diff --git a/docs/dns.md b/docs/dns.md index bdb7139c7..9e8495ea8 100644 --- a/docs/dns.md +++ b/docs/dns.md @@ -1,5 +1,5 @@ --- -title: "DNS Resolvers" +title: DNS Resolvers icon: material/dns description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration. cover: dns.webp @@ -10,7 +10,7 @@ global: - [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } -Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. +Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. [Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button } @@ -54,52 +54,9 @@ These are our favorite public DNS resolvers based on their privacy and security Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy) -## Self-Hosted DNS Filtering - -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. - -### Pi-hole - -
- -![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } - -**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. - -Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. - -[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary } -[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } -[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } - - - -
- -### AdGuard Home - -
- -![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } - -**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements. - -AdGuard Home features a polished web interface to view insights and manage blocked content. - -[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } -[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } -[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } - - - -
- ## Cloud-Based DNS Filtering -These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration). +These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs. These services can be used easily across multiple networks. ### Control D @@ -107,7 +64,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the ![Control D logo](assets/img/dns/control-d.svg){ align=right } -**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free. +**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. + +In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free. [:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" } @@ -134,7 +93,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the ![NextDNS logo](assets/img/dns/nextdns.svg){ align=right } -**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use. +**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. + +They offer a fully functional free plan for limited use. [:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary } [:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" } diff --git a/docs/passwords.md b/docs/passwords.md index 36010e0e9..322dee858 100644 --- a/docs/passwords.md +++ b/docs/passwords.md @@ -1,6 +1,6 @@ --- meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides" -title: "Password Managers" +title: Password Managers icon: material/form-textbox-password description: Password managers allow you to securely store and manage passwords and other credentials. cover: passwords.webp @@ -176,17 +176,10 @@ These password managers sync your passwords to a cloud server for easy accessibi Bitwarden uses [PBKDF2](https://bitwarden.com/help/kdf-algorithms/#pbkdf2) as its key derivation function (KDF) algorithm by default. It also offers [Argon2](https://bitwarden.com/help/kdf-algorithms/#argon2id), which is more secure, as an alternative. You can change your account's KDF algorithm in the web vault: -- [x] Select **Settings > Security > Keys > KDF algorithm > Argon2id** +- [x] Select **Settings → Security → Keys → KDF algorithm → Argon2id** Bitwarden's server-side code is [open source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. -**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy official service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. - -[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden){ .md-button } -[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" } -[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } -[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" } - ### Proton Pass
diff --git a/docs/self-hosting/dns-filtering.md b/docs/self-hosting/dns-filtering.md new file mode 100644 index 000000000..40591e80b --- /dev/null +++ b/docs/self-hosting/dns-filtering.md @@ -0,0 +1,48 @@ +--- +title: DNS Filtering +meta_title: "Self-Hosting DNS Solutions - Privacy Guides" +icon: material/dns +description: For our more technical readers, self-hosting a DNS solution can provide filtering for devices not covered by cloud-based DNS solutions. +cover: dns.webp +--- +Protects against the following threat(s): + +- [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } +- [:material-account-cash: Surveillance Capitalism](../basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown } + +**Self-hosting DNS** is useful for providing [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) on controlled platforms, such as smart TVs and other IoT devices, as no client-side software is needed. Keep in mind that the DNS solutions below are typically restricted to your home or local network unless you set up a more advanced configuration. + +## DNS Sinkholes + +[**DNS sinkholes**](https://en.wikipedia.org/wiki/DNS_sinkhole) use DNS filtering to block unwanted web content such as advertisements. + +### Pi-Hole + +
+ +![Pi-hole logo](../assets/img/self-hosting/pi-hole.svg){ align=right } + +**Pi-hole** is an open-source DNS sinkhole which features a friendly web interface to view insights and manage blocked content. Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. + +[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary } +[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } +[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="Contribute" } + +
+ +### AdGuard Home + +
+ +![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ align=right } + +**AdGuard Home** is an open-source DNS sinkhole which features a polished web interface to view insights and manage blocked content. + +[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } +[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } +[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } + +
diff --git a/docs/self-hosting/email-servers.md b/docs/self-hosting/email-servers.md index 7cf55f78d..4830d37b5 100644 --- a/docs/self-hosting/email-servers.md +++ b/docs/self-hosting/email-servers.md @@ -1,6 +1,6 @@ --- title: Email Servers -meta_title: "Self-Hosted Email - Privacy Guides" +meta_title: "Self-Hosting Email - Privacy Guides" icon: material/email description: For our more technical readers, self-hosting your own email can provide additional privacy assurances by having maximum control over your data. cover: email.webp @@ -9,7 +9,7 @@ cover: email.webp - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach: +Advanced system administrators may consider setting up their own **email server**. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. In addition to the "all-in-one" solutions below, we've picked out a few articles that cover a more manual approach: - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd) (2019) - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide) (August 2017) diff --git a/docs/self-hosting/index.md b/docs/self-hosting/index.md index 7874dc23b..6cc3a0833 100644 --- a/docs/self-hosting/index.md +++ b/docs/self-hosting/index.md @@ -1,14 +1,14 @@ --- title: Self-Hosting -meta_title: "Self-Hosted Software and Services - Privacy Guides" -description: For our more technical readers, self-hosted software and services can provide additional privacy assurances since you have maximum control over your data. +meta_title: "Self-Hosting Software and Services - Privacy Guides" +description: For our more technical readers, self-hosting software and services can provide additional privacy assurances since you have maximum control over your data. cover: router.webp --- Protects against the following threat(s): - [:material-server-network: Service Providers](../basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Using **self-hosted software and services** can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware. +**Self-hosting** software and services can be a way to achieve a higher level of privacy through digital sovereignty, particularly independence from cloud servers controlled by product developers or vendors. By self-hosting, we mean hosting applications and data on your own hardware. Self-hosting your own solutions requires advanced technical knowledge and a deep understanding of the associated risks. By becoming the host for yourself and possibly others, you take on responsibilities you might not otherwise have. Self-hosting privacy software improperly can leave you worse off than using e.g. an end-to-end encrypted service provider, so it is best avoided if you are not already comfortable doing so. @@ -24,6 +24,35 @@ Self-hosting your own solutions requires advanced technical knowledge and a deep [Learn more :material-arrow-right-drop-circle:](email-servers.md) +## :material-dns: DNS Filtering + +
+ +- ![AdGuard Home logo](../assets/img/self-hosting/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns-filtering.md#adguard-home) +- ![Pi-Hole logo](../assets/img/self-hosting/pi-hole.svg){ .twemoji loading=lazy } [Pi-Hole](dns-filtering.md#pi-hole) + +
+ +[Learn more :material-arrow-right-drop-circle:](dns-filtering.md) + +## :material-form-textbox-password: Password Management + +### Vaultwarden + +
+ +![Vaultwarden logo](../assets/img/self-hosting/vaultwarden.svg#only-light){ align=right } +![Vaultwarden logo](../assets/img/self-hosting/vaultwarden-dark.svg#only-dark){ align=right } + +**Vaultwarden** is an alternative implementation of [Bitwarden](../passwords.md#bitwarden)'s sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the resource-heavy, [official service](https://github.com/bitwarden/server) might not be ideal. + +[:octicons-repo-16: Repository](https://github.com/dani-garcia/vaultwarden#readme){ .md-button .md-button--primary } +[:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title="Documentation" } +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title="Contribute" } + +
+ ## :material-account-supervisor-circle-outline: Social Networks Self-hosting your own instance of a social network software can help circumvent potential [censorship on a server level](../social-networks.md#censorship-resistance) by a public server's administrator or admin team. diff --git a/docs/tools.md b/docs/tools.md index 12c83c322..a8b9671c1 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -299,17 +299,6 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) -#### Self-hosted Solutions - -
- -- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji loading=lazy } [AdGuard Home](dns.md#adguard-home) -- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji loading=lazy } [Pi-hole](dns.md#pi-hole) - -
- -[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-dns-filtering) - ### Financial Services #### Payment Masking Services diff --git a/mkdocs.yml b/mkdocs.yml index 28114f4f0..873a6ce3c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -396,6 +396,7 @@ nav: - !ENV [NAV_SELF_HOSTING, "Self-Hosting"]: - "self-hosting/index.md" - "self-hosting/email-servers.md" + - "self-hosting/dns-filtering.md" - !ENV [NAV_INTERNET_BROWSING, "Internet Browsing"]: - "tor.md" - "desktop-browsers.md" diff --git a/theme/assets/img/dns/adguard-home.svg b/theme/assets/img/self-hosting/adguard-home.svg similarity index 97% rename from theme/assets/img/dns/adguard-home.svg rename to theme/assets/img/self-hosting/adguard-home.svg index 7ce0dc9e1..3e57fc9ab 100644 --- a/theme/assets/img/dns/adguard-home.svg +++ b/theme/assets/img/self-hosting/adguard-home.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/theme/assets/img/dns/pi-hole.svg b/theme/assets/img/self-hosting/pi-hole.svg similarity index 98% rename from theme/assets/img/dns/pi-hole.svg rename to theme/assets/img/self-hosting/pi-hole.svg index 6424454cf..1a1d3069e 100644 --- a/theme/assets/img/dns/pi-hole.svg +++ b/theme/assets/img/self-hosting/pi-hole.svg @@ -1 +1 @@ - \ No newline at end of file + diff --git a/theme/assets/img/self-hosting/vaultwarden-dark.svg b/theme/assets/img/self-hosting/vaultwarden-dark.svg new file mode 100644 index 000000000..c6253a6d9 --- /dev/null +++ b/theme/assets/img/self-hosting/vaultwarden-dark.svg @@ -0,0 +1,2 @@ + + diff --git a/theme/assets/img/self-hosting/vaultwarden.svg b/theme/assets/img/self-hosting/vaultwarden.svg new file mode 100644 index 000000000..a84ae4145 --- /dev/null +++ b/theme/assets/img/self-hosting/vaultwarden.svg @@ -0,0 +1,2 @@ + +