者使用。 他們的隱私政策明確聲稱他們不會以任何方式記錄 DNS 請求。 [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/)
[^5]: NextDNS 可以在選擇加入的基礎上提供洞察和記錄功能。 您可以選擇保留的任何日誌選擇時間長短和日誌儲存位置。 如果沒有特別要求,則不會記錄任何數據。 [https://nextdns.io/privacy](https://nextdns.io/privacy)
[^6]: Quad9會收集一些資料,以進行威脅監控和回應。 然後這些資料會被重新混合與共享,例如用於安全研究。 Quad9 不會收集或記錄 IP 位址或其他他們認為可識別個人身份的資料。 [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/)

426
i18n/zh-Hant/email.md
View File

@@ -1,23 +1,23 @@
---
title: "Email Services"
title: "電子郵件服務"
icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
description: 這些電子郵件提供商提供了一個好地方來安全地存儲您的電子郵件,也有不少能與其他供應商相互操作的 OpenPGP 加密。
---
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
電子郵件實際上是使用任何線上服務的必需品,但我們不建議把它應用於人與人之間的對話。 與其使用電子郵件聯繫他人,不如考慮使用支援前向保密的即時通訊媒介。
[Recommended Instant Messengers](real-time-communication.md ""){.md-button}
[推薦的即時通訊工具](real-time-communication.md ""){.md-button}
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
除此之外,我們還推薦各種基於可持續商業模式和內置安全和隱私功能的電子郵件提供商。
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
- [OpenPGP 兼容的郵件提供商 :material-arrow-right-drop-circle:](#openpgp-compatible-services)
- [其他加密提供者 :material-arrow-right-drop-circle:](#more-providers)
- [電子郵箱別名服務 :material-arrow-right-drop-circle:](#email-aliasing-services)
- [自主託管選項 :material-arrow-right-drop-circle:](#self-hosting-email)
## OpenPGP Compatible Services
## OpenPGP 兼容服務
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
這些供應商原生支持OpenPGP加密/解密和Web密鑰目錄 WKD 標準允許供應商無關的E2EE電子郵件。 例如, Proton Mail 用戶可以向 Mailbox.org 用戶發送 E2EE 消息,或者您可以從它支援的網際網路服務接收 OpenPGP 加密通知。
<div class="grid cards" markdown>
@@ -26,19 +26,19 @@ These providers natively support OpenPGP encryption/decryption and the Web Key D
</div>
!!! warning
!!! 警告
When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview).
當使用像 OpenPGP 這類 E2EE 技術時,電子郵件仍然會有一些未加密的元數據。 閱讀更多有關[電子郵件元數據] (basics/email-security.md#email-metadata-overview)的資訊。
OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
OpenPGP 也不支持前向保密,這意味著如果你或收件人的私鑰被盜,所有以前用它加密的消息都會洩露。 [如何保護我的私鑰?] (basics/email-security.md#how-do-i-protect-my-private-keys)
### Proton Mail
!!! recommendation
![Proton Mail logo](assets/img/email/protonmail.svg){ align=right }
! [Proton Mail logo] (assets/img/email/protonmail.svg) {align = right}
**Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan.
* * Proton Mail * *是一家專注於隱私、加密、安全性和易用性的電子郵件服務。 自* * 2013 年* *開始運營。 Proton AG 總部位於瑞士日內瓦。 免費帳戶有 500 MB 的存儲j容量。
[:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary }
[:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" }
@@ -46,64 +46,64 @@ These providers natively support OpenPGP encryption/decryption and the Web Key D
[:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905)
- [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases)
- [:simple-windows11: Windows](https://proton.me/mail/bridge#download)
- [:simple-apple: macOS](https://proton.me/mail/bridge#download)
- [:simple-linux: Linux](https://proton.me/mail/bridge#download)
- [:octicons-browser-16: Web](https://mail.proton.me)
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=ch.protonmail.android)
- [:simple-appstore: App Store] (https://apps.apple.com/app/apple-store/id979659905)
- [:simple-github: GitHub] (https://github.com/ProtonMail/proton-mail-android/releases)
- [:simple-windows11: Windows] (https://proton.me/mail/bridge#download)
- [:simple-apple: macOS] (https://proton.me/mail/bridge#download)
- [:simple-linux: Linux] (https://proton.me/mail/bridge#download)
- [:octicons-browser-16: Web] (https://mail.proton.me)
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
免費帳戶有一些功能限制,例如無法搜索正文文本和無法訪問 [Proton Mail Bridge](https://proton.me/mail/bridge),它可以用在 [推薦的桌面電子郵件客戶端](email-clients.md) (例如Thunderbird )。 付費帳戶包括Proton Mail Bridge、額外儲存空間和自訂網域支援等功能。 Proton Mail 應用程式於2021年11月9日由 [Securitum](https://research.securitum.com)提供 [認證函](https://proton.me/blog/security-audit-all-proton-apps) 。
If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free.
如果您有 Proton Unlimited Business Visionary 計劃,也可免費獲得 [SimpleLogin](#simplelogin) Premium
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
Proton Mail 的內容崩潰報告 **不會**對其它第三方分享。 可以在以下位置停用此功能: **設定** > **前往設定** > **帳戶** > **安全和隱私** > **傳送崩潰報告**
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
付費的 Proton Mail 訂閱者可以使用自定網域服務或 [通用電子郵件](https://proton.me/support/catch-all) 功能。 Proton Mail還支持 [子地址](https://proton.me/support/creating-aliases),這對於不想購買網域的人很有用。
#### :material-check:{ .pg-green } Private Payment Methods
#### :material-check:{ .pg-green } 私人付款方式
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
Proton Mail [除了標準信用卡/簽帳卡外,還接受](https://proton.me/support/payment-options) 現金郵寄, [比特幣](advanced/payments.md#other-coins-bitcoin-ethereum-etc) PayPal 付款。
#### :material-check:{ .pg-green } Account Security
#### :material-check:{ .pg-green } 帳戶安全
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
Proton Mail 支援使用 FIDO2 或 U2F標準 的 TOTP [雙因素驗證](https://proton.me/support/two-factor-authentication-2fa) 和 [硬體安全金鑰](https://proton.me/support/2fa-security-key) 。 使用硬體安全金鑰需要先設定 TOTP 雙因素驗證。
#### :material-check:{ .pg-green } Data Security
#### :material-check:{ .pg-green } 資料安全
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
在用戶未登入時,Proton Mail 使用 [zero-access 加密技術](https://proton.me/blog/zero-access-encryption)來保護電子郵件[行事曆](https://proton.me/news/protoncalendar-security-model)的資料安全。 使用零訪問加密保護的數據只能由您訪問。
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
存儲在 [Proton 通錄](https://proton.me/support/proton-contacts)中的某些資訊,例如顯示名稱和電子郵件地址,並未使用零存取加密進行保護。 支援零存取加密的聯絡人欄位(例如電話號碼)會以掛鎖圖示顯示。
#### :material-check:{ .pg-green } Email Encryption
#### :material-check:{ .pg-green }電子郵件加密
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
Proton Mail 網頁郵件整合了 [OpenPGP 加密](https://proton.me/support/how-to-use-pgp) 。 發送到其他 Proton Mai l帳戶的電子郵件會自動加密並且可以在您的帳戶設置中輕鬆啟用使用 OpenPGP 金鑰對非 Proton Mail 地址進行加密。 它可以 [加密非 Proton Mail 郵件地址的訊息](https://proton.me/support/password-protected-emails),不必非得使用 Proton Mail 帳戶或 OpenPGP 之類的軟體。
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
Proton Mail 還支持通過 HTTP 的 [Web 密鑰目錄( WKD ](https://wiki.gnupg.org/WKD)發現公鑰。 這可讓非 Proton Mail 用戶可以輕鬆找到 Proton Mail 帳戶的 OpenPGP 金鑰,以利跨供應商進行 E2EE
#### :material-information-outline:{ .pg-blue } Account Termination
#### :material-information-outline:{ .pg-blue } 帳戶終止
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
若您的付費帳戶逾期 14天[未付款](https://proton.me/support/delinquency) 您將無法讀取自己的資料。 30天後您的帳戶將標記為拖欠狀態無法再收取郵件。 在此期間,我們會繼續向你收費。
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } 額外功能
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
Proton Mail 提供每月 9.99 歐元的“無限 Unlimited”帳戶除了提供多個帳戶、域名、別名和 500GB 儲存空間外,還可以使用 Proton VPN。
Proton Mail doesn't offer a digital legacy feature.
Proton Mail不提供數字遺產功能。
### Mailbox.org
!!! recommendation
![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right }
! [Mailbox.org 標誌] (assets/img/email/mailboxorg.svg) {align = right}
**Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.
* * Mailbox.org * *電子郵件服務,專注於安全、無廣告和使用 100% 民間環保發電能源。 自* * 2014 年* *開始運營。 Mailbox.org總部位於德國柏林。 初級帳戶有 2GB 儲存空間,可以根據需要升級。
[:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" }
@@ -115,43 +115,43 @@ Proton Mail doesn't offer a digital legacy feature.
#### :material-check:{ .pg-green } Custom Domains and Aliases
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
Mailbox.org 可以使用自定網域,且支援 [通用電子郵件](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) 地址。 Mailbox.org 也支援 [子地址](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it),如果您不想購買網域,這很有用。
#### :material-check:{ .pg-green } Private Payment Methods
#### :material-check:{ .pg-green } 私人付款方式
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
Mailbox.org 不接受任何加密貨幣,因為他們的支付處理商 BitPay 暫停了德國業務。 不過他們可以收郵寄現金、銀行帳戶現金支付、銀行轉帳、信用卡、 PayPa l以及幾個德國特定處理商 paydirekt Sofortüberweisung
#### :material-check:{ .pg-green } Account Security
#### :material-check:{ .pg-green } 帳戶安全
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
Mailbox.org支援 [雙因素驗證](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) ,僅適用於他們的網絡郵件。 您可以通過 [Yubicloud ](https://www.yubico.com/products/services-software/yubicloud)使用 TOTP 或 [ Yubikey ](https://en.wikipedia.org/wiki/YubiKey) 。 Web 標準如 [WebAuthn ](https://en.wikipedia.org/wiki/WebAuthn) 尚不支援。
#### :material-information-outline:{ .pg-blue } Data Security
#### :material-information-outline:{ .pg-blue } 資料安全
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
Mailbox.org 允許使用 [加密郵箱](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox)對傳入郵件進行加密。 收到的新訊息將立即用您的公鑰加密。
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
但是, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange)---- Mailbox.org使用的軟件平臺 [不支持](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) 通訊錄和行事曆加密。 [獨立的選項](calendar.md) 可能更適合該資訊。
#### :material-check:{ .pg-green } Email Encryption
#### :material-check:{ .pg-green }電子郵件加密
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox.org在他們的網絡郵件中有 [個集成的加密](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) 這簡化了向具有公開OpenPGP密鑰的人發送消息。 它們還允許 [遠端收件人解密 Mailbox.org伺服器上的電子郵件](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) 。 當遠端收件人沒有 OpenPGP 無法解密自己郵箱中的電子郵件時,此功能非常有用。
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
Mailbox.org 還支持通過 HTTP 的 [Web密鑰目錄 WKD ](https://wiki.gnupg.org/WKD)發現公鑰。 因此其它人可以輕鬆找到 Mailbox.org 帳戶的 OpenPGP 金鑰,便於跨提供者使用 E2EE
#### :material-information-outline:{ .pg-blue } Account Termination
#### :material-information-outline:{ .pg-blue } 帳戶終止
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
當合約到期後,您的帳戶將受到限制,在 [30天後它將被永久刪除](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract)
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } 額外功能
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
您可以透過 IMAP/SMTP 使用其 [.onion 服務](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org)存取您的 Mailbox.org 帳戶。 然而,他們的網頁郵件介面無法訪問其 .onion 服務,可能會遇到 TLS 憑證錯誤。
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
所有帳戶都附帶有限、[可以加密](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive)的雲端儲存空間 。 Mailbox.org 還提供別名 [@ secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely)它對郵件伺服器之間的連線強制進行TLS加密否則根本不會發送訊息。 Mailbox.org 除了支援 IMAP 和 POP3 等標準存取通訊協議外,還支援 [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync)
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
Mailbox.org 所有方案都提供了數位遺產功能。 你可以選擇是否要將任何資料傳遞給繼承人,但對方必須提出你的遺囑證明。 或者,您可以通過姓名和地址提出人選。
## More Providers
## 更多供應商
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
這些提供商以零知識加密方式儲存您的電子郵件,使其成為保護儲存電子郵件安全的絕佳選擇。 但是,它們不支持供應商之間可相互操作 E2EE 通信的加密標準。
<div class="grid cards" markdown>
@@ -164,58 +164,58 @@ These providers store your emails with zero-knowledge encryption, making them gr
!!! recommendation
![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right }
![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right }
! [StartMail logo] (assets/img/email/startmail.svg#only-light) {align = right}
! [StartMail標誌] (assets/img/email/startmail-dark.svg#only-dark) {align = right}
**StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.
* * StartMail * *是一項電子郵件服務通過使用標準OpenPGP加密來關注安全和隱私。 StartMail 自 2014 年開始運營,總部位於荷蘭 Zeist Boulevard 11。 帳戶以10GB開始。 提供 30天的試用期。
[:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation}
??? downloads
??? 下載
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
#### :material-check:{ .pg-green } Custom Domains and Aliases
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
個人帳戶可以使用 [自定或系統生成](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) 別名。 也可用[自定網域](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain)
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
#### :material-alert-outline:{ .pg-orange } 私人付款方式
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
StartMail 接受 Visa MasterCard American Express 信用卡和 Paypal StartMail還有其他 [付款選項](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) ,例如 [比特幣](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (目前僅適用於個人帳戶)和 SEPA 直接扣賬(使用超過一年的帳戶)。
#### :material-check:{ .pg-green } Account Security
#### :material-check:{ .pg-green } 帳戶安全
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
StartMail 只支援網頁郵件 [ TOTP 雙因素驗證](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA)。 他們無法透過 U2F 安全金鑰驗證。
#### :material-information-outline:{ .pg-blue } Data Security
#### :material-information-outline:{ .pg-blue } 資料安全
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
StartMail 還有 [零存取加密](https://www.startmail.com/en/whitepaper/#_Toc458527835),透過其「使用者保管庫」系統保護用戶未登入時的資料安全。 當您登入後,保管庫將被打開,並將電子郵件移出佇列,由相應的私鑰解密。
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
StartMail 支援匯入 [聯絡人](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) ,但它們只能在網頁郵件中存取,而不能透過 [ CalDAV ](https://en.wikipedia.org/wiki/CalDAV)等協議存取。 連絡人資料也不會使用零知識加密儲存。
#### :material-check:{ .pg-green } Email Encryption
#### :material-check:{ .pg-green }電子郵件加密
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
StartMail 網頁郵件 [整合了加密](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) 以便使用公開OpenPGP 密鑰發送加密消息。 但是,它們不支持 Web 密鑰目錄標準,這讓其他電子郵件提供商或客戶端軟體不容易找到 Startmail 郵箱的公鑰。
#### :material-information-outline:{ .pg-blue } Account Termination
#### :material-information-outline:{ .pg-blue } 帳戶終止
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
若帳戶遲未按時繳款 StartMail 在[六個月內三階段警告](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration),最後會永久刪除帳戶。
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } 額外功能
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
StartMail 允許在電子郵件中使用代理圖像。 如果您允許載入遠端影像發件人將不會知道您的IP位址。
StartMail does not offer a digital legacy feature.
Proton Mail不提供數字遺產功能。
### Tutanota
!!! recommendation
![Tutanota logo](assets/img/email/tutanota.svg){ align=right }
! [Tutanota標誌] (assets/img/email/tutanota.svg) {align = right}
**Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan.
* * Tutanota * * 使用加密、關注安全和隱私的電子郵件服務。 Tutanota自* * 2011* *開始運營,總部位於德國漢諾威。 免費帳戶有 1GB 儲存空間。
[:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" }
@@ -223,7 +223,7 @@ StartMail does not offer a digital legacy feature.
[:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" }
[:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota)
- [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609)
@@ -233,43 +233,43 @@ StartMail does not offer a digital legacy feature.
- [:simple-linux: Linux](https://tutanota.com/#download)
- [:octicons-browser-16: Web](https://mail.tutanota.com/)
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
Tutanota 不支援 [ IMAP 協議](https://tutanota.com/faq/#imap) 或使用第三方 [電子郵件客戶端](email-clients.md),您也無法將 [外部電子郵件帳戶](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) 添加到 Tutanota應用程式。 目前不支援 [電子郵件匯入](https://github.com/tutao/tutanota/issues/630) [子資料夾](https://github.com/tutao/tutanota/issues/927) ,但很快就 [會改善](https://tutanota.com/blog/posts/kickoff-import)。 電子郵件可以單個 [或選擇資料夾批量](https://tutanota.com/howto#generalMail)匯出 ,但若您有許多資料夾,可能會不方便。
#### :material-check:{ .pg-green } Custom Domains and Aliases
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
付費Tutanota 帳戶可以有5 [別名](https://tutanota.com/faq#alias) 和 [自定網域](https://tutanota.com/faq#custom-domain) Tutanota 不能 [子地址(加號 +定址)](https://tutanota.com/faq#plus),但您可以使用自定義域名的 [通用電于郵件](https://tutanota.com/howto#settings-global)功能 。
#### :material-information-outline:{ .pg-blue } Private Payment Methods
#### :material-information-outline:{ .pg-blue } 私人付款方式
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
Tutanota 僅接受信用卡和 PayPal ,但 [加密貨幣](cryptocurrency.md) 可用於通過其[ 合作伙伴 Proxystore ](https://tutanota.com/faq/#cryptocurrency) 購買禮品卡。
#### :material-check:{ .pg-green } Account Security
#### :material-check:{ .pg-green } 帳戶安全
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
Tutanota支援 TOTP 或 U2F 的 [雙因素驗證](https://tutanota.com/faq#2fa)
#### :material-check:{ .pg-green } Data Security
#### :material-check:{ .pg-green } 資料安全
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
Tutanota 提供 [未登入零存取](https://tutanota.com/faq#what-encrypted) 支援,其應用在電子郵件、 [通訊錄](https://tutanota.com/faq#encrypted-address-book)以及 [行事曆](https://tutanota.com/faq#calendar)。 這意味著儲存在您帳戶中的訊息和其他資料只有您能讀取。
#### :material-information-outline:{ .pg-blue } Email Encryption
#### :material-information-outline:{ .pg-blue } 電子郵件加密
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
Tutanota [不使用 OpenPGP ](https://www.tutanota.com/faq/#pgp)。 只能透過 [臨時 Tutanota郵箱](https://www.tutanota.com/howto/#encrypted-email-external)才能接收非Tutanota電子郵件帳戶寄出的加密電子郵件。
#### :material-information-outline:{ .pg-blue } Account Termination
#### :material-information-outline:{ .pg-blue } 帳戶終止
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
Tutanota [刪除六個月未登入使用的免費帳戶](https://tutanota.com/faq#inactive-accounts) 。 付費後,可以重用激活已停用的免費帳戶。
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-information-outline:{ .pg-blue } 額外功能
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
Tutanota 向非營利組織提供免費 [商業版本](https://tutanota.com/blog/posts/secure-email-for-non-profit) 或大幅折扣。
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
Tutanota 付費版還有一種 [Secure Connect](https://tutanota.com/secure-connect/)功能。 這可以確保客戶的業務聯繫使用 E2EE。 價格爲一年 € 240 歐元。
Tutanota doesn't offer a digital legacy feature.
Tutanota不提供數字遺產功能。
## Email Aliasing Services
## 郵箱別名
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
電子郵件別名服務可讓您輕鬆地為每次網站註冊生成一個新的電子郵件地址。 您電子郵件別名會自動把郵件轉發到您選擇的電子郵件地址,以隱藏您“主要”電子郵件地址和電子郵件提供商。 真正的電子郵件別名比許多提供商常用和支持的加地址更好這允許您創建別名如yourname +[anythinghere]@ example.com ,因為網站,廣告商和跟蹤網絡可以簡單地刪除+符號之後的任何內容,以知道您的真實電子郵件地址。
<div class="grid cards" markdown>
@@ -278,31 +278,31 @@ An email aliasing service allows you to easily generate a new email address for
</div>
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
電子郵件別名可以作為一種保護措施,一旦您的電子郵件提供商停止運營。 在這種情況下,您可以輕鬆地將別名重新路由到新的電子郵件地址。 但這也意謂,您把信任轉移到另一家別名服務以繼續享用此功能。
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
使用專門的電子郵件別名服務比自定網域上的通用別名有許多好處:
- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly.
- Replies are sent from the alias address, shielding your real email address.
- 有需要時,可以單獨開啟和關閉別名,防止網站隨機發送電子郵件給您。
- 從別名地址發送回覆,屏蔽真實電子郵件地址。
They also have a number of benefits over "temporary email" services:
與「臨時電子郵件」服務相比,它們還有許多好處:
- Aliases are permanent and can be turned on again if you need to receive something like a password reset.
- Emails are sent to your trusted mailbox rather than stored by the alias provider.
- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you.
- 別名是永久性的,如果您需要接收密碼重設等內容,可以再次開啟別名。
- 電子郵件會發送到您信任的郵箱,而不是儲存在別名服務提供者。
- 臨時電子郵件服務通常會有公共郵箱,任何知道地址的人都可以訪問,別名則您所私有的。
Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.
我們建議的電子郵件別名供應商,可讓您在他們控制的網域上創建別名,或您支付適度的年費來自定網域。 如果您想要最大限度的控制,也可以自主託管。 但是,使用自定網域可能會有隱私上的缺點:如果您是唯一使用該自定網域的人,只需查看電子郵件地址中的網域名稱並忽略 (@) 符號之前的所有內容,即可輕鬆跟蹤您的動作。
Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider.
使用別名服務需要信任您的電子郵件提供商和您的別名提供商如何對待您未加密的消息。 有些供應商會透過自動 PGP 加密來稍微減輕這種情況,傳送到最終信箱供應商之前加密所傳送的電子郵件,將您需要信任的各方數量從兩個減少到一個。
### AnonAddy
!!! recommendation
![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right }
![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right }
! [AnonAddy logo] (assets/img/email/anonaddy.svg#only-light) {align = right}
! [AnonAddy標誌] (assets/img/email/anonaddy-dark.svg#only-dark) {align = right}
**AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous.
* * AnonAddy * *可讓您在共享網域上免費創建 20 個網域別名,或無限制的「標準」別名,但後者匿名度低。
[:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" }
@@ -310,37 +310,37 @@ Using an aliasing service requires trusting both your email provider and your al
[:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" }
[:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app)
- [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app)
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe)
The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year.
您可以創建的共享別名數量(以@ anonaddy.me等共享網域結束在AnonAddy的免費計劃上限制為20個在$ 12/年計劃上限制為50個。 您可以創建無限的標準別名(以 @[username].anonaddy.com 或付費方案上的自定域名) ,但是如前所述,這可能不利隱私,因為人們可以僅根據域名將您的標準別名綁定在一起。 無限共享別名的價格爲36美元/年。
Notable free features:
值得注意的免費功能:
- [x] 20 Shared Aliases
- [x] Unlimited Standard Aliases
- [x] 20共享別名
- [x] 無限的別名
- [ ] No Outgoing Replies
- [x] 2 Recipient Mailboxes
- [x] Automatic PGP Encryption
- [x] 2 個收件人郵箱
- [x] 自動PGP加密
### SimpleLogin
!!! recommendation
![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right }
! [Simplelogin logo] (assets/img/email/simplelogin.svg) {align = right}
**SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains.
* * SimpleLogin * *是一項免費服務,可在各種共享域名上提供電子郵件別名,並可選擇提供無限別名和自訂域名等付費功能。
[:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858)
@@ -350,27 +350,27 @@ Notable free features:
- [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff)
- [:simple-safari: Safari](https://apps.apple.com/app/id1494051017)
SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf).
SimpleLogin 在 2022年4 月 8 日被 [ Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) 買下。 如果您的主要郵箱使用質子郵件, SimpleLogin是一個不錯的選擇。 由於這兩種產品現在都由同一家公司擁有,您現在只需要信任單一實體。 我們預計 SimpleLogin 未來會與 Proton 產品更緊密地整合。 SimpleLogin 繼續支援轉寄至您所選擇的任何電子郵件供應商。 Securitum [在2022年初審核了](https://simplelogin.io/blog/security-audit/) SimpleLogin ,所有問題 [都已解決](https://simplelogin.io/audit2022/web.pdf)
You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free.
您可以在設定中將您的 SimpleLogin 帳戶與 Proton 帳戶連結。 如果您有 Proton Unlimited Business Visionary 計劃,也可免費獲得 SimpleLogin Premium
Notable free features:
值得注意的免費功能:
- [x] 10 Shared Aliases
- [x] Unlimited Replies
- [x] 1 Recipient Mailbox
- [x] 10共享別名
- [x] 無限回復
- [x] 1收件人郵箱
## Self-Hosting Email
## 自主託管電子郵件
Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable.
進階系統管理員可以考慮設定自己的電子郵件伺服器。 郵件伺服器需要注意和持續維護,以確保安全性和郵件傳遞的可靠性。
### Combined software solutions
### 結合軟體解決方案
!!! recommendation
![Mailcow logo](assets/img/email/mailcow.svg){ align=right }
! [Mailcow logo] (assets/img/email/mailcow.svg) {align = right}
**Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support.
* * Mailcow * *是一個更先進的郵件伺服器,非常適合有豐富 Linux 經驗者。 它的 Docke r容器中擁有您需要的一切支援 DKIM 的郵件伺服器、防毒和垃圾郵件監控、具有SOGo 的 Webmail ActiveSync 以及具有2FA 支援的網頁管理介面。
[:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation}
@@ -379,125 +379,125 @@ Advanced system administrators may consider setting up their own email server. M
!!! recommendation
![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right }
! [Mail-in-a-Box logo] (assets/img/email/mail-in-a-box.svg) {align = right}
**Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server.
* * Mail-in-a-Box * *是部署 Ubuntu 郵件伺服器的自動設置腳本。 它的目標是讓人們更容易建立自己的郵件伺服器。
[:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary }
[:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" }
For a more manual approach we've picked out these two articles:
為了更清楚手動設定方法,我們挑選了這兩篇文章:
- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019)
- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017)
## Criteria
## 標準
**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you.
**請注意,我們與以下推薦的任何供應商並無瓜葛。** 除了 [我們的條件標準](about/criteria.md)外,我們還為任何希望獲得推薦的電子郵件供應商制定了一套明確要求,包括實施業界最佳做法,現代技術等。 我們建議您在選擇電子郵件提供商之前熟悉此列表,並進行自己的研究,以確保您選擇的電子郵件提供商是您的正確選擇。
### Technology
### 技術
We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require.
我們認為這些功能很重要,以便提供安全和最佳的服務。 您應該考慮提供商是否具有您需要的功能。
**Minimum to Qualify:**
**最低合格要求:**
- Encrypts email account data at rest with zero-access encryption.
- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard.
- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy.
- Operates on owned infrastructure, i.e. not built upon third-party email service providers.
- 使用零存取加密技術全程加密電子郵件帳戶資料。
- 匯出功能為 [Mbox](https://en.wikipedia.org/wiki/Mbox) 或滙出符合 [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) 標準的個人.eml 格式。
- 允許使用者使用自己的 [網域名稱](https://en.wikipedia.org/wiki/Domain_name)。 自定網域名稱對用戶來說很重要,因為它允許用戶在使用服務時仍維持持自我代理,以防服務變差或被另一家不優先考慮隱私的公司收購。
- 在自有基礎設施上運作,即不建立在第三方電子郵件服務提供商之上。
**Best Case:**
**最佳案例:**
- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption.
- Integrated webmail E2EE/PGP encryption provided as a convenience.
- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com`
- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP.
- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion).
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support.
- Catch-all or alias functionality for those who own their own domains.
- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
- 使用零存取加密對所有帳戶資料(通訊錄、行事曆等)進行加密。
- 網頁郵件整合 E2EE/PGP加密以更方便使用。
- 支援 [WKD](https://wiki.gnupg.org/WKD) 以改善透過HTTP發現公開的OpenPGP金鑰。 GnuPG 使用者可以透過輸入: `gpg --locate-key example_user@example.com` 取得金鑰。
- 支援外部使用者的臨時信箱。 當您想要發送加密的電子郵件時,這非常有用,而無需將實際副本發送給您的收件人。 這些電子郵件通常具有限定時效,之後會被自動刪除。 它們也不需要收件人配置任何像OpenPGP這樣的加密技術。
- 可提供 [onion 服務](https://en.wikipedia.org/wiki/.onion)的電子郵件服務供應商。
- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) 支持.
- 為擁有自己網域的用戶提供通用地址或別名功能。
- 使用標準電子郵件存取協定,例如 IMAPSMTP [ JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol)。 標準存取協議確保客戶可以輕鬆下載所有電子郵件,一旦他們想切換到其它提供商。
### Privacy
### 隱私
We prefer our recommended providers to collect as little data as possible.
我們希望所推薦的提供商盡可能少地收集客戶資料。
**Minimum to Qualify:**
**最低合格要求:**
- Protect sender's IP address. Filter it from showing in the `Received` header field.
- Don't require personally identifiable information (PII) besides a username and a password.
- Privacy policy that meets the requirements defined by the GDPR
- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/).
- 保護發件人的IP位址。 在 `Received` 標題欄位中過濾它。
- 除了使用者名稱和密碼外,不要求提供個人身份識別資訊(PII)。
- 符合 GDPR 的隱私政策
- 主機機房不要放在美國,因為 [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) [尚未改革](https://epic.org/ecpa/)
**Best Case:**
**最佳案例:**
- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
- 接受 [匿名付款選項](advanced/payments.md) [加密貨幣](cryptocurrency.md),現金,禮品卡等)
### Security
### 安全
Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members.
電子郵件伺服器處理大量非常敏感的資料。 我們期望供應商採用行業最佳實踐來保護其會員。
**Minimum to Qualify:**
**最低合格要求:**
- Protection of webmail with 2FA, such as TOTP.
- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://www.hardenize.com/), [testssl.sh](https://testssl.sh/), or [Qualys SSL Labs](https://www.ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
- A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
- A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy.
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
- Website security standards such as:
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains.
- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt.
- 使用 2FA 保護網頁郵件,如TOTP
- 無存取的靜態加密,如零存取加密。 提供者沒有其所持有資料的解密金鑰。 這可以防止流氓員工外洩所存取的資料或遠程對手通過獲得對伺服器的未經授權的訪問來竊取資料。
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) 支持。
- 使用 [Hardenize](https://www.hardenize.com/) [testssl.sh ](https://testssl.sh/) [ Qualys SSL Labs ](https://www.ssllabs.com/ssltest)等工具進行剖繪時沒有TLS 錯誤或漏洞;這包括與憑證相關的錯誤和弱 DH參數例如導致 [ Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)) 的錯誤。
- 伺服器套件偏好(在TLS v1.3上可選),適用於支持正向保密和已驗證加密的強大密碼套件。
- 有效的 [MTA-STS](https://tools.ietf.org/html/rfc8461) [TLS-RPT](https://tools.ietf.org/html/rfc8460) 政策。
- 有效 [ DANE ](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) 紀錄。
- 有效的 [SPF ](https://en.wikipedia.org/wiki/Sender_Policy_Framework) [ DKIM ](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) 記錄。
- 擁有適當的 [DMARC ](https://en.wikipedia.org/wiki/DMARC) 記錄和原則,或使用 [ ARC ](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) 進行驗證。 如果正在使用 DMARC 驗證,則必須將原則設置為 `拒絕` `隔離`
- 伺服器套件最好為 TLS 1.2或更高版本以及 [ RFC8996](https://datatracker.ietf.org/doc/rfc8996/)計劃。
- 假設使用SMTP[SMTPS](https://en.wikipedia.org/wiki/SMTPS) 提交。
- 網站安全標準,例如:
- [HTTP 嚴格傳輸安全性](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
- 如果從外部網域加載東西時,[子資源完整性](https://en.wikipedia.org/wiki/Subresource_Integrity)
- 必須支援檢視 [訊息表頭](https://en.wikipedia.org/wiki/Email#Message_header),因為它是確定電子郵件是否為網路釣魚嘗試的關鍵取證功能。
**Best Case:**
**最佳案例:**
- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name).
- [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
- Website security standards such as:
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- 支持硬體驗證,即 U2F [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) U2F WebAuthn 更安全,因為它們使用儲存於客戶端硬體設備上的私鑰來驗證人員,而使用 TOTP 時共享祕密則直接儲存在網頁伺服器和客戶端。 再者 U2F WebAuthn 更能抵抗網絡釣魚,因為它們的驗證回應是基於已驗證過的 [域名](https://en.wikipedia.org/wiki/Domain_name)
- [DNS憑證授權機構授權(CAA)資源記錄](https://tools.ietf.org/html/rfc6844) 除了DANE支持。
- 實現 [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain),這對於發佈郵件列表 [RFC8617](https://tools.ietf.org/html/rfc8617)非常有用。
- 漏洞獎勵計劃和/或協調漏洞披露過程。
- 網站安全標準,例如:
- [內容安全策略(CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
### Trust
### 信任
You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
您不會把財務資料給身份作假的人,那麼為什麼會信任讓他們來使用您的電子郵件? 我們要求我們推薦的供應商公開其所有權或領導層級狀況。 我們也希望看到頻繁的透明度報告,特別是關於如何處理政府要求的報告。
**Minimum to Qualify:**
**最低合格要求:**
- Public-facing leadership or ownership.
- 面向公眾的領導或所有權。
**Best Case:**
**最佳案例:**
- Public-facing leadership.
- Frequent transparency reports.
- 面向公眾的領導
- 頻繁的透明度報告。
### Marketing
### 行銷
With the email providers we recommend we like to see responsible marketing.
對於所推薦的電子郵件供應商,我們樂見其負責任的營銷。
**Minimum to Qualify:**
**最低合格要求:**
- Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out.
- 必須自主託管資料分析(沒有Google AnalyticsAdobe Analytics等)。 對於那些希望選擇退出者,供應商的網站還必須符合 [DNT (請勿追蹤)](https://en.wikipedia.org/wiki/Do_Not_Track)
Must not have any marketing which is irresponsible:
不得有任何不負責任的行銷:
- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
- 宣稱破解不了的加密 使用加密時應意識到,當有一天技術足以破解它時,它就不再是祕密的。
- 保證 100% 匿名性保護。 當有人聲稱某件事是100 %時,這意味著失敗沒有確定性。 我們知道人們可以很容易地以多種方式去匿名化自己,例如:
- Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- 用戶在無使用匿名軟件( Tor VPN等時訪問留下個人資料電子郵件帳戶、獨特的假名等被一再使用
- [瀏覽器指紋](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
**Best Case:**
**最佳案例:**
- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc.
- 清晰易讀的文件。 這包括諸如設置 2FA 、電子郵件客戶端、OpenPGP等。
### Additional Functionality
### 附加功能
While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.
雖然不是嚴格要求,但我們在決定推薦哪些提供商時還會考慮其他一些便利或隱私因素。

4
i18n/zh-Hant/file-sharing.md
View File

@@ -56,7 +56,7 @@ ffsend upload --host https://send.vis.ee/ FILE
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- Must not store decrypted data on a remote server.
- Must be open-source software.
- 必須是開源軟體。
- Must either have clients for Linux, macOS, and Windows; or have a web interface.
## FreedomBox
@@ -136,7 +136,7 @@ ffsend upload --host https://send.vis.ee/ FILE
#### Minimum Requirements
- Must not require a third-party remote/cloud server.
- Must be open-source software.
- 必須是開源軟體。
- Must either have clients for Linux, macOS, and Windows; or have a web interface.
#### Best-Case

68
i18n/zh-Hant/financial-services.md
View File

@@ -1,70 +1,70 @@
---
title: Financial Services
title: 金融服務
icon: material/bank
---
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
在線支付是隱私面臨的最大挑戰之一。 這些服務可以幫助您保護隱私,免受商家和其他追蹤者的影響,前提是您對如何有效地進行私人付款有深入的了解。 我們強烈建議您在網路購買前先閱讀本站私密付款之介紹:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
[私密付款 :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button}
## Payment Masking Services
## 付款掩蔽服務
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
有許多服務提供“虛擬簽帳卡” ,在線商家接受此種付款方式則在大多數情況下不會透露您實際銀行或帳單信息。 請注意,這些金融服務 **並不是** 匿名,且受「了解您的客戶」( KYC )法律的約束,並可能需要客戶身份證明文件或其他識別信息。 這些服務主要保護您免受商家資料洩露、營銷機構粗糙的跟蹤或購買聯結以及線上資料盜竊;這些並 **不能** 在購買時完全匿名。
!!! tip "Check your current bank"
!!! 提示「檢查您目前的銀行」
Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information.
許多銀行和信用卡提供商提供本機虛擬卡功能。 如果您使用已提供的選項,則在大多數情況下使用時請依循以下建議。 你不信任把個人資料託付給各方人士。
### Privacy.com (US)
### Privacy.com (美國)
!!! recommendation
![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right }
![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right }
! [Privacy.com logo] (assets/img/financial-services/privacy_com.svg#only-light) {align = right}
! [Privacy.com標誌] (assets/img/financial-services/privacy_com-dark.svg#only-dark) {align = right}
**Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.
* * Privacy.com * *的免費方案每月最多創建12 張虛擬卡,設定卡片的支付上限與立即關閉卡片。 付費計劃則每月最多創建 36 張卡購買時可獲得1% 現金返還,並向銀行隱藏交易信息。
[:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation}
Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with.
Privacy.com 預設情況下將您購買的商家資訊提供給您的銀行。 付費版的「謹慎商家」功能會向您的銀行隱藏商家資訊,因此銀行只會看到使用 Privacy.com 進行購買,不會看到這筆錢花在哪裡,但這並不是萬無一失的, Privacy.com 仍然了解您花錢的商家。
### MySudo (US, Paid)
### MySudo (美國,付費)
!!! recommendation
![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right }
![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right }
! [MySudo logo] (assets/img/financial-services/mysudo.svg#only-light) {align = right}
! [MySudo標誌] (assets/img/financial-services/mysudo-dark.svg#only-dark) {align = right}
**MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use.
* * MySudo * *根據您購買的方案最多提供 9張虛擬卡。 付費方案還包括一些有助於私密購物的功能,例如虛擬電話號碼和電子郵件地址,但我們通常建議使用專業[電子郵件別名提供商] (email.md)進行廣泛的別名使用保護。
[:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation}
### Criteria
### 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們與所推薦專案沒有任何牽扯。 ** 除了 [我們的標準準則](about/criteria.md)外,還有一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances.
- Cards must not require you to provide accurate billing address information to the merchant.
- 允許創建多張卡片,作為商家和您的個人財務之間的盾牌。
- 卡片公司不得要求您向商戶提供準確的帳單地址資訊。
## Gift Card Marketplaces
## 禮品卡市集
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered).
這些服務可接受 [加密貨幣](cryptocurrency.md)來購買各種商家禮品卡。 其中一些服務提供更高限額的身份驗證選項,它們也只淮許有電子郵件地址的帳戶。 基本帳戶的限額為每天 5,000-10,000 美元,身份驗證帳戶的限額則更高(如果提供)。
### Cake Pay
!!! recommendation
![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right }
! [CakePay標誌] (assets/img/financial-services/cakepay.svg) {align = right}
**Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants.
* * Cake Pay * * 可用 Monero 購買禮品卡和相關產品。 Cake Wallet 行動應用程式僅購限美國商家可用 ,而 Cake Pay 網頁應用則包括廣泛的全球商家可選。
[:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" }
@@ -74,21 +74,21 @@ These services allow you to purchase gift cards for a variety of merchants onlin
!!! recommendation
![CakePay logo](assets/img/financial-services/coincards.svg){ align=right }
! [CakePay標誌] (assets/img/financial-services/coincards.svg) {align = right}
**CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants.
* * CoinCards * * (在美國、加拿大和英國)允許您購買各種商家禮品卡。
[:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation}
### Criteria
### 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md).
- No ID requirement.
- 接受付款 [使用推薦加密貨幣](cryptocurrency.md)
- 無需提供身份證件。

164
i18n/zh-Hant/frontends.md
View File

@@ -1,10 +1,10 @@
---
title: "Frontends"
title: "前端"
icon: material/flip-to-front
description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances.
description: 這些用在各式網際網路服務的開源前端,可讓您訪問內容而無需 JavaScript 或其他干援。
---
Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions.
有時,某些服務會以煩人的彈出窗口來封鎖訪問內容,強迫訪客須註冊帳戶。 如果不啓用JavaScript ,也可能會中斷。 這些前端可以讓您避開這些限制。
## LBRY
@@ -12,29 +12,29 @@ Sometimes services will try to force you to sign up for an account by blocking a
!!! recommendation
![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right }
![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right }
! [Librarian logo] (assets/img/frontends/librarian.svg#only-light) {align = right}
! [Librarian logo] (assets/img/frontends/librarian-dark.svg#only-dark) {align = right}
**Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable.
* * Librarian * *是 [Odysee](https://odysee.com/) (LBRY)的免費開源前端,也是可自我託管的。
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary }
[:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"}
[:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" }
!!! warning
!!! 警告
Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy.
預設情況下,圖書館員不會代理影片串流。 透過 Libraria 觀看的影片仍可直接連接至 Odysee伺服器例如 "odycdn.com" ;然而某些情況下可能會啟用代理服務,詳情請參閱實例的隱私權政策。
!!! tip
!!! 提示
Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level.
如果您希望在行動裝置上觀看 LBRY 內容而無需強制遙測,以及想要瀏覽器禁用 JavaScript ,例如 [Tor瀏覽器] https://www.torproject.org/ 最安全的級別設置Librarian 非常有用。
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting.
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 Librarian 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
當使用 Libraian 實例時,請務必閱讀該實例的隱私權政策。 Librarian 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 librarian 實例有「隱私營養標籤」功能,以提供政策的概覽。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## Twitter
@@ -42,11 +42,11 @@ When you are using a Librarian instance, make sure to read the privacy policy of
!!! recommendation
![Nitter logo](assets/img/frontends/nitter.svg){ align=right }
! [Nitter logo] (assets/img/frontends/nitter.svg) {align = right}
**Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable.
* * Nitter * *是 [Twitter](https://twitter.com)的免費開源前端,也是可自我託管。
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"}
@@ -54,13 +54,13 @@ When you are using a Librarian instance, make sure to read the privacy policy of
[:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute }
!!! tip
!!! 提示
Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter).
如果想在不登錄的情況下瀏覽 Twitter 內容,或是在瀏覽器中禁用 JavaScript Nitter非常有用就像[Tor 瀏覽器] https://www.torproject.org/ )在最安全級別會關閉 JavaScript 。 它還可以[為 Twitter 建立 RSS 新聞源] (news-aggregators.md#twitter)
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting.
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 小心處理 Nitter 的託管 ,因為其他人的使用將與您的託管息息相關。
When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
當使用 Nitter 實例時,請務必閱讀該實例的隱私權政策。 Nitter 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## TikTok
@@ -68,24 +68,24 @@ When you are using a Nitter instance, make sure to read the privacy policy of th
!!! recommendation
![ProxiTok logo](assets/img/frontends/proxitok.svg){ align=right }
! [ProxiTok logo] (assets/img/frontends/proxitok.svg) {align = right}
**ProxiTok** is an open source frontend to the [TikTok](https://www.tiktok.com) website that is also self-hostable.
* * ProxiTok * *是 [TikTok](https://www.tiktok.com)網站的開源前端,也可自主託管。
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary }
[:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"}
[:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" }
!!! tip
!!! 提示
ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level.
如果想在瀏覽器中禁用 JavaScript ,例如[Tor瀏覽器] (https://www.torproject.org/)最安全級別, ProxiTok 非常有用。
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting ProxiTok, as other peoples' usage will be linked to your hosting.
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 ProxiTok 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
When you are using a ProxiTok instance, make sure to read the privacy policy of that specific instance. ProxiTok instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
當使用 ProxiTok 實例時,請務必閱讀該實例的隱私權政策。 ProxiTok 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
## YouTube
@@ -93,11 +93,11 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of
!!! recommendation
![FreeTube logo](assets/img/frontends/freetube.svg){ align=right }
! [FreeTube logo] (assets/img/frontends/freetube.svg) {align = right}
**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device.
* * FreeTube * *是 [YouTube](https://youtube.com)的免費開源桌面應用程式。 使用 FreeTube 時,訂閱清單和播放列表會在本地儲存在 本地裝置上。
By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
預設情況下, FreeTube 會封鎖所有 YouTube 廣告。 此外, FreeTube 可選擇與 [SponsorBlock](https://sponsor.ajay.app) 整合,可以跳過贊助的影片段。
[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
@@ -105,26 +105,26 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of
[:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-windows11: Windows](https://freetubeapp.io/#download)
- [:simple-apple: macOS](https://freetubeapp.io/#download)
- [:simple-linux: Linux](https://freetubeapp.io/#download)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube)
!!! warning
!!! 警告
When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
使用 FreeTube 時IP 位址可能會被 YouTube[Invidious](https://instances.invidious.io) [SponsorBlock](https://sponsor.ajay.app/)所知,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md) [Tor](https://www.torproject.org)
### Yattee
!!! recommendation
![Yattee logo](assets/img/frontends/yattee.svg){ align=right }
! [Yattee logo] (assets/img/frontends/yattee.svg) {align = right}
**Yattee** is a free and open-source privacy oriented video player for iOS, tvOS and macOS for [YouTube](https://youtube.com). When using Yattee, your subscription list are saved locally on your device.
* * Yattee * *是一款免費的開源隱私導向影片播放器,適用於iOStvOS macOS 觀看 [YouTube](https://youtube.com)。 使用 Yattee 時,訂閱清單和播放列表會儲存在 本地裝置上。
You will need to take a few [extra steps](https://gonzoknows.com/posts/Yattee/) before you can use Yattee to watch YouTube, due to App Store restrictions.
由於 App Store 限制,您需要採取一些[額外步驟] (https://gonzoknows.com/posts/Yattee/)才能使用 Yattee 觀看YouTube。
[:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary }
[:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" }
@@ -132,52 +132,52 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of
[:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629)
- [:simple-github: GitHub](https://github.com/yattee/yattee/releases)
!!! warning
!!! 警告
When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
使用 Yattee 時IP位址可能仍會被 YouTube [Invidious](https://instances.invidious.io) [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) [SponsorBlock](https://sponsor.ajay.app/)所知曉,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md) [Tor](https://www.torproject.org)
By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments.
預設情況下, Yattee 會封鎖所有 YouTube 廣告。 此外, Yattee 可選擇與 [SponsorBlock](https://sponsor.ajay.app) 整合,可以跳過贊助的影片段。
### LibreTube (Android)
!!! recommendation
![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right }
![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right }
! [LibreTube logo] (assets/img/frontends/libretube.svg#only-light) {align = right}
! [LibreTube logo] (assets/img/frontends/libretube-dark.svg#only-dark) {align = right}
**LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API.
* * LibreTube * *是一款免費的 [YouTube](https://youtube.com)開源Android應用程序使用 [Piped](# piped) API
LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well.
LibreTube 可將訂閱列表和播放列表存儲於 Android 設備,或者存儲到您選擇的 Piped 實例帳戶,以便利用其他設備無縫訪問。
[:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases)
!!! warning
!!! 警告
When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
使用 LibreTube 時IP 位址會為所用的 [Piped](https://github.com/TeamPiped/Piped/wiki/Instances)實例和 [SponsorBlock](https://sponsor.ajay.app/)看見,具體取決於您的設定。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md) [Tor](https://www.torproject.org)
By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired.
預設情況下, LibreTube 會封鎖所有 YouTube 廣告。 此外, LibreTube 利用[SponsorBlock](https://sponsor.ajay.app) 來跳過贊助的影片段。 可以自行配置 SponsorBlock 要跳過的影片段類型,或完全禁用它。 播放器上有一個按鈕,如果需要,可以為特定影片禁用它。
### NewPipe (Android)
!!! recommendation annotate
![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right }
! [Newpipe logo] (assets/img/frontends/newpipe.svg) {align = right}
**NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1).
* * NewPipe * *是 [YouTube](https://youtube.com) [SoundCloud](https://soundcloud.com) [media.ccc.de](https://media.ccc.de) [Bandcamp](https://bandcamp.com) [PeerTube](https://joinpeertube.org/) (1)的免費開源 Android應用程式。
Your subscription list and playlists are saved locally on your Android device.
訂閱清單和播放列表會儲存在本地的 Android裝置。
[:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary }
[:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" }
@@ -185,26 +185,26 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube
[:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" }
[:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute }
??? downloads
??? 下戴
- [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases)
1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings****Content****PeerTube instances**
1. 預設實例為 [FramaTube](https://framatube.org/),但可在 **Settings****Content****PeerTube instance ** 添加更多實例。
!!! Warning
!!! 警告
When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
使用NewPipe時IP 位址會被所使用的影片供應商看見。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md) [Tor](https://www.torproject.org)
### Invidious
!!! recommendation
![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right }
![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right }
! [Invidious logo] (assets/img/frontends/invidious.svg#only-light) {align = right}
! [INVIDIOUS LOGO] (assets/img/frontends/invidious-dark.svg#only-dark) {align = right}
**Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
* * Invidious * *是 [YouTube](https://youtube.com)的免費開源前端,也可自行託管。
There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support.
有許多公共實例,其中一些實例支援 [Tor] https://www.torproject.org onion 服務。
[:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary }
[:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"}
@@ -212,27 +212,27 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube
[:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" }
[:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute }
!!! warning
!!! 警告
Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL.
預設情況下, Invidious不會代理影片串流。 通過 Invidious 觀看的影片會直接連接到 Google 伺服器(例如`googlevideo.com` ),但是有些實例支持影片代理-只需在實例設置中啟用*Proxy videos*或在 URL 中添加`&local = true`
!!! tip
!!! 提示
Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we dont recommend logging into any accounts.
如果您想在瀏覽器中停用JavaScript ,例如[Tor瀏覽器] (https://www.torproject.org/)最安全級別Invidious 非常有用。 它本身不提供隱私,故不建議登入任何帳戶。
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting.
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 謹慎處理 Invidious 的託管事宜,因為其他人的使用會與您的託管有很大關聯。
When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII.
當使用 Invidious 實例時,請務必閱讀該實例的隱私權政策。 Invidious 實例可以由其擁有者修改,因此不見得會完全依照預設政策。 有些實例有Tor .onion地址只要您的搜尋查詢不包含PII ,這些地址可以保護某些隱私。
### Piped
!!! recommendation
![Piped logo](assets/img/frontends/piped.svg){ align=right }
! [Piped logo] (assets/img/frontends/piped.svg) {align = right}
**Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable.
* * Piped * *是 [YouTube](https://youtube.com)的免費開源前端,也是可自主託管。
Piped requires JavaScript in order to function and there are a number of public instances.
Piped 需要JavaScript 才能運行,它有許多公共實例。
[:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary }
[:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"}
@@ -240,28 +240,28 @@ When you are using an Invidious instance, make sure to read the privacy policy o
[:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute }
!!! tip
!!! 提示
Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we dont recommend logging into any accounts.
如果您想使用 [SponsorBlock](https://sponsor.ajay.app)但不安裝瀏覽器擴展或在不登入帳戶訪問有年齡限制的內容, Piped 非常有用。 它本身不提供隱私,故不建議登入任何帳戶。
When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting.
在自我出租時,重要的是要讓其他人使用您的實例,以便您融入其中。 小心處理 Piped 託管 ,因為其他人的使用將與您的託管息息相關。
When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy.
當使用 Piped 實例時,請務必閱讀該實例的隱私權政策。 Piped 實例可以由其擁有者修改,因此不見得會完全依照預設政策。
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
Recommended frontends...
推薦的前端…
- Must be open-source software.
- Must be self-hostable.
- Must provide all basic website functionality available to anonymous users.
- 必須是開源軟體。
- 必須是可自行託管。
- 必須提供匿名訪客完整的網站基本功能。
We only consider frontends for websites which are...
我們只考慮網站的前端是...
- Not normally accessible without JavaScript.
- JavaScript 無法正常存取。

28
i18n/zh-Hant/index.md
View File

@@ -4,6 +4,34 @@ hide:
- navigation
- toc
- feedback
schema:
-
"@context": https://schema.org
"@type": Organization
"@id": https://www.privacyguides.org/
name: Privacy Guides
url: https://www.privacyguides.org/en/about/
logo: https://www.privacyguides.org/en/assets/brand/png/square/pg-yellow.png
sameAs:
- https://twitter.com/privacy_guides
- https://github.com/privacyguides
- https://www.wikidata.org/wiki/Q111710163
- https://opencollective.com/privacyguides
- https://www.youtube.com/@privacyguides
- https://mastodon.neat.computer/@privacyguides
-
"@context": https://schema.org
"@type": WebSite
name: Privacy Guides
url: "https://www.privacyguides.org/"
sameAs:
- https://www.wikidata.org/wiki/Q111710163
potentialAction:
"@type": SearchAction
target:
"@type": EntryPoint
urlTemplate: "https://www.privacyguides.org/?q={search_term_string}"
query-input: required name=search_term_string
---
<!-- markdownlint-disable-next-line -->

31
i18n/zh-Hant/mobile-browsers.md
View File

@@ -2,6 +2,37 @@
title: "Mobile Browsers"
icon: material/cellphone-information
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Private Mobile Browser Recommendations
url: "./"
relatedLink: "../desktop-browsers/"
-
"@context": http://schema.org
"@type": MobileApplication
name: Brave
image: /assets/img/browsers/brave.svg
url: https://brave.com
applicationCategory: Web Browser
operatingSystem:
- Android
subjectOf:
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": MobileApplication
name: Safari
image: /assets/img/browsers/safari.svg
url: https://www.apple.com/safari/
applicationCategory: Web Browser
operatingSystem:
- iOS
subjectOf:
"@type": WebPage
url: "./"
---
These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation.

114
i18n/zh-Hant/multi-factor-authentication.md
View File

@@ -1,105 +1,101 @@
---
title: "Multi-Factor Authenticators"
title: "多重因素驗證"
icon: 'material/two-factor-authentication'
description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party.
description: 這些工具可協助您透過多重身份驗證保護網路帳戶,而無需將您的祕密傳送給第三方。
---
## Hardware Security Keys
## 安全金鑰硬體
### YubiKey
!!! recommendation
![YubiKeys](assets/img/multi-factor-authentication/yubikey.png)
![YubiKeys](assets/img/multifactor-authentication/yubikey.png)
The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
* * YubiKeys * *是最常用的安全金鑰之一。 有些 YubiKey 型號具廣泛的功能,例如: [Universal 2nd Factor (U2F)] (https://en.wikipedia.org/wiki/Universal_2nd_Factor)、[FIDO2 and WebAuthn] (basics/multifactor-authentication.md#fido-fast-identity-online)、[Yubico OTP] (basics/multifactor-authentication.md#yubico-otp)、[Personal Identity Verification (PIV)] (https://developers.yubico.com/PIV)、 [OpenPGP](https://developers.yubico.com/PGP/)、[TOTP and HOTP] (https://developers.yubico.com/OATH)驗證。
One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice.
YubiKey 好處之一是,一支密鑰( 例如 YubiKey 5 )可以滿足對安全密鑰硬體的全部期待。 我們建議您在購買前先[作個小測驗](https://www.yubico.com/quiz/) ,以確保您做出正確的選擇。
[:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation}
The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series.
[比較表](https://www.yubico.com/store/compare/) 顯示了各型號 YubiKeys 功能比較。 我們強烈建議您從YubiKey 5系列中挑選。
YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open-source.
YubiKeys可以利用 [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/)來收授指令。 若要管理 TOTP 代碼,您可以使用 [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)。 Yubico 所有客戶端軟體都是開源。
For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
支持 HOTP TOTP 的機型, OTP 介面中有2個插槽可用於HOTP 和32個插槽來存儲 TOTP 機密。 這些機密經加密後存儲在密鑰上,永遠不會將它們暴露在插入的設備上。 一旦向 Yubico Authenticator 提供種子(共享祕密) ,它將只會給出六位數的代碼,但永遠不會提供種子。 此安全模型有助於限制攻擊者,即便運行 Yubico Authenticator的設備受到破壞讓受到物理攻擊時 Yubikey 仍具抵抗力。
!!! warning
The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
!!! 警告
YubiKey 軔體沒有開源,不可更新。 如果您想要使用較新韌體版本的功能,或者使用中的韌體版本存在漏洞,則需要購買新的金鑰。
### Nitrokey / Librem Key
### Nitrokey
!!! recommendation
![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right }
![Nitrokey](assets/img/multifactor-authentication/nitrokey.jpg) {align = right}
**Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**.
* * Nitrokey * * 能夠[FIDO2 WebAuthn] (basics/multifactor-authentication.md#fido-fast-identity-online)的安全金鑰,稱為* * Nitrokey FIDO2 * *。 若要獲得 PGP 支援,您需要購買他們其他鑰匙,例如* * Nitrokey Start * *、* * Nitrokey Pro 2 * *或* * Nitrokey Storage 2 * *。
[:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation}
The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set.
[比較表](https://www.nitrokey.com/#comparison) 顯示了各型號 Nitrokey 功能比較。 **Nitrokey 3** 具有組合的功能集。
Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download).
可以使用 [Nitrokey 應用程序](https://www.nitrokey.com/download)配置 Nitrokey 模型。
For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface.
支持 HOTP TOTP 的型號有3個 HOTP 插槽15 個 TOTP 插槽。 有些 Nitrokeys 可以充當密碼管理器。 可以存儲 16 組憑證,並使用與 OpenPGP 接口相同的密碼對憑證加密。
!!! warning
!!! 警告
While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead.
雖然 Nitrokeys 不會將 HOTP/TOTP 機密釋放給所插入的設備,但HOTP TOTP存儲* *未經加密* * ,容易受到物理攻擊。 如果您需要存儲 HOTP TOTP 這類祕密強烈建議您使用Yubikey 代替。
!!! warning
!!! 警告
Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset).
重置 Nitrokey 的 OpenPGP 介面會使密碼資料庫變為 [無法存取](https://docs.nitrokey.com/pro/linux/factory-reset)
The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes.
Nitrokey Pro 2Nitrokey Storage 2 和即將推出的 Nitrokey 3 支持筆記型電腦的 [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) 軔體與系統完整性驗證。
Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable.
不同於 YubiKeyNitrokey 軔體是開源。 NitroKey 型號可( **NitroKey Pro 2**除外)可更新軔體。
!!! tip
### 標準
The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app).
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
### Criteria
!!! 示例“此部分是新的”
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
!!! example "This section is new"
#### 最低合格要求
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
- 必須使用高品質、防篡改的硬體安全模組。
- 必須支援最新的 FIDO2 規格。
- 必須不允許私鑰提取。
- 價格超過 35美元的裝置必須支援處理 OpenPGP 和 S/MIME。
#### Minimum Requirements
#### 最好的情况
- Must use high quality, tamper resistant hardware security modules.
- Must support the latest FIDO2 specification.
- Must not allow private key extraction.
- Devices which cost over $35 must support handling OpenPGP and S/MIME.
最佳案例標準代表了我們希望從這個類別的完美項目應具備的條件。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
#### Best-Case
- 應採用 USB-C 格式。
- 應與 NFC一起使用。
- 支持 TOTP 機密儲存。
- 應支持安全軔體更新。
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
## 認證器應用程式
- Should be available in USB-C form-factor.
- Should be available with NFC.
- Should support TOTP secret storage.
- Should support secure firmware updates.
驗證器應用程式實施網際網路工程任務組( IETF)採行的安全標準,稱為 **依據時間的單次密碼**或 **TOTP**。 這是一種網站與您共享祕密的方法,驗證器應用程式使用該祕密根據當前時間生成(通常為)六位數驗證碼,您在登錄網站時輸入以供網站檢查。 通常這些驗證碼每30 秒重新生成一次,一旦生成新碼,舊碼就無用了。 即使駭客獲得六位數的驗證碼,也無法逆轉該代碼去取得原始祕密或透過其他方式去預測以後的驗證碼。
## Authenticator Apps
Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
我們強烈建議您使用行動 TOTP 應用程式而不是桌面替代方案,因為 Android 和 iOS 比大多數桌面作業系統具有更好的安全性和應用程式隔離性。
### Aegis Authenticator (Android)
!!! recommendation
![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right }
! [Aegis logo] (assets/img/multifactor-authentication/aegis.png) {align = right}
**Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services.
* * Aegis Authenticator * *是一款免費、安全且開源的應用程式,可為您的線上服務管理兩步驗證令牌。
[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
@@ -107,7 +103,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
[:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
- [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases)
@@ -116,28 +112,28 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
!!! recommendation
![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right }
! [Raivo OTP logo] (assets/img/multifactor-authentication/raivo-otp.png) {align = right}
**Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app.
* * Raivo OTP * *是原生、輕量和安全的時間基礎(TOTP) & 計數器(HOTP)密碼用戶端應用,適用於iOS Raivo OTP 提供可選的 iCloud 備份 & 同步。 Raivo OTP也以狀態列應用程式的形式提供給macOS 但Mac應用程式並不獨立於iOS應用程式運作。
[:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" }
[:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137)
### Criteria
### 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Must be open-source software.
- Must not require internet connectivity.
- Must not sync to a third-party cloud sync/backup service.
- **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.
- 必須是開源軟體。
- 無需網際網路連線。
- 不得同步至第三方雲端同步/備份服務。
- **可選** 支援與作業系統原生工具的 E2EE 同步是可以的,例如透過 iCloud 進行加密同步。

84
i18n/zh-Hant/news-aggregators.md
View File

@@ -1,20 +1,20 @@
---
title: "News Aggregators"
title: "新聞聚合器"
icon: material/rss
description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS.
description: 這些新聞聚合器客戶端可利使用 RSS 等網際網路標準來訂閱追蹤您最喜愛的部落格和新聞網站。
---
A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites.
[新聞聚合器](https://en.wikipedia.org/wiki/News_aggregator) 是一種訂閱最喜愛的部落格和新聞網站的追蹤方式。
## Aggregator clients
## 聚合器客戶端
### Akregator
!!! recommendation
![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right }
! [Akregator logo] (assets/img/news-aggregators/akregator.svg) {align = right}
**Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading.
* * Akregator * *是 [KDE](https://kde.org) 項目的一部分。 它具有快速搜索、先進的存檔功能和內部瀏覽器可輕鬆閱讀新聞。
[:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary }
[:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" }
@@ -22,7 +22,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
[:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" }
[:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator)
@@ -30,15 +30,15 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right }
! [Feeder logo] (assets/img/news-aggregators/feeder.png) {align = right}
**Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
* * Feeder * *是 Android 版本的 RSS 客戶端,具有許多[特色](https://gitlab.com/spacecowboy/Feeder#features) 且可與RSS 訊息來源的資料夾配合使用。 它支持 [RSS](https://en.wikipedia.org/wiki/RSS ), [Atom]( https://en.wikipedia.org/wiki/Atom_ 網頁標準 ) , [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) [JSON Feed] (https://en.wikipedia.org/wiki/JSON_Feed)。
[:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" }
[:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play)
@@ -46,9 +46,9 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right }
! [Fluent Reader logo] (assets/img/news-aggregators/fluent-reader.svg) {align = right}
**Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md).
* * Fluent Reader * *是一個安全的跨平臺新聞聚合器,具有方便的隱私功能,例如在退出時刪除 cookie ,嚴格的[內容安全政策(CSP)] (https://en.wikipedia.org/wiki/Content_Security_Policy)和代理支持,這意味著您可以透過 [Tor](tor.md)來使用它。
[:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary }
[:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" }
@@ -56,7 +56,7 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
[:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" }
[:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-windows11: Windows](https://hyliu.me/fluent-reader)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427)
@@ -65,15 +65,15 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right }
! [GNOME Feeds logo] (assets/img/news-aggregators/gfeeds.svg) {align = right}
**GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast.
* * GNOME Feeds * *是 [RSS](https://en.wikipedia.org/wiki/RSS) [Atom](https://en.wikipedia.org/wiki/Atom_ (Web_standard))新聞閱讀器,適用於 [GNOME](https://www.gnome.org)。 它的界面很簡單,執行快速。
[:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary }
[:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" }
[:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-linux: Linux](https://gfeeds.gabmus.org/#install)
- [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds)
@@ -82,10 +82,10 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right }
![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right }
! [Miniflux logo] (assets/img/news-aggregators/miniflux.svg#only-light) {align = right}
! [Miniflux標誌] (assets/img/news-aggregators/miniflux-dark.svg#only-dark) {align = right}
**Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed).
* * Miniflux * *是一個網頁版的新聞聚合器,允許自行託管。 它支持 [RSS](https://en.wikipedia.org/wiki/RSS ), [Atom]( https://en.wikipedia.org/wiki/Atom_ 網頁標準 ) , [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) [JSON Feed] (https://en.wikipedia.org/wiki/JSON_Feed)。
[:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary }
[:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation}
@@ -96,16 +96,16 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right }
! [NetNewsWire標誌] (assets/img/news-aggregators/netnewswire.png) {align = right}
**NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds.
* * NetNewsWire * *是一款免費開源的訊息源閱讀器,適用於macOS iOS ,專注於原生設計和功能集。 它支持典型 feed 格式,以及對 Twitter Reddit feed 的內置支持。
[:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210)
- [:simple-apple: macOS](https://netnewswire.com)
@@ -114,35 +114,35 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k
!!! recommendation
![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right }
! [Newsboat logo] (assets/img/news-aggregators/newsboat.svg) {align = right}
**Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell).
* * Newsboat * *是文字控制界面的RSS/Atom 新聞閱讀器。 分支自 [Newsbeuter]( https://zh.wikipedia.org/wiki/Newsbeuter )後,維持積極維護。 非常輕量,適合在[Secure Shell] (https://zh.wikipedia.org/wiki/Secure_Shell )上使用。
[:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" }
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! !!! 例如 "本节是新的"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Must be open-source software.
- Must operate locally, i.e. must not be a cloud service.
- 必須是開源軟體。
- 必須在本地運作,即不得是雲端服務。
## Social Media RSS Support
## 社交媒體 RSS 支援
Some social media services also support RSS although it's not often advertised.
一些社交媒體服務也支持 RSS ,儘管它很少受到推廣。
### Reddit
Reddit allows you to subscribe to subreddits via RSS.
Reddit 允許您通過 RSS 訂閱 subreddits
!!! example
Replace `subreddit_name` with the subreddit you wish to subscribe to.
!!! 案例
替換 `subreddit_name` 改為所要訂閱的 subreddit
```text
https://www.reddit.com/r/{{ subreddit_name }}/new/.rss
@@ -150,11 +150,11 @@ Reddit allows you to subscribe to subreddits via RSS.
### Twitter
Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS.
使用任何 Nitter [實例](https://github.com/zedeus/nitter/wiki/Instances) ,您可以使用 RSS 輕鬆訂閱。
!!! example
1. Pick an instance and set `nitter_instance`.
2. Replace `twitter_account` with the account name.
!!! 例子
1. 選取實例並設定 `nitter_instance`
2. `twitter_account` 替換為帳戶名稱。
```text
https://{{ nitter_instance }}/{{ twitter_account }}/rss
@@ -162,11 +162,11 @@ Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instan
### YouTube
You can subscribe YouTube channels without logging in and associating usage information with your Google Account.
您可以訂閱 YouTube頻道而無需登入不會把使用情況資訊與Google 帳戶關聯。
!!! example
!!! 例子
To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below:
若要使用 RSS 客戶端訂閱 YouTube 頻道,請先查看您的[channel code] (https://support.google.com/youtube/answer/6180214) ,然後在下方替換[CHANNE ID]」:
```text
https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID]
```

112
i18n/zh-Hant/passwords.md
View File

@@ -2,6 +2,118 @@
title: "Password Managers"
icon: material/form-textbox-password
description: Password managers allow you to securely store and manage passwords and other credentials.
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Password Manager Recommendations
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Bitwarden
image: /assets/img/password-management/bitwarden.svg
url: https://bitwarden.com
sameAs: https://en.wikipedia.org/wiki/Bitwarden
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: 1Password
image: /assets/img/password-management/1password.svg
url: https://1password.com
sameAs: https://en.wikipedia.org/wiki/1Password
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Psono
image: /assets/img/password-management/psono.svg
url: https://psono.com
applicationCategory: 密碼管理器。
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassXC
image: /assets/img/password-management/keepassxc.svg
url: https://keepassxc.org/
sameAs: https://en.wikipedia.org/wiki/KeePassXC
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassDX
image: /assets/img/password-management/keepassdx.svg
url: https://www.keepassdx.com/
applicationCategory: 密碼管理器。
operatingSystem: Android
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Strongbox
image: /assets/img/password-management/strongbox.svg
url: https://strongboxsafe.com/
applicationCategory: 密碼管理器。
operatingSystem: iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: gopass
image: /assets/img/password-management/gopass.svg
url: https://www.gopass.pw/
applicationCategory: 密碼管理器。
operatingSystem:
- Windows
- macOS
- Linux
- FreeBSD
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
---
Password managers allow you to securely store and manage passwords and other credentials with the use of a master password.

2
i18n/zh-Hant/productivity.md
View File

@@ -134,7 +134,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs.
- Must be cross-platform.
- Must be open-source software.
- 必須是開源軟體。
- Must function offline.
- Must support editing documents, spreadsheets, and slideshows.
- Must export files to standard document formats.

34
i18n/zh-Hant/router.md
View File

@@ -1,50 +1,50 @@
---
title: "Router Firmware"
title: "路由器軔體"
icon: material/router-wireless
description: These alternative operating systems can be used to secure your router or Wi-Fi access point.
description: 這些替代作業系統可用於保護您的路由器或Wi-Fi接入點。
---
Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc.
以下是一些替代操作系統,可用於路由器, Wi-Fi接入點等。
## OpenWrt
!!! recommendation
![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right }
![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ align=right }
! [OpenWrt logo] (assets/img/router/openwrt.svg#only-light) {align = right}
! [OpenWrt logo] (assets/img/router/openwrt-dark.svg#only-dark) {align = right}
**OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers.
* * OpenWrt * *是一個基於 Linux 的操作系統;它主要用於嵌入式設備以路由網路流量。 它包括util-linux uClibcBusyBox。 所有組件都已為家庭路由器進行了優化。
[:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }
[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" }
[:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute }
You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported.
您可以參考 OpenWrt [硬體表格](https://openwrt.org/toh/start) 檢查您的設備是否支援。
## OPNsense
!!! recommendation
![OPNsense logo](assets/img/router/opnsense.svg){ align=right }
! [OPNsense logo] (assets/img/router/opnsense.svg) {align = right}
**OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint.
* * OPNsense * *是開源的、基於FreeBSD 的防火牆和路由平臺,它包含許多進階功能,如流量整形、負載平衡和 VPN 功能,且有插件的形式提供更多功能。 OPNsense 通常部署作邊界防火牆、路由器、無線存取點、DHCP伺服器、DNS伺服器和 VPN 端點。
[:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" }
[:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute }
OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project.
OPNsense 一開始是從 [pfSense](https://en.wikipedia.org/wiki/PfSense)分支另外發展出來,兩個項目都以免費和可靠的防火牆發行版而聞名,它們提供了通常只有昂貴的商業防火牆才具備的功能。 2015 年啟動後,OPNsense 開發人員[引述](https://docs.opnsense.org/history/thefork.html) pfSense 專案中一連串安全與代碼品質問題,因此覺得有必要對須目作分支。再者 Netgate 取得 pfSense 大部份所有權, pfSense 未來的方向也令他們擔憂。
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為這個網站的各個部分建立明確標準,它可能依情況變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Must be open source.
- Must receive regular updates.
- Must support a wide variety of hardware.
- 它必須是開源的。
- 必須定期更新。
- 需要支持各種各樣的硬體。

3
i18n/zh-Hant/tools.md
View File

@@ -130,6 +130,7 @@ For more details about each project, why they were chosen, and additional tips o
<div class="grid cards" markdown>
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
</div>
@@ -383,7 +384,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
<div class="grid cards" markdown>
- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey)
- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key)
- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey)
- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator)
- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)

88
i18n/zh-Hant/tor.md
View File

@@ -1,12 +1,12 @@
---
title: "Tor Network"
title: "Tor 網絡"
icon: simple/torproject
description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship.
description: 使用 Tor 網絡來保護您的網際網路瀏覽免受窺探, Tor 網絡是一個規避審查的安全網路。
---
![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right }
The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool.
**Tor** 網絡是一組由志願者操作的伺服器,可讓您免費連線,並改善您的隱私權和安全性。 個人和組織還可以通過 Tor 網絡與“.onion 隱藏服務”分享資訊,而不會損害他們的隱私。 很難阻止和追蹤 Tor 流量,因此它是一種有效的審查規避工具。
[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
@@ -14,21 +14,21 @@ The **Tor** network is a group of volunteer-operated servers that allows you to
[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity.
Tor 的工作原理是通過志願者運營的服務器來引導您的網際網路路徑,而不是直接連接到您試圖訪問的網站。 這樣可以混淆流量來源,所連接的伺服器都無法看到流量來去的完整路徑,也意味著即使您連接的伺服器無法破壞您的匿名性。
[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
[詳細的 Tor 總覽 :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button}
## Connecting to Tor
## 正在連接到Tor
There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser.
有多種方式可以從您的設備連上 Tor 網絡,最常用的是 ** Tor 瀏覽器**,這是 Firefox 的一個分支,專為桌面電腦和 Android 的匿名瀏覽而設計。 除了下面列出的應用程序外,還有專門設計用於連接到 Tor 網絡的操作系統,例如 [Qubes OS 作業系統](desktop.md#qubes-os) [Whonix](desktop.md#whonix),它們提供比標準 Tor 瀏覽器更高的安全性和保護。
### Tor Browser
!!! recommendation
![Tor Browser logo](assets/img/browsers/tor.svg){ align=right }
! [Tor 瀏覽器標誌] (assets/img/browsers/tor.svg) {align = right}
**Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*.
* * Tor 瀏覽器* *需要匿名的好選擇,為您提供 Tor 網絡和橋接的存取權限,它包含預設設置和擴展其自動配置安全級別有: *標準* 、 *更安全*和*最安全*三種。
[:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary }
[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" }
@@ -36,28 +36,28 @@ There are a variety of ways to connect to the Tor network from your device, the
[:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:simple-android: Android](https://www.torproject.org/download/#android)
- [:simple-windows11: Windows](https://www.torproject.org/download/)
- [:simple-apple: macOS](https://www.torproject.org/download/)
- [:simple-linux: Linux](https://www.torproject.org/download/)
- [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor)
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.torproject.torbrowser)
- [:simple-android: Android] (https://www.torproject.org/download/#android)
- [:simple-windows11: Windows] (https://www.torproject.org/download/)
- [:simple-apple: macOS] (https://www.torproject.org/download/)
- [:simple-linux: Linux] (https://www.torproject.org/download/)
- [:simple-freebsd: FreeBSD] (https://www.freshports.org/security/tor)
!!! danger
!!! 危險
You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting).
您應該* *永遠不要* *在Tor瀏覽器上安裝任何其他擴充功能或編輯「關於配置」設定包括我們為Firefox建議的設定。 瀏覽器擴充套件和非標準設置會使您在 Tor 網絡上突顯出來,從而使您的瀏覽器更容易變成 [fingerprint] https://support.torproject.org/glossary/browser-fingerprinting )。
The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
Tor 瀏覽器旨在防止指紋識別----根據您的瀏覽器配置識別您。 因此,您 **不應** 修改瀏覽器超出預設 [安全級別](https://tb-manual.torproject.org/security-settings/)
### Orbot
!!! recommendation
![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right }
! [Orbot標誌] (assets/img/self-contained-networks/orbot.svg) {align = right}
**Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.
* * Orbot * *是一款免費的Tor VPN ,適用於智慧型手機,可讓裝置上的任何應用程式流量通過 Tor 網絡。
[:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" }
@@ -65,53 +65,53 @@ The Tor Browser is designed to prevent fingerprinting, or identifying you based
[:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" }
[:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599)
- [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases)
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.torproject.android)
- [:simple-appstore: App Store] (https://apps.apple.com/us/app/orbot/id1609461599)
- [:simple-github: GitHub] (https://github.com/guardianproject/orbot/releases)
For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings****Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to.
為了抵抗流量分析攻擊,請考慮在 :material-menu: → **設置** → **連接**中啟用 *隔離目標地址* 。 在連接不同網域名時即使用不同的 Tor 迴路(不同的中繼和出口節點)。
!!! tip "Tips for Android"
!!! 提示“ Android 使用訣竅”
Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
Orbot 可以代理個別應用程式,如果它們有支援 SOCKS HTTP 代理。 它也能使用 [VpnService] https://developer.android.com/reference/android/net/VpnService )代理您的所有網路連接,其 VPN killswitch 設置在 :gear: **Settings****Network & internet****VPN** → :gear: → **Block connections without VPN**.
Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead.
Guardian Project 的[F-Droid repository] (https://guardianproject.info/fdroid)和[Google Play] (https://play.google.com/store/apps/details?id=org.torproject.android)上Orbot 往往不是最新版,因此請考慮直接從 [GitHub repository] (https://github.com/guardianproject/orbot/releases) 下載。
All versions are signed using the same signature so they should be compatible with each other.
所有版本都使用同一個簽名,因此它們應該相互兼容。
## Relays and Bridges
## 中繼和橋接
### Snowflake
!!! recommendation
![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right }
![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right }
! [Snowflake logo] (assets/img/browsers/snowflake.svg#only-light) {align = right}
! [Snowflake logo] (assets/img/browsers/snowflake-dark.svg#only-dark) {align = right}
**Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser.
* * Snowflake * *允許您在瀏覽器中操作「Snowflake proxy」將網路頻寛捐給 Tor 專案。
People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge.
被審查的人可以使用 Snowflake 代理來連接 Tor 網絡。 Snowflake 是貢獻 Tor 網絡的好方法,即便您沒有運行 Tor 中繼或橋接的技術知識。
[:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary }
[:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation}
[:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" }
[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute }
??? downloads
??? 下載
- [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/)
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
- [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy")
- [:simple-firefoxbrowser: Firefox] (https://addons.mozilla.org/zh-CN/firefox/addon/torproject-snowflake/)
- [:simple-googlechrome: Chrome] (https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie)
- [:octicons-browser-16: Web] (https://snowflake.torproject.org/embed "保持此頁面開啟成為Snowflake代理")
??? tip "Embedded Snowflake"
??? 提示: Embedded Snowflake
You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
您可以在瀏覽器中啟用 Snowflake ,只需按下下方開關,即可= =保持此頁面開啟= =。 您還可以安裝 Snowflake 瀏覽器擴充元件,當開啟瀏覽器時它會一直執行,但添加第三方擴充元件可能會增加遭攻擊面。
<center><iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe></center>
<small>If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html).</small>
<small>如果沒有顯示嵌入,請確保您沒有封鎖來自`torproject.org`的第三方框架。 或者,請造訪[此頁面] (https://snowflake.torproject.org/embed.html)。</small>
Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours.
Snowflake 無法加強隱私,也不會在您的個人瀏覽器中連接 Tor網絡。 但如果您的網際網路連接沒有被審查的情形,請考慮使用它,幫助受審查網路中的人們能有更好的隱私。 無需擔心人們通過您的代理訪問哪些網站----他們的可見瀏覽 IP 地址將與其 Tor 出口節點相匹配,而不是您的 IP 地址。
Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy.
運行 Snowflake 代理風險很低,甚至低於運行 Tor 中繼或橋接器,而這些中繼器或橋接器已經不算是特別高風險的工作。 但是,它通過您的網路進行代理流量,在某些方面可能會產生影響,特別是您的網路頻寬有限制的話。 在運行代理之前,要確保已清楚了解[ Snowflake 運作方式](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home)

38
i18n/zh-Hant/video-streaming.md
View File

@@ -1,51 +1,51 @@
---
title: "Video Streaming"
title: "影片串流"
icon: material/video-wireless
description: These networks allow you to stream internet content without building an advertising profile based on your interests.
description: 這些服務可讓您串流互聯網內容,而不會記錄個人興趣建立廣告剖繪。
---
The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage.
使用影片串流平臺時的主要威脅是您的串流習慣和訂閱清單可能被用來剖繪分析您的個人喜好。 您應該將這些工具與 [VPN](vpn.md) [Tor](https://www.torproject.org/) 相結合,以便更難分析您的使用情況。
## LBRY
!!! recommendation
![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right }
! [LBRY標誌] (assets/img/video-streaming/lbry.svg) {align = right}
**The LBRY network** is a decentralized video sharing network. It uses a [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-like network to store the video content, and a [blockchain](https://wikipedia.org/wiki/Blockchain) to store the indexes for those videos. The main benefit of this design is censorship resistance.
* * LBRY 網路* *是一個分散式視頻共享網絡。 它透過類似 [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-l網路來儲存影片內容再利用 [區塊錬](https://wikipedia.org/wiki/Blockchain) 來存儲影片之索引。 這種設計的主要好處是抵抗審查。
**The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet.
* * LBRY 桌面用戶端* *可協助串流來自 LBRY 網路的影片,並將訂閱清單儲存在自己的 LBRY 錢包。
[:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-windows11: Windows](https://lbry.com/windows)
- [:simple-apple: macOS](https://lbry.com/osx)
- [:simple-linux: Linux](https://lbry.com/linux)
!!! note
!!! 備註
Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry.
建議僅使用* * LBRY桌面用戶端* * ,因為 F-Droid、Play Store 和App Store 中的 [Odysee](https://odysee.com)網站和 LBRY 用戶端具有強制同步和遙測功能。
!!! warning
!!! 警告
While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address.
在觀看和託管影片時LBRY 網路可看到您的 IP 位址。 如果您的[威脅模型] (basics/threat-modeling.md)需要隱藏您的IP 位址,請考慮使用 [VPN](vpn.md) [Tor](https://www.torproject.org)
We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel.
建議**不要** 錢包與 LBRY Inc. 設為同步,因為尚不支援錢包同步的加密功能。 如果您將錢包與 LBRY Inc.同步,則必須信任他們不會查看您的訂閱列表, [LBC](https://lbry.com/faq/earn-credits) 資金或控制您的頻道。
You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings****Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time.
您可以禁用 *儲存託管資料,其設置方法為* 選項中的 :gear: **設置****進階設置**,來避免在長時間使用 LBRY 時暴露 IP 地址和觀看的視頻。
## Criteria
## 標準
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 [標準準則](about/criteria.md)外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
!!! example "This section is new"
!!! 示例“此部分是新的”
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
我們正在努力為我們網站的每個部分建立定義的標準,這可能會有所變化。 如果您對我們的標準有任何疑問,請在[論壇上提問] (https://discuss.privacyguides.net/latest) ,如果沒有列出,請不要認為我們在提出建議時沒有考慮到某些事情。 當我們推薦一個項目時,有許多因素被考慮和討論,記錄每一個項目都是正在進行式。
- Must not require a centralized account to view videos.
- Decentralized authentication, such as via a mobile wallet's private key is acceptable.
- 無需集中式帳戶就可觀看影片。
- 分散式驗證,例如通過行動錢包的私鑰進行驗證是可以接受的。

393
i18n/zh-Hant/vpn.md
View File

@@ -1,10 +1,10 @@
---
title: "VPN Services"
title: "VPN 服務"
icon: material/vpn
description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isnt out to spy on you.
description: 這些是保護您線上隱私和安全的最佳 VPN 服務。 在這裡找一個不會監視您的供應商。
---
If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest:
連接到網際網路連線供應商、公共Wi-Fi 網路或下載文件時,如何能有更好的 **隱私**保護 ,只要了解所涉及的風險, VPN 可能是您的解決方案。 我們認為這些供應商高於其他供應商:
<div class="grid cards" markdown>
@@ -16,87 +16,103 @@ If you're looking for additional **privacy** from your ISP, on a public Wi-Fi ne
!!! 注意 "VPN 不會讓您匿名"
Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic.
使用 VPN 將* *不會* *讓您的瀏覽習慣被匿名,也不會替不安全( HTTP )流量增加額外的安全性。
If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN.
如果您追求的是* *匿名性* * ,應該使用 Tor 瀏覽器* *代替* * VPN
If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
如果要的是更多* *安全性* * ,您應該確保您全程使用 HTTPS 連接到網站。 VPN 不能取代良好的安全措施。
[Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
[Download Tor] (https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ] (advanced/tor-overview.md){ .md-button }
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
[VPN 概述 :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button}
## Recommended Providers
## 推薦的 DNS 提供商
Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information.
我們推薦的提供商使用加密、可接受Monero 、支持WireGuard & OpenVPN ,且具有不記錄政策。 閱讀我們的 [完整列表標準](#criteria) 以獲取更多信息。
### IVPN
!!! recommendation
![IVPN logo](assets/img/vpn/ivpn.svg){ align=right }
! [IVPN logo] (assets/img/vpn/ivpn.svg) {align = right}
**IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar.
* * IVPN * *是另一家高級 VPN 提供商,自 2009年開始運營。 IVPN 位於直布羅陀。
[:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-android: Android](https://www.ivpn.net/apps-android/)
- [:simple-appstore: App Store](https://apps.apple.com/app/ivpn-serious-privacy-protection/id1193122683)
- [:simple-windows11: Windows](https://www.ivpn.net/apps-windows/)
- [:simple-apple: macOS](https://www.ivpn.net/apps-macos/)
- [:simple-linux: Linux](https://www.ivpn.net/apps-linux/)
- [:simple-android: Android] (https://www.ivpn.net/apps-android/)
- [:simple-appstore: App Store] (https://apps.apple.com/app/ivpn-serious-privacy-protection/id1193122683)
- [:simple-windows11: Windows] (https://www.ivpn.net/apps-windows/)
- [:simple-apple: macOS] (https://www.ivpn.net/apps-macos/)
- [:simple-linux: Linux] (https://www.ivpn.net/apps-linux/)
#### :material-check:{ .pg-green } 35 Countries
#### :material-check:{ .pg-green } 35 個國家
IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
IVPN 在 35 個國家/地區擁有 [伺服器](https://www.ivpn.net/server-locations)(1)選擇離您最近的伺服器 VPN 供應商,將減少發送網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. Last checked: 2022-09-16
1. 上次檢查日期: 2022-09-16
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } Independently Audited
#### :material-check:{ .pg-green } 獨立稽核
IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf).
IVPN 通過 Cure53</a>
#### :material-check:{ .pg-green } Open-Source Clients
不留記錄審計,該審計結果與 IVPN 的不留記錄聲明一致。 IVPN 還在2020年1月完成了Cure53 [全面的 pentest 報告](https://cure53.de/summary-report_ivpn_2019.pdf) 。 IVPN 也表示打算未來會定期提出 [年度報告](https://www.ivpn.net/blog/independent-security-audit-concluded)。 2022年4月進行[進一步評估](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) ,並由執行單位 Cure53 發佈[在其網站](https://cure53.de/pentest-report_IVPN_2022.pdf)。</p>
As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn).
#### :material-check:{ .pg-green } Accepts Cash and Monero
In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment.
#### :material-check:{ .pg-green } 開源客戶端
#### :material-check:{ .pg-green } WireGuard Support
2020 二月後 [IVPN 應用程式已公開其源代碼](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source)。 源代碼可以從他們的 [GitHub組織](https://github.com/ivpn)獲得。
IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } Remote Port Forwarding
#### :material-check:{ .pg-green } 接受現金和Monero
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html).
除了接受信用卡/簽帳卡和 PayPal 外, IVPN 還接受比特幣 **Monero****現金/當地貨幣** (年度方案繳費)作為匿名付款方式。
#### :material-check:{ .pg-green } Mobile Clients
In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-check:{ .pg-green } WireGuard支持
IVPN 支援 WireGuard 協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
IVPN [建議](https://www.ivpn.net/wireguard/)搭配 WireGuard 一起使用, IVPN's 所有應用程式皆已預設 WireGuard 協議。 IVPN 亦提供 WireGuard 設置生成器以用於官方版本的 WireGuard [應用軟體](https://www.wireguard.com/install/)。
#### :material-check:{ .pg-green } 遠端端口轉發
使用昇級方案可用遠端 [端口轉發](https://en.wikipedia.org/wiki/Port_forwarding) 。 [可以由客戶端區域激活](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html)端口轉發 。 只有使用 WireGuard 或 OpenVPN 協議IVPN 方可轉發端口,但在[美國的伺服器](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html) 不支援此功能。
#### :material-check:{ .pg-green } 手機客戶端
除標準的 OpenVPN 配置文件外, IVPN可以在 [App Store ](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683)、 [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client)和 [GitHub](https://github.com/ivpn/android-app/releases) 下載移動客戶端,以輕鬆連接到他們的伺服器。
#### :material-information-outline:{ .pg-blue } 額外功能
IVPN 客戶端支援雙因素驗證Mullvad 客戶端不支援)。 IVPN 有"[反追蹤](https://www.ivpn.net/antitracker)" 功能,以阻絕來自網路層的廣告與追蹤。
IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level.
### Mullvad
!!! recommendation
![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right }
! [Mullvad 標誌] (assets/img/vpn/mullvad.svg) {align = right}
**Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial.
* * Mullvad * *是一個快速且便宜的VPN ,非常注重透明和安全性。 自* * 2009 年* *開始運營。 Mullvad 總部位於瑞典,不提供免費試用。
[:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary }
[:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" }
@@ -104,224 +120,285 @@ IVPN clients support two factor authentication (Mullvad's clients do not). IVPN
[:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store] (https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub] (https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows] (https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS] (https://mullvad.net/en/download/macos/)
- [:simple-linux: ] (https://mullvad.net/en/download/linux/)
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn)
- [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513)
- [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases)
- [:simple-windows11: Windows](https://mullvad.net/en/download/windows/)
- [:simple-apple: macOS](https://mullvad.net/en/download/macos/)
- [:simple-linux: Linux](https://mullvad.net/en/download/linux/)
#### :material-check:{ .pg-green } 41 Countries
Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
#### :material-check:{ .pg-green } 41 個國家
Mullvad 在 41 個國家/地區設有 [伺服器](https://mullvad.net/servers/)。(1)選擇離您最近伺服器,這將減少您網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. Last checked: 2023-01-19
1. 上次檢查日期: 2023-01-19
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } Independently Audited
Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded:
> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.
#### :material-check:{ .pg-green } 獨立稽核
In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website:
Cure53 審計了 Mullvad's VPN 客戶端軟體, Assured AB 對他們進行穿透測試,相關報告在[ cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf)。 安全研究人員得出結論:
> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks.
In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf).
#### :material-check:{ .pg-green } Open-Source Clients
> Cure53 和 Assured AB 對審計結果感到滿意Mullvad 留下整體正面的印象。 由於 Mullvad VPN 內部團隊在安全上的投入,測試人員肯定了該項目從安全角度來看是正確的。
Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app).
2020年宣布第二次審計 [](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) [最終報告結果](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) 可在 Cure53 網站上獲得:
#### :material-check:{ .pg-green } Accepts Cash and Monero
Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers.
#### :material-check:{ .pg-green } WireGuard Support
> 2020年5月~6月針對 Mullvad 的專案結果是相當正面。 [...] Mullvad 使用的整體應用生態系統給人留下了結構完善之印象。 該應用程序的整體結構更容易以結構化的方式推出補丁和修復。 Cure53 的發現展示了不斷審核和重新評估當前泄漏向量的重要性,以始終確保最終用戶的隱私。 Mullvad 在保護最終用戶免受常見 PII 洩漏和隱私相關風險方面做得很好。
Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
2021年宣布[基礎設施審計](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) ,並在 Cure53 網站上公布[最終審計報告](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) 。 2022年6月</>另一份委託 Assured 所作的報告 。</p>
Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/).
#### :material-check:{ .pg-green } IPv6 Support
Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections.
#### :material-check:{ .pg-green } 開源客戶端
Mullvad 在[GitHub 提供其桌面和移動客戶端的源代碼](https://github.com/mullvad/mullvadvpn-app)。
#### :material-check:{ .pg-green } 接受現金和Monero
除了接受信用卡/簽帳卡和 PayPal 外, IVPN 還接受比特幣 **Monero****現金/當地貨幣** (年度方案繳費)作為匿名付款方式。 他們也接受 Swish 和銀行電匯。
#### :material-check:{ .pg-green } WireGuard支持
Mullvad 支持 WireGuard ®協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
Mullvad [建議](https://mullvad.net/en/help/why-wireguard/) 搭配 WireGuard 使用。 Android, iOS, macOS, 與 Linux Mullvad 應用軟體已將 WireGuard 調為預設協議,但 Windows 則須要自行 [手動打開](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard。 Mullvad 提供 WireGuard 配置生成器,搭配 WireGuard 官方 [應用程序](https://www.wireguard.com/install/)。
#### :material-check:{ .pg-green } IPv6 支持
Mullvad 支持未來的網路主流 [IPv6](https://en.wikipedia.org/wiki/IPv6)。 他們的網路可讓您 [存取託管在 IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) 的服務有些供應商會阻止IPv6 連接。
#### :material-check:{ .pg-green } Remote Port Forwarding
Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information.
遠端 [端口輚發](https://en.wikipedia.org/wiki/Port_forwarding) 可允許單次付款的使用者,但長期/訂閱付款的帳戶不可使用。 這是為了防止 Mullvad 能夠根據端口使用情況和存儲的訂閱資訊來辨識使用者。 請參見 Mullvad VPN</a> 端口轉發 了解更多資訊。</p>
#### :material-check:{ .pg-green } Mobile Clients
Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases).
#### :material-information-outline:{ .pg-blue } Additional Functionality
#### :material-check:{ .pg-green } 手機客戶端
Mullvad 有 [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) 和 [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) 用戶端,兩者易於使用的界面,無須手動配置 WireGuard 連接。 Android 客戶端也從 [GitHub](https://github.com/mullvad/mullvadvpn-app/releases)下載。
#### :material-information-outline:{ .pg-blue } 額外功能
Mullvad 對 [自有或租用](https://mullvad.net/en/servers/)的節點非常透明。 他們在 ShadowSocks + OpenVPN 配置中使用 [ShadowSocks](https://shadowsocks.org/) ,以更能抵抗 [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) 試圖阻止 VPN 之防火牆。 據推測, [中國使用不同的方法來阻止 ShadowSocks 伺服器](https://github.com/net4people/bbs/issues/22)。 Mullvad 網站也可以通過 Tor 訪問 [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion)。
Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion).
### Proton VPN
!!! recommendation annotate
![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right }
! [Proton VPN標誌] (assets/img/vpn/protonvpn.svg) {align = right}
**Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option.
* * Proton VPN * *是 VPN 領域強大競爭者,自 2016 年開始營運。 Proton AG 總部位於瑞士,提供有限的免費會員等級,以及更多功能的付費選項。
[:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation}
[:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" }
??? downloads
??? 下載
- [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=ch.protonvpn.android)
- [:simple-appstore: App Store] (https://apps.apple.com/app/apple-store/id1437005085)
- [:simple-github: GitHub] (https://github.com/ProtonVPN/android-app/releases)
- [:simple-windows11: Windows] (https://protonvpn.com/download-windows)
- [:simple-linux: Linux] (https://protonvpn.com/support/linux-vpn-setup/)
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085)
- [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases)
- [:simple-windows11: Windows](https://protonvpn.com/download-windows)
- [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/)
#### :material-check:{ .pg-green } 67 Countries
Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination.
#### :material-check:{ .pg-green } 67個國家
Proton VPN 在67個國家/地區設有 [伺服器](https://protonvpn.com/vpn-servers). (1)選擇距離您最近的伺服器的VPN供應商將減少您網路流量的延遲。 這是因為到目的地的路線較短(跳數較少)。
{ .annotate }
1. Last checked: 2022-09-16
1. 上次檢查日期: 2022-09-16
We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server).
我們認為,如果 VPN 提供商使用 [專用伺服器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是更便宜(與其他客戶共享)的解決方案 ,例如 [虛擬專用服務器](https://en.wikipedia.org/wiki/Virtual_private_server),則 VPN提供商的私鑰更安全。
#### :material-check:{ .pg-green } Independently Audited
As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
#### :material-check:{ .pg-green } Open-Source Clients
#### :material-check:{ .pg-green } 獨立稽核
Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN).
截至 2020年1月 Proton VPN 已接受 SEC Consult 的獨立審計。 SEC Consult 在 Proton VPN Windows、Android 和 iOS應用程序中發現一些中低風險漏洞Proton VPN 已在報告發布之前全部“正確修復”這些漏洞。 所發現的問題都不會讓攻擊者遠端存取您的裝置或流量。 您可以透過 [protonvpn.com](https://protonvpn.com/blog/open-source/)查看各個平臺的報告。 2022 年 4月Proton VPN 通過 [另一次審計](https://protonvpn.com/blog/no-logs-audit/) [ Securitum 所作的報告在此](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf)。 [Securitum](https://research.securitum.com) 在 2021年11月9日簽發 [Proton VPN 的應用程式認證函](https://proton.me/blog/security-audit-all-proton-apps) 。
#### :material-check:{ .pg-green } Accepts Cash
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
#### :material-check:{ .pg-green } WireGuard Support
#### :material-check:{ .pg-green } 開源客戶端
Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant.
Proton VPN 在 [GitHub](https://github.com/ProtonVPN) 提供其桌面和移動客戶端的源代碼。
Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app.
#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding
Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients.
#### :material-check:{ .pg-green } 接受現金
#### :material-check:{ .pg-green } Mobile Clients
除信用卡/簽帳卡、PayPal 和 [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc)之外Proton VPN 還接受 **現金/當地貨幣** 等匿名付款方式。
In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers.
#### :material-information-outline:{ .pg-blue } Additional Functionality
Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose.
#### :material-check:{ .pg-green } WireGuard支持
#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs
Proton VPN 支持 WireGuard ®協議。 [WireGuard](https://www.wireguard.com) 是一個較新的協議,使用最先進的 [加密技術](https://www.wireguard.com/protocol/)。 此外, WireGuard的目標是更簡單更高效。
System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service.
Proton VPN [建議](https://protonvpn.com/blog/wireguard/) 搭配 WireGuard 使用。 Proton VPN 在 Windows, macOS, iOS, Android, ChromeOS, 以及 Android TV 等平台的應用軟體, WireGuard 已是預設協議,不過[尚未支援](https://protonvpn.com/support/how-to-change-vpn-protocols/) Linux 作業系統的應用軟體。
## Criteria
!!! danger
It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.
#### :material-alert-outline:{ .pg-orange } 遠端端口轉發
**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible.
Proton VPN 目前只支援 Windows 遠端 [端口轉發](https://protonvpn.com/support/port-forwarding/) ,它可能會影響某些應用程式。 尤其是像 Torrent 客戶端這類 P2P 應用程式。
### Technology
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected.
**Minimum to Qualify:**
#### :material-check:{ .pg-green } 手機客戶端
- Support for strong protocols such as WireGuard & OpenVPN.
- Killswitch built in to clients.
- Multihop support. Multihopping is important to keep data private in case of a single node compromise.
- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing.
除了提供標準的 OpenVPN 配置檔案外, Proton VPN 還有 [ App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085)、 [ Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US)和 [個GitHub](https://github.com/ProtonVPN/android-app/releases) 的移動客戶端,可以輕鬆連接到其伺服器。
**Best Case:**
- WireGuard and OpenVPN support.
- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.)
- Easy-to-use VPN clients
- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses.
- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble).
### Privacy
#### :material-information-outline:{ .pg-blue } 額外功能
We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required.
除 Linux 以外Proton VPN 客戶端目前支持所有平臺上的雙因素身份驗證。 在瑞士、冰島和瑞典Proton VPN 擁有自己的伺服器和資料中心。 他們透過自己的 DNS 服務,來封鎖廣告和已知的惡意軟體網域。 此外, Proton VPN 還提供“Tor”伺服器讓您可輕鬆連接到洋蔥網站但我們仍然強烈建議這類目的最好還是使用 [官方 Tor 瀏覽器](https://www.torproject.org/) 。
**Minimum to Qualify:**
- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option.
- No personal information required to register: Only username, password, and email at most.
**Best Case:**
#### :material-alert-outline:{ .pg-orange } Killswitch 無法用在 Intel 處理器的 Mac 電腦
- Accepts multiple [anonymous payment options](advanced/payments.md).
- No personal information accepted (autogenerated username, no email required, etc.).
Intel 處理器的 Mac 電腦 若用 VPN killswitch 會發生 [系統崩潰](https://protonvpn.com/support/macos-t2-chip-kill-switch/) 。 如果您需要此功能,但使用的是搭載 Intel 晶片組的Mac ,則應考慮使用其他 VPN 服務。
### Security
A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis.
**Minimum to Qualify:**
## 標準
- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption.
- Perfect Forward Secrecy (PFS).
- Published security audits from a reputable third-party firm.
!!! 危險
**Best Case:**
重要的是要注意,使用 VPN 不會使您匿名,但在某些情況下可以提供更好的隱私。 VPN不是非法活動的工具。 不要依靠“不留記錄”政策。
- Strongest Encryption: RSA-4096.
- Perfect Forward Secrecy (PFS).
- Comprehensive published security audits from a reputable third-party firm.
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
**請注意我們和所推薦的服務商沒有任何利害關係。 這使我們能夠提供完全客觀的建議。** 除了 [我們的標準條件](about/criteria.md)外,我們還為任何希望獲得推薦的 VPN 服務商制定了一套明確的要求,包括強大的加密、獨立的安全審計、現代技術等。 我們建議您在選擇 VPN 供應商之前先熟悉此清單,並進行自己的研究,盡可能地確保您選擇的 VPN 供應商值得信賴。
### Trust
You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled.
**Minimum to Qualify:**
### 技術
- Public-facing leadership or ownership.
我們要求所有推薦的 VPN 服務商有提供 OpenVPN 配置檔案,以便用在任何客戶端。 **如果** VPN 提供自定用戶端,則要求有 killswitch 來阻止未連接 VPN 時網路資料遭洩漏。
**Best Case:**
**最低合格要求:**
- Public-facing leadership.
- Frequent transparency reports.
- 支援強固的協議,如 WireGuard & OpenVPN。
- 客戶端內建 Killswitch。
- Multihop支持。 萬一單個節點受損,多跳方式就非常重要,才能保持數據的私密性。
- 如果提供 VPN 用戶端,它們應該為 [開源](https://en.wikipedia.org/wiki/Open_source),就如同所內置的 VPN 軟體。 我們相信, 可取得的[源代碼](https://en.wikipedia.org/wiki/Source_code) 可為用戶設備實際運作提供更高的透明度。
### Marketing
**最佳案例:**
With the VPN providers we recommend we like to see responsible marketing.
- 支持 WireGuard 和 OpenVPN。
- Killswitch 具高度可配置選項(啟用/禁用某些網路、開機時啟閉等上)
- 易於使用的 VPN 客戶端
- 支援 [IPv6](https://en.wikipedia.org/wiki/IPv6)協議 我們預期伺服器將允許透過 IPv6 傳入連線並允許您存取託管在IPv6 位址上的服務。
- [遠端端口轉發](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) 的功能可協助在使用P2P [對等](https://en.wikipedia.org/wiki/Peer-to-peer)檔案共享軟體或自建伺服器例如Mumble )時建立連接。
**Minimum to Qualify:**
- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out.
Must not have any marketing which is irresponsible:
### 隱私
- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.:
- Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.)
- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes.
- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor.
我們希望所推薦的提供商盡可能減少客戶資料收集。 不收集註冊時的個人資訊,並接受匿名形式的付款是必需的。
**Best Case:**
**最低合格要求:**
Responsible marketing that is both educational and useful to the consumer could include:
- [匿名加密貨幣](cryptocurrency.md) **或** 現金支付選項。
- 註冊時無需個人資料:最多只需提供使用者名稱、密碼和電子郵件。
- An accurate comparison to when [Tor](tor.md) should be used instead.
- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion)
**最佳案例:**
### Additional Functionality
- 接受多種 [匿名付款方式](advanced/payments.md)。
- 無需任何個人資訊(自動生成的用戶名稱、不要求電子郵件等)。
While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc.
### 安全
若 VPN 不能提供足夠安全性,它就毫無意義。 我們要求所有推薦的供應商遵守其 OpenVPN 連接的現行安全標準。 理想中,預設他們會使用更多面向未來的加密方案。 我們要求有獨立的第三方來審核供應商的安全性,理想情況下是每年都能進行全方方面審計。
**最低合格要求:**
- 強固加密方案:具有 SHA-256 驗證的 OpenVPN; RSA-2048 或更好的握手; AES-256-GCM 或 AES-256-CBC 數據加密。
- 完全前向保密 (PFS)
- 公佈信譽良好第三方公司的安全審計。
**最佳案例:**
- 最強加密: RSA-4096。
- 完全前向保密 (PFS)
- 由信譽良好的第三方公司執行公佈的全面安全審計。
- 漏洞獎勵計劃和/或協調漏洞披露過程。
### 信任
您不會把財務資料交給身份作假的人,又怎會信任他們來處置您的網路資料? 我們要求推薦的供應商公開其所有權或領導層級狀況。 我們也希望看到頻繁的透明度報告,特別是關於如何處理政府要求的報告。
**最低合格要求:**
- 面向公眾的領導或所有權。
**最佳案例:**
- 面向公眾的領導
- 頻繁的透明度報告。
### 行銷
對於所推薦的 VPN 服務商,我們樂見更負責任的營銷。
**最低合格要求:**
- 必須自行託管分析工具(例如不用 Google Analytics )。 供應商的網站還必須符合 [DNT請勿追蹤](https://en.wikipedia.org/wiki/Do_Not_Track) 的要求。
不得有任何不負責任的行銷:
- 保證 100% 匿名性保護。 當有人聲稱某件事是100% 時,這意味他對失敗也無從確定。 我們知道有許多方式可以輕易地去匿名化,例如:
- 重複未用匿名軟體( Tor 、VPN等情況下所留的個人資料例如電子郵件帳戶、獨特的假名等
- [瀏覽器指紋](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)
- 聲稱單一迴路中 VPN 比 Tor “更匿名” Tor 是由三個或更多個跳組成經常變化的迴路。
- 使用負責任的語言也就是說可以說VPN “已斷開”或“未連接” ,但是聲稱某人“暴露” “易受攻擊”或“受損”是不必要的使用可能不正確的警告語言。 例如此人可能只是使用其他VPN提供商的服務或使用Tor。
**最佳案例:**
負責任的行銷,既具教育意義又對消費者實用,可能包括:
- 與何時應使用 [Tor](tor.md) 的準確比較。
- VPN 服務商網站可否透過 [.onion服務](https://en.wikipedia.org/wiki/.onion)訪問。
### 附加功能
雖不是嚴格要求,在決定推薦哪些服務商時我們還會考慮其他一些便利或隱私因素。 其中包括i廣告/跟蹤阻擋功能、warrant canaries、多跳連接、出色的客戶支持、允許同時連接的數量等。